Management Implication
Report: The EPA Has
Insufficient Internal
Controls for Detection and
Prevention of
Procurement Collusion
March 12, 2024 | Report No. 24-N-0027
-------�
U.S. ENVIRONMENTAL PROTECTION AGENCY
OFFICE OF INSPECTOR GENERAL
March 12, 2024
MEMORANDUM
SUBJECT: Management Implication Report: The EPA Has Insufficient Internal Controls for
Detection and Prevention of Procurement Collusion
Purpose: We have identified concerns regarding lack of internal control methods within the
U.S. Environmental Protection Agency Office of Acquisition Solutions, or the OAS, for identifying and
preventing collusion and anticompetitive behavior with respect to Agency procurement solicitations
stored in the EPA Acquisition System, or the EAS. The Office of Management and Budget Circular No. A-
123, Management's Responsibility for Enterprise Risk Management and Internal Control, requires the EPA
to establish internal controls to manage, among other things, the risk of fraud. The OAS does not store and
organize all of its procurement data in a manner that allows for proactive oversight and program
management that could detect and prevent fraudulent, collusive behavior, such as bid rigging, price fixing,
or other anticompetitive practices. Collusion and anticompetitive behavior could harm the EPA because it
may lead to increased prices of goods and services that the Agency needs to complete its mission. Since
fiscal year 2017, the OAS has awarded over 3,500 competitively bid, negotiated contracts worth over
$2 billion for goods and services. We are concerned that those contracts could have been susceptible to
procurement collusion due to the EPA's lack of internal controls within the EAS. We are issuing this
management implication report to inform the Agency of our concerns and to provide considerations for
establishing internal controls that would strengthen the EPA's ability to detect and prevent procurement
collusion and would allow us to conduct effective oversight of EPA solicitations.
FROM: Adam Seefeldt, Acting Assistant Inspector General
Office of Strategic Analysis and Results
TO:
Kimberly Patrick, Principal Deputy Assistant Administrator
Office of Mission Support
Pam Legare, Office Director
Office of Acquisition Solutions
Office of Mission Support
24-N-0027
1
-------�
Background:
Statutory and Regulatory Authorities Concerning Internal Controls and Procurements
OMB Circular No. A-123 defines the responsibilities and provides guidance for agencies on how to
implement internal control processes required by the Federal Managers' Financial Integrity Act of 1982
and the U.S. Government Accountability Office's Standards for Internal Control in the Federal
Government. An internal control is a process that provides reasonable assurances that the operations,
reporting, and compliance objectives of an agency can be achieved. Implementing effective internal
controls requires agencies to identify key program risks and develop mitigation strategies for those risks,
thereby reducing costs incurred from, for example, fraudulent actions.
The Federal Acquisition Regulation, or FAR, is the primary collection of regulations that executive
agencies, like the EPA, use when acquiring goods and services. Agencies may supplement the FAR with
regulatory requirements that address their unique conditions, such as the EPA Acquisition Regulations.
The FAR and the EPA Acquisition Regulations require the Agency to establish procedures ensuring that
it does not solicit offers from ineligible contractors, award contracts to ineligible contractors, or agree
to contracts listing such contractors as subcontractors absent a compelling reason.1 For contracts in
excess of the simplified acquisition threshold of $250,000, contracting officers are required to review
records from the U.S. General Services Administration's System for Award Management, or SAM, and
other federal systems designed to help acquisitions officials assess the integrity of contractors and their
past performance. For example, after receiving proposals or quotes and before making an award,
contracting officers must search vendor exclusion records in SAM to determine whether proposals list
ineligible firms as contractors or subcontractors and ensure ineligible contractors or subcontractors do
not receive awards.2
Federal statute and the FAR require agency staff to report bids that evidence violations of antitrust laws
to the attorney general. Additionally, the EPA's internal guidance requires staff to report suspected
collusive and antitrust vendor behavior to the Office of Inspector General. Examples of collusive and
antitrust violations can include, but are not limited to:
• Two or more vendors agreeing to fix bids so that a predetermined vendor wins the solicitation.
• Simultaneous price increases or follow-the-leader pricing.
• A sudden change from competitive bidding to identical bidding.
1 48 C.F.R. §§ 9.404(c),405(a-b); 48 C.F.R. § 1509.406-3(a).
2 48 C.F.R. §§ 9.405(b), 44.202-2(a).
