^tosrx
* g% *
i®o!
V PRO^&
-------�
Report Contributors: Catherine Allen
Heriberto Ibarra
Chikara Mbah
Michael Petscavage
Khadija Walker
Abbreviations
CICA
Competition in Contracting Act
CIO
Chief Information Officer
CO
Contracting Officer
EPA
U.S. Environmental Protection Agency
EPAAG
EPA Acquisition Guide
FAR
Federal Acquisition Regulation
FITARA
Federal Information Technology Acquisition Reform Act
IT
Information Technology
OAS
Office of Acquisition Solutions
OCFO
Office of the Chief Financial Officer
OIG
Office of Inspector General
OMS
Office of Mission Support
OTS
Office of Technology Solutions
Pub. L.
Public Law
U.S.C.
United States Code
Cover Image: The EPA spent $52.5 million in taxpayer dollars without the proper approvals
required under the Federal Information Technology Acquisition Reform Act
and purchased $641,680 of equipment under an expiring contract.
(EPA OIG image)
Are you aware of fraud, waste, or abuse in an
EPA program?
EPA Inspector General Hotline
1200 Pennsylvania Avenue, NW(2431T)
Washington, D.C. 20460
(888) 546-8740
(202) 566-2599 (fax)
OIG Hotline@epa.gov
Learn more about our OIG Hotline.
EPA Office of Inspector General
1200 Pennsylvania Avenue, NW (2410T)
Washington, D.C. 20460
(202) 566-2391
www.epa.gov/oiq
Subscribe to our Email Updates
Follow us on Twitter @EPAoig
Send us your Project Suggestions
-------�
tfED STA/.
U.S. Environmental Protection Agency 21-P-0094
March 10, 2021
• UiOi 11 I V 11 Ul 11 I ICr I I Id I I I UICUII
AA \ Office of Inspector General
At a Glance
Why We Did This Audit
The U.S. Environmental
Protection Agency's Office of
Inspector General conducted
this audit in response to a
hotline complaint regarding
contract and bidding
irregularities with three major
information technology
contracts. The purpose of this
audit was to determine
whether (1) equipment
purchased under EPA contract
EP-W-07-024 was properly
purchased under the contract
and transferred to current
contracts in accordance with
Federal Acquisition Regulation
requirements and (2) EPA
contracts EP-W-18-007 and
EP-W-18-008 were properly
awarded in accordance with
Federal Acquisition Regulation
competition requirements.
The Office of the Chief
Financial Officer plans, sets
standards, and develops and
deploys financial and
resources management
systems. The Office of Mission
Support plans, awards, and
administers contracts.
This audit addresses the
following:
• Operating efficiently and
effectively.
• Compliance with the law.
This audit addresses a top
EPA management challenge:
• Complying with key internal
control requirements (policies
and procedures).
Address inquiries to our public
affairs office at (202) 566-2391 or
OIG WEBCOMMENTS@epa.gov.
EPA Improperly Awarded and Managed Information
Technology Contracts
What We Found
In violation of Federal Acquisition Regulation
requirements and contract clauses, the EPA
purchased 23 pieces of hardware and software
equipment under an expiring information
technology contract awarded to CGI Federal. This
purchase was outside the scope of the contract
and was ultimately never used for that contract.
The EPA then improperly solicited bids for one of
two subsequent contracts and transferred the equipment to use on the new
contract. By approving the purchase, the EPA improperly spent $641,680 in
federal funds.
We also found that the EPA issued task orders under all three contracts
without approval from the chief information officer, which is required under the
Federal Information Technology Acquisition Reform Act. This resulted in the
EPA spending $52.5 million in taxpayer funds without proper approvals.
The Agency also mismanaged these contracts with respect to monitoring
property and licenses. For example, the EPA underreported and incorrectly
identified purchased equipment in the Agency's property reporting system
and did not record $1.18 million in software licenses in the Agency's asset
management system.
Recommendations and Planned Agency Corrective Actions
We make ten recommendations in this report, including that the chief financial
officer recover the $641,680 of unallowable equipment purchased under the
expired contract and document split-funding approvals. We also recommend
that the assistant administrator for Mission Support determine whether to
terminate the improperly awarded subsequent contract and rebid a new
contract, institute controls to prevent improper spending, and verify all
information technology contracts are approved by the chief information officer.
Further, we recommend that the assistant administrator for Mission Support
tighten control regarding compliance with the Federal Information Technology
Acquisition Reform Act.
The EPA agreed with all ten recommendations and provided acceptable
corrective action plans or completed corrective actions. The Agency
completed eight of our recommendations, and two recommendations are
resolved with corrective actions pending. We also revised our report where
appropriate based on technical comments provided by the Agency.
The Agency needs to
improve its oversight
of long-standing
contractors, like CGI
Federal, to improve
operations and be a
better steward of
taxpayer dollars.
List of OIG reports.
-------�
^EDSX
* JL \
I® J
UNITED STATES ENVIRONMENTAL PROTECTION AGENCY
WASHINGTON, D.C. 20460
THE INSPECTOR GENERAL
March 10, 2021
MEMORANDUM
SUBJECT: EPA Improperly Awarded and Managed Information Technology Contracts
Report No. 21-P-0094
FROM:
J
TO:
Donna Vizian, Acting Assistant Administrator
Office of Mission Support
David Bloom, Acting Chief Financial Officer
This is our report on the subject audit conducted by the Office of Inspector General of the
U.S. Environmental Protection Agency. The project number for this audit was OA&E-FY19-0035. This
report contains findings that describe the problems the OIG has identified and corrective actions the OIG
recommends. Final determinations on matters in this report will be made by EPA managers in accordance
with established audit resolution procedures.
The Office of Mission Support and the Office of the Chief Financial Officer are responsible for the issues
discussed in this report.
We issued ten recommendations in this report. The Office of Mission Support completed corrective
actions or provided acceptable planned corrective actions for seven recommendations, and the Office of
the Chief Financial Officer completed corrective actions for three recommendations. In accordance with
EPA Manual 2750, all recommendations are completed or resolved with corrective actions pending. No
further response is required. However, if you submit a response, it will be posted on the OIG's website,
along with our memorandum commenting on your response. Your response should be provided as an
Adobe PDF file that complies with the accessibility requirements of Section 508 of the Rehabilitation Act
of 1973, as amended. The final response should not contain data that you do not want to be released to the
public; if your response contains such data, you should identify the data for redaction or removal along
with corresponding justification.
We will post this report to our website at www.epa.gov/oig.
-------�
EPA Improperly Awarded and Managed
Information Technology Contracts
21-P-0094
Table of C
Chapters
1 Introduction 1
Purpose 1
Background 1
Responsible Offices 2
Scope and Methodology 3
Prior Audits 3
2 EPA Did Not Properly Purchase Equipment under EP-W-07-024 5
EPA Purchased Equipment Outside Contract Scope 5
CO Did Not Request Required Approvals for Equipment Purchase 7
OCFO Did Not Follow Approval Process for Split-Funded Purchases 7
EPA Lacks Internal Controls to Verify Documentation of Appropriate
Approvals for IT Equipment Purchases 8
Conclusion 9
Recommendations 9
Agency Response and OIG Assessment 10
3 EPA Improperly Awarded Contract EP-W-18-008 11
Federal Law Requires Full and Open Competition When Awarding
Government Contracts 11
EPA Asserted During Contract Solicitation It Would Not Provide Any
Equipment 11
Conclusion 13
Recommendation 13
Agency Response and OIG Assessment 13
4 EPA Did Not Obtain Required FITARA Approval for Task Orders
and Contracts 14
Federal Law and EPA Policy Require Approvals for IT Contracts
and Acquisitions 14
Task Orders Awarded Wthout FITARA Approval 15
Contracts Awarded Without FITARA Approval 16
Conclusion 16
Recommendations 17
Agency Response and OIG Assessment 17
--continued--
-------�
EPA Improperly Awarded and Managed
Information Technology Contracts
21-P-0094
5 EPA Did Not Monitor and Report Equipment as Required 18
EPA Is Required to Account for Government-Furnished Property 18
EPA and CGI Federal Did Not Report and Account for Government
Property Appropriately 19
Purchased Software Licenses Not Inventoried 20
Conclusion 21
Recommendations 22
Agency Response and OIG Assessment 22
Status of Recommendations and Potential Monetary Benefits 23
Appendices
A Timeline of Events 24
B EP-W-07-024 Modifications Issued Without FITARA Approval 26
C Agency Response to Draft Report 27
D Distribution 41
-------�
Chapter 1
Introduction
Purpose
In August 2018, the
U.S. Environmental
Protection Agency's Office
of Inspector General
received a hotline
complaint regarding
contract and bidding
irregularities with three
information technology
contracts that were awarded to CGI Federal. We audited the initial contract and
two subsequent contracts to determine whether:
1. Equipment purchased under EPA contract EP-W-07-024 was properly
purchased under the contract and transferred to current contracts in
accordance with Federal Acquisition Regulation requirements.
2. EPA contracts EP-W-18-007 and EP-W-18-008 were properly awarded in
accordance with Federal Acquisition Regulation competition
requirements.
Background
CGI Federal, an IT software company, created Compass, a web-based application
that the EPA uses as its financial system. Compass handles core budget execution,
accounting functions and processes transactions for the Agency. Compass also
posts updates to ledgers and tables as transactions are processed and generates
source data for the preparation of Agency financial statements and budgetary
reports. CGI Federal staff and contractors manage Compass at CGI Federal's data
center in Phoenix, Arizona.
In 2007, the Office of the Chief Financial Officer, known as the OCFO, began a
financial system modernization project to improve the EPA's ability to perform
core financial management functions and to increase the integration between the
EPA's financial systems. As part of this project to modernize and increase
systems integration, the EPA awarded a ten-year, $83-million time-and-materials
service contract, EP-W-07-024, to CGI Federal on February 12, 2007. The
contract scope included providing access to and support for all components of
Compass—hosting, licensing, operations, maintenance, and related support
Top Management Challenge
This audit addresses the following top management
challenge for the Agency, as identified in OIG Report
No. 20-N-0231, EPA's FYs 2020-2021 Top Management
Challenges, issued July 21, 2020:
• Complying with key internal control requirements
(policies and procedures).
21-P-0094
1
-------�
services. In 2017, the EPA extended the contract by one year because the Agency
delayed the selection process for the subsequent contracts needed to continue the
project. Therefore, by the end of this contract, the total cost was almost
$100 million over an 11-year period.