24-N-0027
2
-------�
The EPA's Guidance for Procurements with Respect to Suspected Collusion
The EPA Acquisition Guide is the Agency's internal guidance for implementing the FAR and the EPA
Acquisition Regulations. Prior to awarding a contract, contracting officers and contract specialists are
required to review SAM, among other sources, for vendor eligibility.
EPA Acquisition Guide section 44.2.1.5.1.1 addresses vendor collusion detection as a component of
preaward subcontracts reviews. Specifically, it states that:
COs [contracting officers] must be alert to restrictive bidding patterns where contractors
may have agreements with other contractors not to compete or bid against each other
for a prime contract to be awarded. In return, the contractor submitting a prime proposal
may include other contractors as team subcontractors ... Whenever such an arrangement
is suspected, it should be referred to the OIG, since such practices may be a violation of
the Antitrust Act. (Emphasis added.)
The EPA's Procurement Enterprise System
The EAS is an automated contract writing and management system with configurable workflows that is
built using a commercial off-the-shelf product called PRISM. The EAS is the EPA's official system of record
for the life cycle of its contract process, which incorporates the EPA's policies, guidelines, and business
processes. According to the EPA, the EAS "enables all key stakeholders in the procurement process to
utilize one automated system throughout the acquisition life cycle from requisitioning to contract
closeout." Additionally, the EAS fully integrates relevant systems, including the:
• EPA's Compass Financials IT, or information technology, System.
• EPA's Compass Data Warehouse.
• EPA's Data Mart.
• General Services Administration's Integrated Award Environment and SAM.
• FedConnect system.
FedConnect is a private web portal that connects federal agencies and vendors to help streamline the
procurement process. Contractors can receive, review, and respond to contract administration actions
and documents, such as correspondence, request for proposals, tasking instruments, and contract
modifications. According to the EPA's website, companies applying for goods and services contracts
submit their proposals via FedConnect. Information from FedConnect then flows directly into the EAS.
24-N-0027
3
-------�
Concerns Identified:
The EPA Does Not Structure All of Its Procurement Data Within the EAS to Allow for the Detection and
Prevention of Fraudulent, Collusive Vendor Behavior
Detection of anticompetitive and collusive bidding requires examining all bid and proposal data and
retaining such data in a format structured for query and analysis. Vendors submit their proposal
documentation via FedConnect, often attaching files as PDFs or other formats, which is then stored in
the EAS. FedConnect can extract data fields from the proposals, including vendor name, address, bid
amount, and phone number, which allows users to subsequently search on those specific fields. But the
EPA does not consistently use FedConnect to extract data fields from proposals, which results in
unstructured data, like PDFs, being stored in the EAS in an unsearchable format.
This is significant because the EPA's poor data management renders the detection and prevention of
anticompetitive and collusive conduct an unnecessarily arduous process. For example, if OAS staff
wanted to examine bid information from the previous three years, they would have to manually review
potentially hundreds of PDFs, one at a time, to locate and transcribe bid data. The OAS told us that its
staff lack the resources for this kind of review, and the EAS has no automated process enabling OAS staff
to review incoming proposals or to retrieve and compare vendors' previous proposal data to detect
collusive behavior.
Fraud is a risk to the procurement process, and failure to structure all procurement data in such a manner
that would allow OAS staff to conduct robust reviews for collusive and anticompetitive vendor behavior
presents a fraud risk to the Agency because potentially fraudulent activities may go undetected. OMB
Circular No. A-123 requires agencies to implement enterprise risk management capabilities and internal
control functions that identify, assess, respond to, and report on risks. Structuring all of the procurement
data submitted via the FedConnect portal would allow OAS personnel to develop automated data
analytics programs that could implement internal controls meant to detect and prevent collusive and
anticompetitive behavior.
The EPA Has the Ability to Structure Losing and Winning Bid Data Within the EAS to Strengthen Its
Procurement Fraud Detection and Prevention Capabilities
The OAS could enable system features relatively easily within the FedConnect portal that would collect
and analyze losing and winning proposal data and make data fields searchable. This would allow OAS
staff to run automated data analytics programs to detect and prevent potential fraudulent, collusive
behavior. More specifically, PRISM's vendor, Unison Global, designed a feature in the EAS FedConnect
module to help users compare vendor pricing without opening multiple proposal documents. Unison
Global demonstrated to us how EAS users can create a solicitation in FedConnect and check an option
that allows vendors to provide prices and other data in structured form. EAS users can use the data in
their pricing evaluation, collusion detection analysis, or when estimating costs for future procurement
planning. Figure 1 shows an image of how the EPA could enable this option. OAS staff were unaware of
24-N-0027
4
-------�
this feature when we asked them about it. In response to a draft of this report, the EPA's Office of Mission
Support said it would review the feature to determine its viability for identifying collusion.