The Agency started the bidding process for the subsequent contract in 2015. The
Agency decided to separate the follow-on procurement into two separate
contracts. The EPA awarded the first contract, EP-W-18-007, to CGI Federal on
December 31, 2017. This was a sole-source award—meaning without full and
open competition—for licensing, operations, maintenance, and related support
services for Compass for seven years with the maximum potential value of
$28.5 million. The EPA awarded the second contract, EP-W-18-008, to CGI
Federal on January 1, 2018. This was a competed award for hosting and support
services, covering the same seven years as EP-W-18-007. This contract's
maximum potential cost was $18.0 million. Below are the expenditures for each
contract as of October 6, 2020 (Table 1).
Table 1: CGI Federal contract costs
Description
Initial contract
Split follow-on contracts
Contract Number
EP-W-07-024
EP-W-18-007
EP-W-18-008
Time period
2007-2018
2018-2024
2018-2024
Original contract
$83,108,405.36
$28,542,224.65
$18,045,376.16
Cost
$99,947,185.82
$14,530,815.51
$6,566,805.51
Source: OIG analysis. (EPA OIG table)
Responsible Offices
The OCFO manages the EPA's annual budget and provides financial services for
the EPA. Within the OCFO, the Office of Technology Solutions, known as the
OTS, is responsible for IT planning, development, and deployment of financial
and resource management systems for the EPA. This includes technology
investment planning, budgeting, and resource allocation for financial systems and
policies to support the EPA's environmental mission.
In 2019, the EPA combined the Office of Administration and Resources
Management and the Office of Environmental Information to form the Office of
Mission Support, known as the OMS. Within the OMS, the Office of Acquisition
Solutions, known as the OAS, is responsible for planning, awarding, and
administering contracts for the EPA, which includes issuing and interpreting
acquisition regulations, administering training for contracting and program
acquisition personnel, providing advice and oversight to regional procurement
offices, and providing IT improvements for acquisition.
21-P-0094
2
-------�
Scope and Methodology
We conducted this performance audit from November 2018 to July 2020 in
accordance with generally accepted government auditing standards issued by the
comptroller general of the United States. Those standards require that we plan and
perform the audit to obtain sufficient, appropriate evidence to provide a
reasonable basis for our findings and conclusions based on our audit objectives.
We believe that the evidence obtained provides a reasonable basis for our findings
and conclusions based on our audit objectives.
To answer the audit objective related to contract EP-W-07-024, we reviewed OAS
contracts, modifications, correspondence, and Performance of Work Statements.
We compared the purchasing process for the equipment with the procedures
described in the EPA Personal Property Manual, dated June 2017. We
interviewed contracting officers and representatives, as well as OTS management
and staff. We reviewed inventory records of equipment purchased under the
contract. We also visited the CGI Federal data center in Phoenix to interview the
company's staff and observe EPA equipment at the data center.
To answer the audit objective related to contracts EP-W-18-007 and
EP-W-18-008, we reviewed federal contract laws and regulations and related EPA
policies and procedures. We also reviewed solicitations, bids, proposals, contract
awards, modifications, and expenditures.
Prior Audits
In OIG Report No. 13-P-0220. Review of Hotline Complaint on EPA's Pre-Award
Activities for Multiple Award Contracts at the National Computer Center, issued
April 15, 2013, the OIG determined that the EPA could improve communications
with vendors during preaward activities. The OIG found instances where there
were opportunities to improve communication with vendors that could help thwart
misunderstandings and confusion related to the federal acquisition process. The
EPA agreed with our recommendation and developed a written vendor protocol to
be used during preaward activities.
In OIG Report No. 17-P-0380. EPA 's Alternative Dispute Resolution and Public
Involvement Contract Needs Better Management, issued September 12, 2017, the
OIG determined that the contract terms for EP-W-14-020 did not comply with
federal and EPA regulations and found some contract deliverables did not comply
with contract requirements. Specifically, several contract terms were outdated,
contradictory, or incomplete. In addition, contract-required clauses, reports, and
invoices were missing required contract information. The OIG also found that
contract management did not comply with requirements. For example, the CO did
not perform invoice reviews in a timely manner as required by EPA guidance.
The EPA agreed with our recommendations and revised the contract's terms,
21-P-0094
3
-------�
deliverables, management, oversight, and internal controls. According to the
Agency, it implemented all corrective actions.
In OIG Report No. 18-P-0038. Improved Acquisition Planning Will Help EPA
Reduce Hundreds of Millions of Dollars in High-Risk Contracts, issued
November 15, 2017, we found that the EPA's use of high-risk contracts could be
reduced if the Agency implemented additional internal controls to strengthen and
improve its acquisition planning process. The report also found that the EPA
allowed sole-source contracts even when there was adequate time to plan and
conduct a competitive award process. The EPA agreed with our
recommendations. According to the Agency, it implemented all corrective actions
and updated policies to reduce the award of high-risk contracts.
21-P-0094
4
-------�
Chapter 2
EPA Did Not Properly Purchase Equipment under
EP-W-07-024
An EPA CO authorized purchasing $641,680 worth of equipment under contract
EP-W-07-024, awarded to CGI Federal, two days before the contract closed. The
EPA purchased the equipment outside of the scope of the contract, without proper
IT approvals, and never used it for work on this contract. Instead, the EPA
transferred the equipment to a new contract, EP-W-18-008, also awarded to CGI
Federal, that originally did not allow for government-furnished property. The CO
misunderstood the clause in the expiring contract and said that she purchased the
equipment because the contract clause for the expiring contract allowed. The CO
failed to adhere to the Federal Acquisition Regulation, known as FAR, provisions
that the contract costs are allocable to the contract and failed to adhere to the
contract equipment purchase clauses in EP-W-07-024. By purchasing this
equipment, the EPA improperly spent $641,680 in federal funds.
EPA Purchased Equipment Outside Contract Scope
COs are bound by purchase regulations outlined in FAR 31.201-4, which states
that a cost is allocable to a contract if it is incurred specifically for the contract.
FAR 1.602-2 states that "contracting officers are responsible for.. .ensuring
compliance with the terms of the contract and safeguarding the interests of the
United States in its contractual relationships."
In April 2018, a CO authorized the purchase of $641,680 of equipment under
EP-W-07-024. The CO authorized this purchase two days before the contract
expired. The CO and the CO's management justified the equipment purchase
because the "contract contemplated the purchase under the scope and government-
furnished property clauses" of the contract, which states:
The Government will provide the following item(s) of Government
property to the contractor for use in the performance of this
contract. (Emphasis added.)
The CO purchased the equipment at the end of the EP-W-07-024 contract
performance period and ultimately used the equipment for another contract, not
for EP-W-07-024, as required by the contract clause above. Further, while the
above clause allowed for the possibility of the EPA providing the contractor with
government equipment for use during the contract, the clause was never amended
to specifically list what government-furnished property the EPA would provide
for use during the performance period of the contract, as required.
21-P-0094
5
-------�
The OCFO requested an emergency action in the EPA's contract system to
purchase and transfer the equipment. We found that the OCFO fully intended to
use the equipment purchased under EP-W-07-024 on the new contract. The CO
and OCFO management stated that they used an emergency action because the
EPA's contract system was unavailable to make modifications to the new
contract, so they modified the expiring contract. In an April 17, 2018 email
requesting the equipment, the CO stated:
OCFO is requesting this new task be procured as an emergency
action under the old contract to purchase equipment that will be
transitioned to the hosting [008] contract.
The Agency cannot use emergency actions to circumvent contract clauses and the
FAR. The contract clause on the expiring contract specifically stated that
equipment must be used for the contract under which it was provided, and there
was no authorized equipment listed under this clause.
As shown in Figure 1, in September 2018, five months after the expiring contract
ended, the CO transferred the equipment from EP-W-07-024 to EP-W-18-008
(Appendix A). Although the original terms of EP-W-18-008 did not provide for
government-furnished property, EP-W-18-008 was subsequently modified to
allow for government-furnished property.
21-P-0094
6
-------�
Figure 1: Contract award and equipment purchase timeline during fiscal year 2018
•Contract EP-W-18-008 awarded.
•Equipment ordered under contract EP-W-07-024 as an emergency action.
•Contract EP-W-07-024 period of performance ended.
•Final delivery of equipment ordered under contract EP-W-07-024.
EPA final payment for $641,680 equipment purchased for EP-W-07-024.
•Equipment transferred from contract EP-W-07-024 to EP-W-18-008.
Source: OIG analysis. (EPA OIG image)
CO Did Not Request Required Approvals for Equipment Purchase
The National Defense Authorization Act for Fiscal Year 2015, which includes
Subtitle D—Federal Information Technology Acquisition Reform Act, gives the
chief information officer approval authority over IT purchases. Enacted on
December 19, 2014, FITARA states that federal agencies may not enter into a
contract or other agreement for IT or IT services unless the Agency's CIO
reviews and approves the contract or agreement. FITARA further provides that
agency CIOs should assist the Office of Management and Budget in identifying
duplication and waste and identifying cost savings with respect to IT acquisition.
In this case, the EPA's CIO was unaware of the CO's purchase of the equipment,
so the CIO did not have the opportunity to review inventory for spares, duplicates,
and compatible equipment.
21-P-0094
7
-------�
The CO did not request or receive CIO approval for the equipment purchase. The
CO told us that the CIO was not required to give FITARA approval for the
purchase of the equipment because EP-W-07-024 was awarded before FITARA's
effective date. FITARA, however, applies to any contract agreement (including
task order modifications) signed after April 2016. While EPA awarded the
contract in 2007, the Agency purchased the equipment in August 2018; therefore,
FITARA approvals were required. We discuss the impacts of FITARA on this
contract and the follow-on contracts in Chapter 4.
OCFO Did Not Follow Approval Process for Split-Funded Purchases
The OCFO Resource Management Directives System 2520, EPA Financial
Resources and Operating Guide Administrative Control of Appropriated and
Other Funds, dated December 2015, states that the OCFO should approve
allocation methods when more than one appropriation is used as a funding source
on a procurement. This directive states that the OCFO should approve the
allocation rational before the Agency awards the contract or task order. The
directive also says that the OCFO must approve the CO's rationale for allocating
costs among appropriations so that voucher payments can be processed
accurately. The COs must send the split-funding documentation rationale to
OCFO management for approval and maintain the documentation in the overall
contract file.
When purchasing the $641,680 in equipment for EP-W-07-024, the CO used a
different appropriation than the one used for the remainder of the contract. We
requested the written rationale along with the OCFO approval for the split-funded
purchase of the equipment for CGI Federal, but the CO could not locate the
documents. We then contacted the OCFO and requested its split-funding approval
of the equipment from CGI Federal under EP-W-07-024; OCFO management was
unable to produce that document as well.
EPA Lacks Internal Controls to Verify Documentation of Appropriate
Approvals for IT Equipment Purchases
The U.S. Government Accountability Office sets internal control standards for
federal entities in GAO-14-704G, Standards for Internal Control in the Federal
Government (also known as the "Green Book"), issued September 10, 2014. An
entity uses the Green Book to design, implement, and operate internal controls to
achieve its objectives related to operations, reporting, and compliance. The Office
of Management and Budget Circular No. A-123, Management's Responsibility for
Enterprise Risk Management and Internal Control, requires federal managers to
implement the Green Book's internal control standards.
The OAS and the OCFO lacked internal controls to verify documentation of
appropriate approvals for IT purchases, which are essential for reducing errors or
fraud. The OCFO Resource Management Directive System 2520 states that the
21-P-0094
8
-------�
chief financial officer must approve using funds on split funding purchases. While
Agency staff indicated that the chief financial officer approved the purchase, the
OCFO said the approval document was misplaced after the approval went
through. Without the required approval documentation, the EPA cannot support
its decision to spend $641,680 in equipment—the Agency could have put those
funds to better use.
During our audit, the OCFO acknowledged that it needs to strengthen internal
controls for maintaining required approvals and related documentation. In July
2019, after the OCFO's own review of 28 contract files found that all files had
approval documents missing, the OCFO sent a policy reminder to Agency
contract and program staff to properly maintain approval documents.
Conclusion
Internal controls over the contract funding operations are essential to the
confidentiality, integrity, and availability of critical data while reducing the risk of
errors, fraud, and other illegal acts. The OAS and the OCFO lack internal controls
to monitor and maintain approval documents. By not following the required
approval process, the EPA improperly spent $641,680 in federal funds.
The Agency needs to improve controls over equipment purchases to prevent the
errors we identified during our audit and provide reasonable assurance that the
Agency spends taxpayer dollars in accordance with federal regulations and puts
them to the best use.
Recommendations
We recommend that the assistant administrator for Mission Support:
1. Reinforce Federal Acquisition Regulation and contract clause
requirements, via policy updates and training, with contract management
and staff.
2. Reinforce internal controls in the EPA Acquisition System to prevent
future spending on information technology without the proper Federal
Information Technology Acquisition Reform Act approval.
We recommend that the chief financial officer:
3. Reinforce current EPA policy to require management to document
authorization of split-funding approvals.
4. Recover the $641,680 of unallowable equipment purchased.
21-P-0094
9
-------�
Agency Response and OIG Assessment
The Agency agreed with our recommendations and took the following actions:
• For Recommendation 1, the OMS established acquisition training courses
and issued flash notices, which are short policy reminders sent through
email, highlighting the importance of following FITARA.
• For Recommendation 2, the OMS tightened controls in the EPA
Acquisition System to include FITARA approval.
• For Recommendation 3, the OCFO updated Resource Management
Directive System 2520-04 to enhance financial and record management
for multiple appropriation funding approvals and provided several Agency
notifications and training opportunities.
• For Recommendation 4, the OMS moved the $641,680 of equipment to
the EPA's National Computer Center. Most of the equipment is not in use
but will be made available for other EPA programs.
We verified that the Agency completed the four recommendations. The Agency's
full response to the draft report is in Appendix C.
21-P-0094
10
-------�
Chapter 3
EPA Improperly Awarded Contract EP-W-18-008
The EPA provided government-furnished equipment for EP-W-18-008, even
though the EPA did not disclose that it would provide equipment in the contract
solicitation. Federal law requires that agencies use a full and open competition
process when procuring property or services. FAR 45.201(a) requires agencies to
include anticipated government-furnished property in the solicitation. The EPA
contracting staff stated that, during the solicitation phase, the Agency did not
initially anticipate the need for equipment and did not include a provision for
government-furnished equipment in the solicitation. Ultimately, the EPA's choice
to provide equipment for EP-W-18-008 may have led to an unfair competition
practice.
Federal Law Requires Full and Open Competition When Awarding
Government Contracts
The Competition in Contracting Act, 41 U.S.C. § 3301, and FAR 6.101 require
that agencies ensure full and open competition when awarding contracts. EPA
Acquisition Regulation 37.102 also provides that service contracts are to be
obtained "without barriers to full and open competition." The EPA writes contract
statements of work with clear requirements to facilitate maximum competition. If
the EPA determines that it gave any contractor a competitive advantage, the
Agency may choose to rebid the contract to deter future misconduct by those who
are involved in the award, performance, and administration of government
contracts.
The Agency should not use contract modifications to avoid CICA's full and open
competition requirement. The FAR broadly permits an agency to terminate a
contract for convenience, which would allow an agency to rebid the contract to
achieve the full and open competition objectives of CICA and the FAR.
EPA Asserted During Contract Solicitation It Would Not Provide Any
Equipment
FAR 45.201(a) requires agencies to list the government-furnished property to be
offered in the solicitation, if applicable. EP-W-18-008's Performance of Work
Statement in the solicitation did not include government-furnished equipment.
During the solicitation, bidders asked if the EPA would provide equipment for the
contract and the Agency answered that it would not provide equipment, other than
software licenses. Table 2 lists several of the questions that bidders asked
regarding EP-W-18-008.
21-P-0094
11
-------�
Table 2: Hardware, software, and license questions from January 2017 regarding
EP-W-18-008
Bidder question
OAS answer
1
Based on the [Performance of Work Statements], it's
unclear the software that shall be provided by the
contractor as part of hosting and operations.
The government
will only provide
momentum
licensing.
2
Will the government provide a list of [government-
furnished equipment] hardware and software and a bill of
materials for the existing environment that will be
transitioned by either the incumbent or by EPA?
[The] government
does not provide
any other hardware
or software other
than Momentum
licenses.
3
Wll the EPA provide requisite licensing for the suite of
applications and Oracle databases to be hosted by the
offeror, or is the offeror required to provide all product
licenses?
This is not
[government-
furnished
equipment].
4
Can the government provide the quantity of each software
component required for each software product listed in the
Compass Software Versions.xls to aid in developing a
cost-effective hosting solution that meets the requirements
of the solicitation?
[The] government
does not provide
any other hardware
or software other
than momentum
licenses.
5
Can the government provide the quantity and versions of
Oracle licenses required to support the Compass Hosting?
The government previously stated that Oracle 11 g and
12c are being used, but the software the government is
providing only lists Oracle 12c.
The government
does not provide
any other hardware
or software other
than momentum
licenses.
Source: OIG analysis. (EPA OIG table)
While the OTS said that the bidders had to buy all the equipment for the contract,
the Agency nonetheless provided the equipment for CGI Federal after it won the
contract.
In March 2018, two months after the Agency awarded EP-W-18-008, the EPA
determined that the contract needed equipment. At the direction of the OTS, the
CO requested that CGI Federal provide a justification for acquiring the equipment
under the new contract. The EPA had to justify the purchase of the equipment
because the new contract did not include the equipment in the statement of work.
CGI Federal's project manager provided a written justification stating "that
[additional] hardware/software was needed to support EPA's private cloud at
[CGI's] Phoenix Data Center." On September 18, 2018, over nine months after
the award was given, the EPA modified contract EP-W-18-008 and added the
clause allowing government-furnished property.
EPA and CGI Federal created the justification so that the Agency could purchase
the initially unauthorized equipment. If bidders were aware that they could access
government-furnished equipment with the required upgraded software during the
solicitation phase, the bidders could have developed different proposals and the
outcome of the contract award could have been different. The Agency did not
21-P-0094
12
-------�
meet the full and open competition requirement of CICA because bidders were
not aware that government-furnished property would be available for the contract.
Conclusion
The EPA provided government-furnished equipment for EP-W-18-008 but did not
disclose that government-furnished equipment would be provided to bidders
during the contract solicitation. The Agency's choice to provide equipment after
awarding the contract led to an unfair competitive advantage for CGI Federal. The
Agency must commit to adhering to federal contract competition laws as this is
crucial to ensuring fair and open competition for bidders seeking contracts with
the federal government.
Recommendation
We recommend that the assistant administrator for Mission Support:
5. Determine whether contract EP-W-18-008 should be terminated and
rebid to comply with the full and open competition requirement of the
Competition in Contracting Act and to disclose that the EPA will provide
government-furnished equipment.
Agency Response and OIG Assessment
For Recommendation 5, the OMS and the OCFO jointly evaluated the possibility
of terminating EP-W-18-008 and concluded that termination was not in the best
interest of the Agency. The Agency completed this corrective action in July 2020
and provided us with acceptable analysis of its determination. Therefore, we
consider the recommendation completed. The Agency's full response to the draft
report is in Appendix C.
Although the Agency contends in its response that there was full and open
competition, the OIG maintains its position that the EPA did not award the
contract in compliance with CICA's full and fair competition requirements. The
EPA not listing that it would provide government-furnished property to the
awardee is considered concealing information from bidders and could have
changed the outcome of the competition.
21-P-0094
13
-------�
Chapter 4
EPA Did Not Obtain Required FITARA
Approval for Task Orders and Contracts
The EPA awarded $52.5 million for these three contracts without federally
required approval from the CIO. As stated previously, the EPA issued task orders
under contract EP-W-07-024 and awarded the two subsequent contracts,
EP-W-18-007 and EP-W-18-008, for IT services and equipment license
purchases. FITARA gives the CIO approval authority over IT purchases. The CO
told us, incorrectly, that the CIO was not required to provide FITARA approval
for the previous contract's relevant modifications nor the follow-on contracts. As
a result of not obtaining FITARA approval, the CIO was not informed of the
$52 million purchase and was unable to review price competitions and cost
reductions.
Federal Law and EPA Policy Require Approvals for IT Contracts and
Acquisitions
According to FITARA, agencies may not enter into a contract or other agreement
for IT or IT services greater than $1 million unless the agency's CIO has reviewed
and approved the contract or agreement. According to the Office of Management
and Budget, starting April 30, 2016, and every April after, federal agencies are to
conduct annual reviews and self-assessments on FITARA implementation.
TheEPA Acquisition Guide, known as EPAAG, Chapter 39, "Acquisition of
Information Technology," Section 39.1, "General," which applies to all contracts
and task orders that include the acquisition of IT hardware, software, and services,
says that:
Contracting Officers are responsible for verifying that a complete
procurement package has been submitted.... No solicitation may
be issued until the appropriate IT purchase approval has been
received by the contracting official. If an IT purchase approval
document has not been received, the program office must be
contacted immediately to obtain a copy of the approval.
The EPA chief technology officer, who currently is the CIO, must approve IT
service contracts that are between the micropurchase threshold and $1 million per
year. The EPAAG also states that the director or deputy director of the OMS's
Office of Information Technology Operations is required to approve over
threshold IT equipment purchases. In addition, the director must approve IT
21-P-0094
14
-------�
hardware and commercial off-the-shelf software purchases over the
micropurchase threshold (Figure 2).
Figure 2: EPA acquisition approval process
IT purchases below micro-
purchase level of $10,000
IT Hardware and Commercial
Off-the-Shelf Software
purchases of $10,000 or more
IT Service Contracts between
$10,000 and $lM/year
IT Service Contracts greater
than $lM/year
Program Office or Approval by SIO, IMO,
Region's internal , _ . . _ _ ,
approval process IRM BC, or designee
Email
request to
FITARA-
Review
@epa.gov
using the
EPA IT
Acquisition
Approval
Process
Approval by OEI Office of
Information Technology
Operations (OITO) Director
Approval by EPA Chief
Technology Officer (CTO)
Approval by EPA Chief
Information Officer (CIO)
Provide approval email
to purchase card holder
prior to purchasing.
Upload pdf version
of approval email
as a supporting
document in the
Requisition
module of the EPA
Acquisition System
(EAS)
or with the
Advanced
Procurement Plan
(APP) if an APP is
required.
Source: EPA SharePoint IT acquisition approval graphic. (EPA OIG adaption of EPA graphic)
The 2015 OAS Invoice Review and Approval Desk Guide describes how COs
should review contract invoices, which would include any invoices associated
with contract modifications. TheDesk Guide includes checklists to perform an
adequate review. Accordingly, employees must (1) review contract invoices
thoroughly, (2) process invoices in a timely manner, and (3) maintain records of
their invoice reviews and actions taken as a result of the reviews.
In August 2016, the Agency issued an interim policy regarding IT approvals and,
in April 2018, finalized FITARA approval procedures in the EPAAG. Under the
EPAAG's Section 39.1, COs may not issue contract solicitations unless they have
received appropriate IT purchase approvals, which include FITARA approvals.
Despite these changes in policy and regulation, the OAS never updated the Desk
Guide after FITARA was enacted. The Desk Guide remains silent on FITARA
approvals.
Task Orders Awarded Without FITARA Approval
The CO told us, incorrectly, that the CIO was not required to provide FITARA
approval for actions under contract EP-W-07-024 because the contract was
awarded before FITARA took effect. While FITARA did not exist when the EPA
awarded new modifications for the contract that were over the FITARA
thresholds, as of April 2016, these types of modifications were subject to
FITARA approval. The EPA issued nine modifications without FITARA
approval. These modifications amounted to over $5.9 million (Appendix B).
On September 26, 2019, as a result of our audit, OAS management issued to staff
a. News Flash Notice reminder that IT acquisitions must be approved in
accordance with EPAAG Section 39.1 before awarding any contract, task order,
21-P-0094
15
-------�
delivery order, purchase order, purchase card transaction, and interagency
acquisition at any dollar value.
When the OIG team questioned the CO about the lack of approval under EPAAG
requirements, the CO stated that after reading the FITARA policy, the EPA
should have obtained FITARA approval on the original contract's modifications
and the award of the follow-on contracts.
Contracts Awarded Without FITARA Approval
The EPA did not follow FITARA contract approval requirements when awarding
contracts EP-W-18-007 and EP-W-18-008, which were valued at $46.6 million.
In the acquisition planning stage for these two contracts, the CIO conducted an
initial review using FITARA policies before the law was effective. The CIO
instructed OTS management and the OAS on the requirements for conducting a
FITARA review once the law was effective. Specifically, the CIO instructed the
two offices to:
• Meet with the chief technology officer prior releasing the procurement
package to determine strategies to increase competition and reduce
cost.
• Report back to the CIO on the results of those discussions prior to
releasing the procurement package.
When we asked if the CIO's instructions were followed after FITARA was
effective, the CO said that only the CIO's initial review was conducted. The
CO, the OTS, and the OAS did not follow the CIO's specific instructions to
meet with the chief technology officer, report back to the CIO, and perform a
full FITARA review before the contracts were awarded in fiscal year 2018.
The CO should not have awarded EP-W-18-007 and EP-W-18-008 without
conducting the FITARA review. As a result, the CIO was unaware of the
hardware and software purchase made by the Agency, and the CIO was
unable to provide price competitions and cost reductions.
Conclusion
FITARA requires federal agencies to identify waste and cost savings with
respect to IT acquisitions. The CIO was unaware of significant acquisitions
made by the Agency and was unable to appropriately review price
competitions, cost reductions, and duplicate equipment. As a result, the EPA
spent $52.5 million in taxpayer dollars without the CIO's oversight.
21-P-0094
16
-------�
Recommendations
We recommend that the assistant administrator for Mission Support:
6. Review all active contracts for acquisitions of information technology
hardware, software, and services in fiscal year 2016 and later to
determine whether the required Federal Information Technology
Acquisition Reform Act approvals were obtained and, if not, to obtain the
appropriate reviews and approvals. Identify cost findings in the process
from hardware and software purchases that were either duplicates or
unnecessary.
7. Require contracting officers to maintain records of all approvals by the
chief information officer, including those under the Federal Information
Technology Acquisition Reform Act, in accordance with the EPA
Acquisition Information Technology approval process.
Agency Response and OIG Assessment
The Agency agreed with Recommendation 6. The OMS will review all active IT
contracts to verify FITARA approval. The OMS said that this corrective action
will be completed by March 15, 2021. We consider this recommendation resolved
with corrective action pending.
In our draft report, we recommended that the Agency update the Invoice Review
and Approval Desk Guide to include FITARA reviews. In response to
Recommendation 2, the Agency agreed to implement internal controls in the EPA
Acquisition System to prevent improper spending in the future. With these
additional controls, the Desk Guide no longer needs to be updated for FITARA
actions. The OMS completed this on July 24, 2020. Therefore, we removed this
recommendation.
The Agency agreed with Recommendation 7, and the EPA Acquisition System
and the Simplified Acquisition Purchase checklists were updated to include
FITARA approval emails. In addition, EPAAG, Chapter 7, "Acquisition
Planning," Section 7.1.1.5.6, "Procurement Package," states that COs are
responsible for verifying that an approval to purchase IT equipment is included in
the Advanced Procurement Plan. The OMS said that this corrective action was
completed in August 2020. We consider this recommendation completed.
The Agency's full response to the draft report is in Appendix C.
21-P-0094
17
-------�
Chapter 5
EPA Did Not Monitor and Report
Equipment as Required
The OTS staff neglected to follow the EPA Personal Property Manual to monitor,
count, or report the purchased equipment, as required by federal requirements and
EPA policies. The EPA property management staff—responsible for the care, use,
accountability, and security of government-owned property in EPA areas—said
that they were not informed of the purchase under EP-W-07-024 because the CO
never reported the equipment in the contract file. The EPA did not report the
equipment, 23 pieces of hardware and software, as inventory in its 2018 financial
reports. The EPA did not report the equipment until a year-and-a-half after it was
purchased and after we requested the property records as part of this audit. In
addition, the EPA did not maintain a comprehensive list of software inventory and
did not track software licenses, as required by regulation. The EPA underreported
at least $1.18 million in software license costs in its financial statements and
inventory records. As a result, the Agency temporarily lost track of the equipment
paid for by taxpayer dollars.
EPA Is Required to Account for Government-Furnished Property
As stated in Chapter 3, EP-W-18-008, through a modification dated
September 18, 2018, contained the government-furnished property contract clause
as set forth in FAR 52.245-1. Under this clause, the government retains ownership
of government-furnished property, and the contractor is responsible for
maintaining records of the property on the contract. The contractor is required to
provide property-related reports upon the CO's request and periodically perform,
record, and disclose physical inventory results. The contractor is also required to
input marking identification on government-owned property, such as by stamping
or tagging.
The contractor is responsible for all government-furnished property from initial
acquisition. EPAAG subsection 45.1.2, "Property Administration," states that it is
the responsibility of the EPA property management staff to obtain annual physical
inventory reports of contractor-held government property. The EPAAG states that
the annual summary is due on September 30 of each year and upon contract
termination or expiration. The OCFO uses the information contained in the annual
summary to provide information for the Agency's financial statement. In addition,
Environmental Protection Agency Acquisition Regulation 1552.245-70 states
that if such a provision is included in a contract, the contractor is required to
submit an annual property report to the Agency.
The EPA Personal Property Manual requires the contractor to maintain an
accurate and complete accountability of all government-furnished property in
21-P-0094
18
-------�
accordance with the terms of the contract. The contractor should also conduct an
annual physical inventory and report the results to the EPA at the end of each
fiscal year.
The Property Manual also requires the EPA to maintain a complete inventory
record that includes the dates assets were put into service, serial numbers, invoice
values, and decals. It also states that it is the responsibility of the EPA property
management staff to:
• Verify that assets received match the assets recorded on the delivery
document and assets purchased.
• Ensure assets are tagged with a decal to identify them as government
property.
• Record property in the EPA's property management system.
• Ensure annual fiscal year inventories are established and implemented.
• Verify that the property custodial officers have current records.
• Confirm that proper EPA property tags are affixed to accountable EPA
personal property.
EPA and CGI Federal Did Not Report and Account for Government
Property Appropriately
The equipment located in the CGI Federal's Phoenix data center is government-
furnished property. The EPA-held property is normally located in Washington,
D C., or Research Triangle Park (Figure 3).
Figure 3: Property location map of EPA and CGI Federal facilities
OR
NH
VT ME
MT
NV
ND
SO W
*k Ml
V jjt I
Hi A IA ^
° "E A , **
« 4 - MU- 1 I ** /
1 I 1 MS AL \
MN
MA
CA
O
:DC.
^<8^ - HU
rx
LA.
EPA Research
Triangle Park,
National Computer
Center
FL
CGI Federal
Phoenix Data
Center
Source: EPA OIG graphic.
As stated in Chapter 2, in April 2018, the EPA purchased $641,680 in equipment
under a modification to EP-W-07-024. When the 23 pieces of equipment arrived
21-P-0094
19
-------�
at CGI Federal, neither the EPA nor CGI Federal properly accounted for the
equipment. EPA property officers did not tag the equipment as government-
furnished property that was in the custody of the contractor despite the
government-furnished property clause and regulations that required them to do so.
Agency policies and procedures require the property officer to verify that all
pieces of inventory were received, counted, tagged, and reported, as well as to
reconcile inventory sheets to the physical equipment.
CGI Federal improperly reported the equipment as EPA-held property in its
company's database. CGI Federal also did not report the equipment it held on a
government-furnished property form or maintain the form in its contract file.
When we began this audit, only CGI Federal inventory tags were on the
equipment.
Since CGI Federal did not tag the equipment as furnished by the EPA and
incorrectly listed the equipment in the EPA property system, the EPA did not
report it as government-furnished property in its fiscal year 2018 financial
statements. The EPA still did not correct the omission, even after the EPA moved
three of the 23 pieces of equipment from CGI Federal's Phoenix location to
Research Triangle Park. The CO is responsible for including a copy of the
completed property report in the contract file annually.
Purchased Software Licenses Not Inventoried
The Making Electronic Government Accountable by Yielding Tangible
Efficiencies Act of 2016, Pub. L. 114-210 dated July 29, 2016, requires the Office
of Management and Budget to direct agencies to develop a comprehensive
software licensing policy, which shall include establishing a comprehensive
inventory of software license agreements, as well as tracking and maintaining
software licenses regularly. Lawmakers recognized that there was "considerable
waste in software license expenditures and implementation of the [Act would]
rectify this to the benefit of American taxpayers."
For EP-W-18-007, the EPA did not establish a comprehensive inventory of
purchased software licenses, including the values and dates on when the licenses
started or access began. Since awarding the contract on December 31, 2017, the
EPA issued five modifications that involved software license purchases, renewals,
or software maintenance fees totaling $1,180,574.64 (Table 3). The EPA has no
record of these software licenses as of the end of fiscal year 2019. The OTS did
not include this $1.18 million in software licenses and maintenance fees in the
EPA's property system.
21-P-0094
20
-------�
Table 3: EP-W-18-007 modifications for software licenses and maintenance fees
Modification
Date
Purpose of modification
Amount
2
4/23/18
Add SAP® software maintenance
fees.
$143,212.77
2
4/23/18
Add Momentum® Performance
Budget and Acquisition Software
maintenance fees.
72,586.80
7
9/26/18
Purchase additional SAP Business
Objects Enterprise Professional
Edition and Business Objects
Named Users and maintenance
fees.
328,879.34
8
10/5/18
Purchase additional Momentum
Performance Budget User license
fees.
113,883.92
8
10/5/18
Purchase Momentum Performance
Budget User License Annual
maintenance fees.
18,609.60
9
10/30/18
Incorporate Privileged Access
Management Tool Operations and
maintenance fees.
201,420.80
9
10/30/18
Incorporate Privilege Access
Management, PAM, Tool
Implementation and PAM Tool
Work Code Builder software fees.
242,106.82
12
2/26/19
Renew existing SAP licenses and
purchase additional licenses.
59,874.59
Total
$1,180,574.64
Source: OIG analysis. (EPA OIG table)
An OTS IT specialist said that the office does
not keep an inventory of the licensed software
and that the EPA does not have a policy that
requires it to do so. Without an accurate list of
licenses, software, and maintenance fees, the
EPA is not appropriately tracking the software
inventory in accordance with the law. This
could lead to unnecessary software purchases
and wasteful use of funds.
Conclusion
It is imperative that the federal government is transparent in reporting and
tracking IT purchases for key operations. The EPA did not report the $641,680
equipment as inventory in its 2018 financial statement report and did not maintain
a comprehensive list of software inventory and software licenses valued at
$1.18 million. As a result, the Agency underreported expenses paid with taxpayer
dollars to Congress and the public.
The EPA scored an "F" for software
licensing in the House Oversight and
Government Reform's IT Scorecards in
four out of four biannual reviews from
2017 through 2019. Agencies receive an
"F" if they do not have a comprehensive
software inventory.
21-P-0094
21
-------�
Recommendations
We recommend that the chief financial officer:
8. Gather EPA property reports from each program and compare the
equipment value, serial number, asset tag, and location in the EPA
property database or contractor-held property report.
We recommend that the assistant administrator for Mission Support:
9. Require the contracting officer to verify that the location of EPA property
discussed in this report is updated in the contract records.
10. Create a software license inventory policy, which will include identifying
the number of licenses, license-counts authorized, overall costs of licenses,
maintenance fees, and contracts used for each licensed software. Track
and report savings produced by software licensing inventory and report the
savings as part of the Office of Management and Budget's annual Spend
Under Management data.
Agency Response and OIG Assessment
The Agency agreed with our recommendations. For Recommendation 8, the OMS
provided us with the EPA's equipment property reports and said that this
corrective action was completed in August 2020. We confirmed the equipment
inventory is in the National Computer Center with the director of Computer
Operations on September 1, 2020. For Recommendation 9, as discussed in
Recommendation 4, the OMS moved the $641,680 of equipment to the EPA's
National Computer Center. We verified the equipment in the EPA inventory
system and observed the equipment in the Phoenix and Research Triangle Park
locations. We consider Recommendations 8 and 9 completed.
For Recommendation 10, the OMS will create a software license inventory policy
to track and report savings produced. This corrective action will be completed by
December 31, 2022. We consider Recommendation 10 resolved with corrective
actions pending.
The Agency's full response to the draft report is in Appendix C.
21-P-0094
22
-------�
Status of Recommendations and
Potential Monetary Benefits
RECOMMENDATIONS
Rec. No. No.
Subject
Status1
Action Official
Planned Completion
Date
Potential Monetary
Benefits (in $000s)
1 9 Reinforce Federal Acquisition Regulation and contract clause
requirements, via policy updates and training, with contract
management and staff.
2 9 Reinforce internal controls in the EPA Acquisition System to prevent
future spending on information technology without the proper Federal
Information Technology Acquisition Reform Act approval.
3 9 Reinforce current EPA policy to require management to document
authorization of split-funding approvals.
4 9 Recover the $641,680 of unallowable equipment purchased.
5 12 Determine whether contract EP-W-18-008 should be terminated and
rebid to comply with the full and open competition requirement of the
Competition in Contracting Act and to disclose that the EPA will
provide government-furnished equipment.
6 17 Review all active contracts for acquisitions of information technology
hardware, software, and services in fiscal year 2016 and later to
determine whether the required Federal Information Technology
Acquisition Reform Act approvals were obtained and, if not, to obtain
the appropriate reviews and approvals. Identify cost findings in the
process from hardware and software purchases that were either
duplicates or unnecessary.
7 17 Require contracting officers to maintain records of all approvals by
the chief information officer, including those under the Federal
Information Technology Acquisition Reform Act, in accordance with
the EPA Acquisition Information Technology approval process.
8 22 Gather EPA property reports from each program and compare the
equipment value, serial number, asset tag, and location in the EPA
property database or contractor-held property report.
9 22 Require the contracting officer to verify that the location of EPA
property discussed in this report is updated in the contract records.
10 22 Create a software license inventory policy, which will include
identifying the number of licenses, license-counts authorized, overall
costs of licenses, maintenance fees, and contracts used for each
licensed software. Track and report savings produced by software
licensing inventory and report the savings as part of the Office of
Management and Budget's annual Spend Under Management data.
C Assistant Administrator for
Mission Support
C Assistant Administrator for
Mission Support
C Chief Financial Officer
C Chief Financial Officer
C Assistant Administrator for
Mission Support
R Assistant Administrator for
Mission Support
C Assistant Administrator for
Mission Support
Chief Financial Officer
C Assistant Administrator for
Mission Support
R Assistant Administrator for
Mission Support
9/26/19
7/24/20
3/12/20
8/31/20
7/31/20
3/15/21
$642
8/31/20
8/31/20
9/30/20
12/31/22
$1,180
1C = Corrective action completed.
R = Recommendation resolved with corrective action pending.
U = Recommendation unresolved with resolution efforts in progress.
21-P-0094
23
-------�
Appendix A
Timeline of Events
February I The EPA awarded the $83-million EP-W-07-024 contract to CGI Federal.
2007
Congress enacted FITARA. Agencies were required to be in full compliance of this
law by April 2016.
The EPA issued solicitation SOL-DC-16-00007 for hosting support services. Attached
to this solicitation was a Performance of Work Statement, which included the scope,
tasks, and requirements of a contractor for EP-W-18-008.
The offerors responded to the solicitation and asked if the EPA would provide
hardware and software for EP-W-18-008. The Agency stated that it would not provide
any hardware or software other than momentum licenses but subsequently provided
both hardware and software for the contract.
Latest possible expiration date for EP-W-07-024. The contract was modified nine
times after this date to extend time, services, and equipment.
The EPA awarded EP-W-18-007 to CGI Federal for $28.5 million.
• The EPA awarded EP-W-18-008 to CGI Federal for $18 million.
• The EPA issued a Statement of Work for EP-W-07-024, including a listing of
hardware and software procurement that the contractor shall provide.
EP-W-07-024 Modification 37 is prepared and a Notice to Proceed for hardware
and software purchase is authorized.
Requisition for hardware and software purchase prepared by the contracting
officer's representative.
21-P-0094
24
-------�
Li^ij
April
i 2018
• CGI Federal provided a Rough Order of Magnitude for EP-W-07-24, which
included an option for the hardware procured for EP-W-07-024 to be used on the
first momentum upgrade to save money during that period.
• CGI Federal provided a proposal for the purchase of hardware and software for
$641,679.54.
• The contracting officer's representative approved the CGI work plan.
• The procurement analyst approved the new task order as an emergency action
1 under EP-W-07-24.
• The task order for the purchase of hardware and software was issued.
• EP-W-07-024 ended. J
¦ May-July I
1 2018
Hardware delivered to CGI's Phoenix data center on various dates throughout May
and July 2018.
June
2018
1 >
CGI Federal provided the EPA with a revised proposal for EP-W-18-008, including
procurement of hardware and software.
I -i
August
2018
The invoices for EP-W-07-024 hardware and software purchases were approved and
paid.
I i
ISeptemberl
2018
i >
Hardware and software transferred from contract EP-W-07-024 to EP-W-18-008.
1 November 1
2018
>
The EPA entered hardware information into the Agency Asset Management System.
I *
July
2019
i N
Three servers purchased as part of $641,679.54 procurement moved from CGI's
Phoenix data center to the EPA's Research Triangle Park National Computer Center.
21-P-0094
25
-------�
Appendix B
EP-W-07-024 Modifications Issued
Without FITARA Approval
Modification
Date
Justification
Amount
1.
29
5/31/17
Incorporated CGI's revised
proposal.
$50,901.21
2.
30
6/29/17
Issued a one-month extension in
accordance with CGI's work plan.
608,438.30
3.
31
7/31/17
Issued a four-month extension in
accordance with CGI's work plan.
608,438.30
4.
32
9/12/17
Incorporated licenses for
Simplified Acquisition Purchase
Business Objects Bl Suite,
Momentum Acquisitions Plus for
Obligations Only, and Momentum
Performance Budgeting Plus.
849,526.31
5.
33
12/4/17
Extended services to
December 31,2017.
646,233.44
6.
34
12/29/17
Extended services to January 31,
2018.
617,014.03
7.
35
1/24/18
Extended services to March 31,
2018.
1,234,028.08
8.
36
3/1/18
Incorporated CGI's transition from
the old contract to the new
contracts.
629,769.76
9.
37
4/18/18
Purchased equipment, (including
the $641,679.54 in government-
furnished property)
676,179.54
To
tal
$5,920,528.97
Source: OIG analysis. (EPA OIG table)
21-P-0094
26
-------�
Appendix C
Agency Response to Draft Report
UNITED STATES ENVIRONMENTAL PROTECTION AGENCY
iva:tiiviTon, r; n roasn
September 11. 2020
MEMORANDUM
SUBJECT: Response to Office of Inspector General Draft Report No, OAifcE-FYl 9-003 5 "EPA
Improperly Bid Infonnation Technology- Contract and Should Improve Litemal Cmitinls
for Contract Management." dated Jul}' 1 \ 2020
DAVID
FROM; David A. Bloom. Deputy Chief Financial Officer di adm D»te; 2020.0911
* . ^ —. ' . , DLUUIVI 1%32 Si *04*00"
Ottice ot the Chiei Financial Otncer
Domia J, Vizian. Principal Deputy Assistant Administrator Vizian,
Office of Mission Support Donna
~lf§te% signed fey1 Ymmt
Donna
om.zmM.n
14:34:23-04W
TO:
Ivhadija Walker, Director
Contract and Assistance Agreement Directorate
Office of Inspector General
This memorandum responds to the Office of Inspector General's draft report. "EPA Improperly Bid
Infonnation Technology Contract and Should Improve Internal Controls for Contract Management,"
dated July 12020. Hie EPA appreciates the cordial and thorough communication with the OIG since
the audit commenced in the summer of 2019, As you will see from the table below, the Agency has
completed mam- of the OIG's recommendations However, the Agency disagrees that Contract No,
EP-W-1S-00S was improperly bidded. as all guidelines were followed according to the Federal
Acquisition Regulations, Please see Attachment 1 for further details In addition, the Aaency
completed the transfer of the hosting equipment to EPA's National Computer Center on August 31.
2020,
To facilitate review for the OIG. EPA is including attachments with supplemental information related to
the implementation of OIG's recommendations, including documents certifying EPA's completion of
the identified corrective actions (attachment 11,
AGENCY'S RESPONSE TO DRAFT AUDIT RECOMMENDATIONS
21-P-0094
27
-------�
Agreements
No.
Recommendation
Assigned
to:
High-Level Corrective
Action(s)
Estimated
Completion
Date
1
Reinforce Federal Acquisition
Regulation and contract clause
requirements, via policy
updates and training, with
contract management and staff.
OMS
Reinforce Federal Acquisition
Regulations and contract clause
requirements, via policy updates
and training, with contract
management and staff.
Completed
September 26,
2019
2
Institute internal controls in
EPA contract systems to
prevent improper spending in
the future.
OMS
Institute internal controls in EPA
contract systems to prevent
improper spending in the future.
Completed
July 24, 2020
3
Reinforce current EPA policy
via a policy update, to require
management to document
authorization of split funding
approvals.
OCFO
RMDS 2520-04 was updated to
enhance financial guidance and
standard operating procedures
regarding the preparation and
review of approval requests for
the use of multiple
appropriations. The update also
included a new request process
using The Multiple
Appropriations Request Tool to
increase monitoring, provide a
standardized template/format for
submissions, create a central
repository and allow multiple
team members to receive
notification when MA requests
are entered ensuring all requests
are processed timely.
Completed
March 12, 2020
4
Recover the $641,680 of
unallowable equipment
purchased.
OCFO
In FY 2019, OCFO made the
decision to transfer the mixed
financial production
environment from CGI's
Phoenix Data Center to EPA's
National Computer Center. As
part of this effort, OCFO
developed the plan to transfer all
the government-owned property
out of PDC. This plan started on
July 26, 2019 by transferring
three servers and continued
November 7, 2019 with nine
additional servers being shipped
from PDC to NCC. OCFO
Completed
August 2020
21-P-0094
28
-------�
completed the mixed financial
production move on July 24,
2020. The remaining six servers
and a storage device were
transferred to the NCC on
August 31, 2020.
The updated Contractor Held
Property Report due to the
agency in October 2020 should
reflect all property transitioned
back to the EPA. OCFO has
initiated additional internal
controls with the implementation
of a project health check, the
requirement to maintain
FITARA approval
documentation in a central
location for future reference and
a required DCFO briefing on all
action over $1 million. Please
see attachment, "OCFO Shared
Serve Center HW-SW Inventory
073019" (attachment 2) and
attachment, "OCFO GFP
Inventory 092719" (attachment
3).
5
Determine whether Contract
No. EP-W-18-008 should be
terminated and rebid to comply
with the full and open
competition requirement of the
Competition in Contracting
Act and to disclose that the
EPA will provide government-
furnished equipment.
OMS
Determine whether Contract No.
EP-W-18-008 should be
terminated and rebid to comply
with the full and open
competition requirement of the
Competition in Contracting Act
and to disclose that the EPA will
provide government-furnished
equipment.
Completed
July 2020
6
Review all original or amended
contracts for acquisitions of
information technology
hardware, software, and
services in fiscal year 2016 and
later to determine whether the
required Federal Information
Technology Acquisition
Reform Act approvals were
obtained, and if not, obtain the
OMS
Review all active original or
amended contracts for
acquisitions of information
technology hardware, software,
and services in fiscal year 2016
and later to determine whether
the required Federal Information
Technology Acquisition Reform
Act approvals were obtained,
and if not, obtain the appropriate
March 15,
2021
21-P-0094
29
-------�
appropriate reviews and
approvals. Identify cost
findings in the process
from hardware and software
purchases that were either
duplicates or unnecessary.
reviews and approvals. Identify
cost findings in the process
from hardware and software
purchases that were either
duplicates or unnecessary.
8
Require contracting officers to
maintain records of all
approvals by the chief
information officer, including
those under the Federal
Information Technology
Acquisition Reform Act, in
accordance with the EPA
Acquisition Information
Technology approval process.
OMS
Require contracting officers to
maintain records of all approvals
by the chief information officer,
including those under the
Federal Information Technology
Acquisition Reform Act, in
accordance with the EPA
Acquisition Information
Technology approval process.
Completed
August 2020
9
Gather EPA property reports
from each program and
compare the equipment value,
serial number, asset tag, and
location in the EPA property
database or contractor-held
property report.
OCFO
Gather EPA property reports
from each program and compare
the equipment value, serial
number, asset tag, and location
in the EPA property database or
contractor-held property report.
Completed
August 2020
10
Require the contracting officer
to verify that the location of
EPA property is updated in the
contract records.
OMS
Require the contracting officer to
verify that the location of EPA
property is updated in the
contract records.
September 30,
2020
11
Create a software license
inventory policy, which will
include identifying the number
of licenses, license-counts
authorized, overall costs of
licenses, maintenance fees, and
contracts used for each
licensed software. Track and
report savings produced by
software licensing inventory
and report it as part of the U.S.
Office of Management and
Budget's annual Spend Under
Management data.
OMS
Create a software license
inventory policy, which will
include identifying the number
of licenses, license-counts
authorized, overall costs of
licenses, maintenance fees, and
contracts used for each licensed
software. Track and report
savings produced by software
licensing inventory and report it
as part of the U.S. Office of
Management and Budget's
annual Spend Under
Management data.
December 31,
2022
21-P-0094
30
-------�
Disagreements
No.
Recommendation
Assigned
to:
Agency Response
Proposed Alternative
7
Update the 2015
Invoice Review and
Approval Desk
Guide to include the
Federal Information
Technology
Acquisition Reform
Act and EPA
Acquisition Guide
requirements for
approval for new
contracts and
modifications to
existing contracts.
OMS
Considering that EPA agreed to
recommendation 6, which would
capture all pre-FITARA
contracts, this recommendation is
unnecessary. FITARA approval
must occur at the onset of the
requisition process. Suggesting
that approval is needed at the
invoice stage is misleading and
will cause confusion as it is well
past the stage where FITARA
approval must occur.
Review all active
original or amended
contracts for
acquisitions of
information technology
hardware, software, and
services in fiscal year
2016 and later to
determine whether the
required Federal
Information Technology
Acquisition Reform Act
approvals were
obtained, and if not,
obtain the appropriate
reviews and approvals.
Identify cost findings in
the process
from hardware and
software purchases that
were either duplicates
or unnecessary.
Attachments:
(1) Background on Report Recommendations
(2) OCFO Shared Service Center
(3) OCFO GFP Inventory
(4) Flash Laptops
(5) Flash Acquisition Planning Documents
(6) Flash IT Approval Reminder
(7) FITARA Custom Fields
(8) Email FITARA Custom Fields
(9) Email Flash APP
(10) Revised EPAAG 7.1.1
CC: Catherine Allen
Heriberto Ibarra
Michael Petscavage
Lynnann Hitchens
Vaughn Noga
Erin Collard
21-P-0094
31
-------�
Carol Terns
C. Paige Hanson
Lek Kadeli
Charlie Dankert
Jeanne Conklin
Meshell Jones-Peeler
Istanbul Yusuf
Richard Gray
Kimberly Patrick
Pamela Legare
Brian Epley
David Updike
Lynsey Lanier
Eva Ripollone
Celia Vaughn
Aileen Atcherson
Nikki Wood Newton
Daniel Coogan
Marilyn Armstrong
Mitchell Hauser
Andrew LeBlanc
Jose Kercado-Deleon
21-P-0094
32
-------�
BACKGROUND ON RECOMMENDATION #1
OMS launched the Acquisition Workforce Comprehensive Training Program (AWCTP) with
more than 20 courses that focus on EPA specific issues and processes. All the courses are rooted
in the Federal Acquisition Regulation (FAR). The courses are taught several times throughout
the year and are readily accessible to the acquisition workforce which includes, but is not limited
to, Contracting Officers (COs) COs/CSs, Contracting Officer's Representatives (CORs) CORs,
Simplified Acquisition Contracting Officers (SACOs), and purchase card holders. In the Fall of
2016, PTOD gave a presentation on various subjects including Federal Information Technology
Acquisition Reform Act (FITARA). Office of Mission Support's (OMS) Office of Customer
Advocacy Policy and Portfolio Management (OCAPPM) gave presentations to the CORs per
FITARA. The AWCTP was initially launched on August 01, 2018.
OMS also offers FITARA classes posted for all COs and CORs on their FITARA intranet site
located at FITARA. This link to the website is included in in EPAAG Subsection 39.1.1.
paragraph 39.1.1.6, Websites. For OAS offered training, the acquisition training schedule and
registration procedures are located at: https://contracts.cpa.gov/trainingschcdulc
OMS incorporated additional FITARA information/ requirements into several AWCTP courses
for the acquisition community. Those courses included Simplified Acquisition Procedures,
Advanced Procurement Plan (APP) training and webinars, Top 10 Things Every Contracting
Officer's Representative Should Know (which includes FITARA, EPAAG 39.1, and Information
Security Role Based training), Purchase Card training webinars, and Supervisor courses for those
overseeing personnel that are part of the agency procurement process. Additional FITARA
training material will also be included in the COR Refresher course, which is currently being
updated under PTB review.
OMS has further released several FITARA Flash Notices (attachments 4, 5, 6) reiterating and
highlighting the importance of following FITARA guidance provided in EPAAG Part 39. Flash
Notices are distributed widely to the CO and COR community. Additionally, FITARA and
contract clause requirements are focal points within OAS's Contract Management Assessment
Program (CMAP) program as specified in EPAAG Subpart 1.1.1. This is an annual self-
evaluation/peer evaluation program to ensure COs are following federal and agency acquisition
regulations and policies.
BACKGROUND ON RECOMMENDATION #2
OMS requests that Recommendation #2 be reworded as follows:
"Reinforce internal controls in EPA Acquisition System (EAS) to prevent future
spending on information technology without the proper FITARA prior approval"
OMS requests revisions to the narrative on page 6 of the draft report that leads up to
Recommendations #1 and #2 to clarify that Contract No. EP-W-07-024, Financial System
Modernization Project (FSMP), was not a level-of-effort term type contract for services, where
contract performance is wholly tied to a specified level of effort, over a stated period of time.
21-P-0094
33
-------�
EP-W-07-024 was solicited (RFP #PRHQ0512521) and awarded under the North American
Industry Classification System (NAICS) 541512 as the requirement is for the modernization of
EPA's financial system within an overall financial modernization plan, the implementation of
which was to promote increased integration among systems, add new functionality, and improve
the agency's ability to perform core financial management essential functions. NAICS 541512 is
appropriately used when the contract requires contractor-provided planning and designing
computer systems that integrate computer hardware, software and communication technologies.
The hardware and software components of the system may be provided by the establishment or
company as part of integrated services or may be provided by third parties or vendors. Also,
under NAICS 541512, establishments often install the system and train and support users of the
system. Illustrative examples include such requirement as the following: computer systems
integration design consulting services, local area network (LAN) computer systems integration
design services, information management computer systems integration design services, and
office automation computer systems integration design services.
The FSMP performance work statement (PWS) stated that the overall scope of the FSMP is an
agency wide financial management system and the agency anticipated that the FSMP will result
in an integrated solution composed of a Commercial Off the Shelf (COTS) product or suite of
products. The PWS further listed several FSMP goals which included: the delivery of a world
class, best value, business and financial enterprise that implement an agencywide resource
management solution; increased efficiency and effectiveness by optimizing investments;
identified measurement benchmarks and exceed industry performance standards; and, leveraged
proven technologies to advance business operations. The purchase of the hardware suite in
question under Contract No. EP-W-07-024 is part of the overall IT solution for achieving the
goals specified in the contract's PWS and within the scope of NAICS 541512. The NAICS used
for Contract No. EP-W-07-024 is verifiable through the Federal Procurement Data System
(FPDS) database.
OMS further requests revision to Figure 1: Contract Award and Equipment Purchase Timeline
included on page 6 of the draft report, and proposes the following changes:
December 31. 2017: Contract EP-W-18-007 awarded.
January 1. 2018:
March 28, 2018:
April 18. 2018:
Contract EP-W-18-008 awarded.
The CO issued to the contractor the written notice and authorization to
proceed with the authorized not-to-exceed amounts for services contained
under EPA Request for Workplan dated on 03/28/2018. The notice
outlined two efforts to be completed under EP-W-07-024: UPIID
Analysis Phase under EP-W-07-024, Task Order #28 and hardware and
software purchase under EP-W-07-024, later issued as Task Order No.
68HE0H18F1491.
The CO followed up the notice and authorization to proceed with the
formal issuance of Task Order No. 68HE0H18F1491 under Contract EP-
W-07-024.
21-P-0094
34
-------�
April 20. 2018: Task Order No. 68HE0H18F1491 stated a period of performance through
this date for completion of all work and delivery of hardware.
May 2018: Hardware delivered to the PDC in May 2018 and then government
property tagged at a later date. Hardware accountability was under EP-W-
07- 024.
August 30. 2018: EPA final payment for $641,680 equipment purchased for EP-W-07- 024.
September 18. 2018: Equipment accountability was transferred from contract EP-W-07-024 to
EP-W-18-008.
Specific to the issue of delivery, the OCFO requisitioner had originally estimated that the
required work and hardware delivery would be completed by April 20, 2018, the date specified
in Task Order No. 68HE0H18F1491. However, OMS was advised that the hardware was
delivered to the PDS a few days later in May of 2018. While FAR Part 46 prescribes a certain
course of action in instances of nonconforming supplies or services, including late delivery, such
course of action was not warranted in this case given the relatively minor impact of the slight
delay in delivery. A contract, as in the case of procurement for a non-severable item or hardware,
does not simply end until both contracting parties have fully performed their respective
contractual obligations. The contract continues in effect until it has been "discharged" in one way
or another, e.g., by fulfillment, accord and satisfaction, or breach & termination. See Cibinic,
Nash, and Nagle, Administration of Government Contracts 4th, page 1202, which describes
discharge as "extinguishment of all or part of the continuing rights and obligations of the parties
under the contract." Being discharged should not be confused with being "physically complete"
or "closed out" as provided under FAR 4.804, Closeout of contract files.
Specific to Recommendation #2, OAS' Information Technology Systems & Service Branch
(ITSSB), with the assistance of the PTB, instituted two mandatory custom fields into EAS,
effective May 2018 to capture the estimated dollar value of IT to be purchased, if any, and
required EAS fields for the following: 1) PR (requisition) program office populated FITARA
information; and 2) contracting office populated FITARA information for all awards.
Attachments 7 and 8 are the email notification about the custom fields.
In addition to the systemic changes within EAS to support the FITARA review requirement, in
July 24, 2020 OAS updated its Advanced Procurement Planning (APP) policy instructing
COs/CSs to reject applicable PRs that do not contain FITARA approval. The Flash Notice
(attachment 9) and the revised EPAAG Subsection 7.1.1 (attachment 10) are attached.
Furthermore, as provided under EPAAG Subsection 1.1.1, OAS has in place the Contract
Management Assessment Program (CMAP) which is described in Part 6 of the Office of
Acquisition Management (currently Office of Acquisition Solutions, OAS) Balanced Scorecard
(BSC) Performance Measurement and Management Program (PMMP) Guide. Part 6 of the
PMMP Guide outlines the CMAP is a system of controls designed to measure operational
awareness and to assess how well EPA's contracting organizations comply with all acquisition
21-P-0094
35
-------�
requirements and support their respective program customers. The CMAP includes four primary
components: Internal Control Plans; Self-Assessment Reviews; Annual Self-Assessment
Reporting; and CMAP Peer Reviews. These four components provide the ability to identify and
correct systemic vulnerabilities which in turn provides safeguards against waste, fraud and abuse.
FITARA review is one of the focal points under the CMAP. Future assessment activities will
further emphasize and reinforce its importance through increased management attention &
oversight.
BACKGROUND ON RECOMMENDATION #3
For recommendation #3, the Office of the Controller updated Resource Management Directive
System 2520-04. Multiple Appropriations of Non-direct Allocable Costs, to provide enhanced
financial guidance and standard operating procedures regarding the preparation and review of
approval requests for the use of multiple appropriations. To increase awareness throughout the
agency, the OC communicated the requirement and issuance of this updated policy document to
the financial community through:
• Mission Support Division Director Meeting (October 2019)
• Office of Mission Support Contract Officer Representative Lab Training (October 2019)
• Email Notification from the OC (March 2020)
• OCFO Policy Blitz (July 2019 and March 2020)
• OC Newsletter - The Source (July 2019 and March 2020)
• Regional Comptroller/Financial Management Officer Meeting (April 2020)
This update reminded agency offices of the requirement to submit the required information as
stated in RMDS 2520-04 to obtain approval for use of multiple appropriations, prior to the use of
funds.
BACKGROUND ON RECOMMENDATIONS #4 AND #9
For recommendations #4 and #9, efforts were underway from FY 2015 to FY 2018 to recompete
and/or renew the EPA contracting for the new accounting system deployed in FY 2012, a version
of Momentum software from CGI. The CIO at the time stipulated that hosting be acquired as a
separate contract to increase competition and potentially improve pricing/services. The
contracting process was very complex and extended beyond the intended timeframe.
Ultimately, the previous vendor, CGI, succeeded for both aspects of the service. The Senior
Information Officer and the Director of the Office of Technology Solutions at that time were
interested in possibly finding further savings and improved performance by managing the
equipment as well as adjusting the hosting location, and began planning changes to the OCFO
infrastructure environment, in FY 2018. The hosting location changes were an optional task
under the new contract; however, not all related actions under previous contracts were
resubmitted through the Federal Information Technology Acquisition Reform Act process.
21-P-0094
36
-------�
Hosting Strategy Review
The equipment purchased and hosting shifts proceeded in FY 2019. At the end of the calendar
year, two key program staff separated from the agency. Under the direction of the new Chief
Information Officer, Vaughn Noga, and then Chief Financial Officer, Holly Greaves, and in
consultation with the agency's Office of Acquisition Solutions, OCFO worked with OMS to
review and revamp the hosting strategy for financial systems.
The decision was to re-establish hosting for financial systems at EPA's Computer Center at
NCC, with the exception of the accounting system itself, to better mirror the original contract
and hosting strategy, and to align with the agency's 2019 Data Center Plan. This included
restructuring the hosting contract to move the equipment and most financial systems back to
EPA's hosting environment.
Corrective Actions
The final contract changes took place in spring 2020, and the systems moves were accomplished
in July 2020. OCFO has also put internal controls in place to ensure proper FITARA review and
documentation of its IT acquisitions.
BACKGROUND ON RECOMMENDATION #5
OMS and OCFO have jointly evaluated the possibility of terminating Contract No. EP-W-18-008
and concluded that termination is not in the best interest of the agency. The program office still
needs the primary services the contract provides and, therefore, should be allowed to expire at
the end of its maximum potential ordering period of performance, if all options were exercised.
Representatives from OCFO informed OAS that once the migration is completed, the scope of
work under the contract overall would be reviewed for potential changes or de-scope. However,
continued work is needed to support Compass under the contract including support for Compass
Version Enhancement (CVE) hosting and data replication efforts. This work involves
implementation of all EPA and NIST IT security controls applicable to OCFO's current and
future financial and mixed financial systems at the moderate risk level. NIST 800-53 revision 4
contains NIST's most up-to-date IT security controls and the contractor will ensure that the most
recent security controls are implemented on all OCFO financial and mixed financial systems.
Required tasks include following:
Providing Compass data replication setup and support. The contract is needed to perform
installation, configuration, and monitoring of the data replication from the Compass Core
Financial database to Compass Data Warehouse (CDW) database.
Providing support for Momentum version upgrades (ex. configuration and testing). The
contractor is needed to provide the separate Compass environments support for the
version upgrade tasks. The environments include databases and applications for
Conversions, System Testing, Integration Tests, Training, and Production environments.
21-P-0094
37
-------�
OMS disagrees with the OIG draft report statement that "The full and open competition
requirement of the Competition in Contracting Act (CICA) was not met because bidders were
not aware that government-furnished property would be available for the contract."
The agency complied with FAR 6.101, policy, to promote and provide for full and open
competition in soliciting offers and awarding Contract No. EP-W-18-008, using FAR 6.102
available competitive procedures to fulfill the requirement under FAR 15. For source selection,
EPA used FAR 15.101-1 tradeoff process as we determined it to be in the best interest of the
Government to consider award to other than the lowest priced offeror or other than the highest
technically rated offeror. The request for proposal (RFP) SOL-DC-16-00007, EPA Compass
Hosting and Support Services (NAICS 518210), which resulted in the award of Contract No. EP-
W-18-008, listed all evaluation factors and significant subfactors that will affect contract award
and their relative importance. The solicitation also specifically stated in the RFP's section M
that all evaluation factors other than cost or price, when combined, are significantly more
important than cost or price. Under this best value trade off source selection process, price is a
substantial factor in the source selection but is not the determining factor for award. The
solicitation did not list any government-furnished property as none was available at the time of
solicitation which was initially released on 12/14/2016. We do not believe that not listing
unavailable government property in the solicitation, in any way, undermined the competition for
the award of Contract No. EP-W-18-008. The solicitation resulted in an adequate price
competition as per FAR 15.403-1 (c) (1) wherein two responsible offerors, competing
independently, submitted priced offers that satisfied the Government's expressed requirement;
award was made to the offeror whose proposal represented the best value (see FAR 2.101) where
price is a substantial factor in source selection; and there was no finding that the price of the
successful offeror is unreasonable.
As previously noted in our response to the discussion document, Contract No. EP-W-18-008 was
awarded under an effective competitive process with the receipt of four offers, two of which
were determined to be in the competitive range. We had reviewed the award once more and
determined that the decision does not reveal that any price advantage resulted for either one of
the offerors in the competitive range due to the subsequent equipment purchase referred to in the
OIG draft report. Based on their own technical approaches, both offerors in the competitive
range proposed the commensurate equipment and tools they each determined on their own as
required to successfully perform the contract, with the successful offeror (CGI) proposing well
over $13 million in other direct costs, and the unsuccessful offeror proposing over $4 million for
such expenses. It should be noted that the cost driver was labor where the successful offeror
proposed $4.4 million and the unsuccessful offeror proposed over $18 million. The award
decision boiled down to the best value determination based on the offered solution and the
technical evaluation results. Industry questions were addressed; meaningful discussions were
held giving way to final proposal revision; technical evaluations were completed; and the source
selection decision document was reviewed by the Office of General Counsel for legal
sufficiency. There was no protest and prompt debriefings were held as per offerors' requests.
BACKGROUND ON RECOMMENDATION #6
OMS requests a rewrite of this recommendation to state the following:
21-P-0094
38
-------�
"Review all active original or amended contracts for acquisitions of information
technology hardware, software, and services with dollar values over the simplified
acquisition threshold, in fiscal year 2016 and later to determine whether the required
Federal Information Technology Acquisition Reform Act approvals were obtained, and if
not, obtain the appropriate reviews and approvals. Identify duplicative purchases of
hardware and software and take steps to achieve cost savings from the use of common
contract solutions."
The task of reviewing active contract vehicles is labor intensive and serves no value for expired
and closed actions. OMS can collect data and identify multiple IT purchases (i.e., duplicates) for
the same hardware and/or software requisitioned by various program offices. However,
programs, and not OAS, determine the necessity for hardware and software.
BACKGROUND ON RECOMMENDATION #7
FITARA is a pre-award and/or acquisition planning issue when a new IT procurement is being
contemplated or when an existing contract or task order requires modification to add IT item(s)
that were not previously FITARA reviewed and approved by the CIO/CIO representative as
required by the agency. As discussed under Recommendation #2, OMS instituted two mandatory
custom fields into EAS, effective May 2018 to capture the estimated dollar value of IT to be
purchased, if any, and required EAS fields for the following: 1) PR (requisition) program office
populated FITARA information; and 2) contracting office populated FITARA information for all
awards. Attachments 7 and 8 are the email notification about the custom fields. In addition to the
systemic changes within EAS to support the FITARA review requirement, in July 24, 2020 OAS
updated its APP policy instructing COs/CSs to reject applicable PRs that do not contain FITARA
approval."
BACKGROUND ON RECOMMENDATION #8
Existing policy already requires approval and contract documentation as delineated in EPAAG
7.1 and EPAAG 39.1. File documentation is also emphasized throughout the various EPAAG
sections. Approvals are maintained in the contract writing system as well as in the official
contract file. EPAAG requirements and instructions specific to FITARA include the following:
EPAAG Paragraph 39.1.1.5.1 Program Office Review Responsibilities:
The requiring official, typically the COR is responsible for submitting a request to procure IT
and obtaining approval in accordance with the procedures contained in this subsection. After
approval is received from the CIO or designated delegate, a copy of the approval shall be
included with the Advanced Procurement Plan (APP), if an APP is required in accordance with
EPAAG 7.1.1. A copy of the approved APP must be sent to the contracting office. If an APP is
not required, a copy of the approval shall be included with the requisition or provided directly to
the purchase cardholder if applicable.
21-P-0094
39
-------�
EPAAG Paragraph 39.1.1.5.2 Contracting Officer Verification Responsibilities
In accordance with EPAAG 7.1.1.5.6, Procurement Package, contracting officers are responsible
for verifying that a complete procurement package has been submitted. Contracting officers must
verify whether an approval to purchase IT has been included in the Advanced Procurement Plan
(APP) or attached to the requisition if an APP is not required. No solicitation may be issued until
the appropriate IT purchase approval has been received by the contracting officer. If an IT
purchase approval document has not been received, the program office must be contacted
immediately to obtain a copy of the approval. If IT purchase approval is required and the
program office will not provide a copy of the approval, contracting officers must not proceed
with the acquisition until the program office complies with the policy and submits the IT
purchase approval.
EPAAG Paragraph 39.1.1.5.3 Purchase Cardholder Responsibilities
In accordance with the IT Acquisition Approval Process, Attachment 39.1.1-A IT actions at or
below the micro-purchase level require approval for the IT acquisition from the Senior
Information Officer (SIO), Information Management Officer (IMO), or other designee in
accordance with the Program Office or Region's existing approval process. A copy of the IT
purchase approval must be provided to the purchase cardholder. The purchase cardholder must
ensure that an IT acquisition approval has been received before making the purchase. If an IT
purchase approval document has not been received, the program office must be contacted
immediately to obtain a copy of the approval. Purchases cannot be made until written approval
has been received. The purchase cardholder must include the documented approval in the
purchase card file.
EAS Acquisition Checklist and the SAP [Simplified Acquisition Purchase] Checklist were
updated to include blocks for the FITARA approval e-mail(s). Additionally, OAS/PTOD's
Policy & Training Branch (PTB) has an upcoming scheduled EPAAG 7.1 training, which will
reiterate the requirement for all approvals to be maintained in EAS.
BACKGROUND ON RECOMMENDATION #10
As discussed under Recommendation #4, during the late part of CY 2019, most of the servers in
question were decommissioned and shipped to the National Computer Center (NCC), Research
Triangle Park, North Carolina. Currently, the migration of the servers and other supporting
hardware remaining at CGI's Phoenix Data Center (PDC) is still in progress. The anticipated
completion date is 08/31/2020. Therefore, the contract modification to remove accountability of
the property from the contract will be processed and executed at that time, thus, updating the
contract records.
21-P-0094
40
-------�
Appendix D
Distribution
The Administrator
Assistant Deputy Administrator
Associate Deputy Administrator
Chief of Staff
Deputy Chief of Staff
Chief Financial Officer
Assistant Administrator for Mission Support
Agency Follow-Up Coordinator
General Counsel
Associate Administrator for Congressional and Intergovernmental Relations
Associate Administrator for Public Affairs
Deputy Chief Financial Officer
Associate Chief Financial Officer
Associate Chief Financial Officer for Policy
Controller
Deputy Controller
Principal Deputy Assistant Administrator for Mission Support
Associate Deputy Assistant Administrator for Mission Support
Deputy Assistant Administrator for Administration and Resources Management, Office of
Mission Support
Deputy Assistant Administrator for Environmental Information and Chief Information Officer,
Office of Mission Support
Director and Chief Information Security Officer, Office of Information Security and Privacy,
Office of Mission Support
Director, Office of Resources and Business Operations, Office of Mission Support
Director, Office of Acquisition Solutions, Office of Mission Support
Director, Office of Continuous Improvement, Office of the Chief Financial Officer
Director, Office of Technology Solutions, Office of the Chief Financial Officer
Director, Policy, Training, and Accountability Division, Office of the Controller
Chief, Management, Integrity and Accountability Branch; Policy, Training, and Accountability
Division, Office of the Controller
Audit Follow-Up Coordinator, Office of the Administrator
Audit Follow-Up Coordinator, Office of the Chief Financial Officer
Audit Follow-Up Coordinator, Office of Mission Support
Audit Follow-Up Coordinator, Office of Acquisition Solutions, Office of Mission Support
Audit Liaison, Office of Technology Solutions, Office of the Chief Financial Officer
21-P-0094
41
-------� |