Figure 1: Controlling and Setting Vendor Access Within EAS
[7 Send Solicitation to FedConnect
Distribution: ~ [Public v|
FedConnect Agency Code: ~ EPA 7.X Test P EPA 7.X Test
FedConnect Office Code: ~ HPOD 7.X Test P HPOD 7.X Test
0 Allow responders to enter line item unit price and/or amounts in FedConnect
^£ecj^^ction^^^mad^vajjabje]
J Add Line Items
~ Edit Line Item Description
~ Edit Line Item Quantity
~ Edit Line Item Unit of Issue
~ Edit Line Item Contract Type
[v] Allow Alternate Response
Note: This image shows the "Allow responders to enter line item unit
price and/or amounts in FedConnect" option along with five additional
options for which vendors can provide solicitation data in structured
form.
Source: EPA internal guidance for FedConnect posting fields. (EPA image)
The EPA Could Strengthen Guidance and Training for Detecting and Preventing Collusive Behavior
Amongst Contractors and Subcontractors
The FAR, per 48 C.F.R. § 3.301, says that contracting personnel are "an important potential source of
investigative leads" for anticompetitive conduct. Similarly, as noted previously, EPA Acquisition Guide
section 44.2.1.5.1.1 instructs staff to "be alert for restrictive bidding patterns" and to refer suspicious
activities to us for investigation. However, the EPA's guidance for OAS personnel to detect and prevent
collusive and anticompetitive vendor behavior is woefully lacking. The EPA Acquisition Guide merely
requires that staff "be alert" for such activity and provides no detailed instruction as to how staff are to
identify such behavior. OAS staff receive annual training that includes procurement fraud awareness,
but the OAS has suggested to us that such training is insufficient for that purpose. In its response to the
draft of this report, the Office of Mission Support agreed and requested the OIG's assistance in providing
more robust training on that topic.
An Agency self-assessment report of the OAS Headquarters Acquisition Division for fiscal year 2022
described the review and approval of subcontracts as a "critical vulnerability," stating that while staff
have "some understanding" of requirements forthe reviewand approval of individual subcontracts, staff
had "little systematic involvement with the contractor subcontracting activities." The internal review
also noted that:
HQAD [Headquarters Acquisition Division] would benefit from training in this subject
matter and ensuring subcontractor oversight is a topic for every kick-off meeting
following a new award. For current / active contracts, [Headquarters Acquisition Division]
24-N-0027
5
-------�
HQAD could also benefit from ensuring contract management plans and contract
management checklists including subcontractor oversight activities, and staff are
reviewing the subcontractor-related administration activities at least annually.
This is a concern because collusive behavior can occur at both the contract and subcontracting levels.
Incorporating a checklist of anticompetitive events, or practices to be aware, into a data analytics
program would automate the oversight of subcontractors and potentially allow staff to detect and
prevent collusive vendor behavior.
The EPA's Poor Management of Data Stored in the EAS Hinders Our Ability to Provide Adequate Oversight
Over the Agency's Procurements for Goods and Services
We have raised these concerns because it adversely impacts our ability to effectively provide oversight
of the EPA's procurement processes, especially as it relates to the detection and prevention of collusive
vendor behavior. When historical procurement data for losing bids and proposals are not stored and
analyzed within a database, it significantly restricts our ability to provide proactive oversight of the EPA's
contracting practices. Like the OAS, we do not have the resources to manually review hard copy
documents and PDFs for losing bids and proposals spanning several years. In September 2023, we issued
OIG Report No. 23-N-0035. Management Implication Report: Lack of Readily Accessible Small Business
Innovation Research Data, that described how difficult it was for the Agency and us to readily access a
subset of procurement data within the EAS for the Small Business Innovation Research Program.
The EPA has awarded over $2 billion worth of contracts for goods and services since fiscal year 2017. We
have not received any referrals or tips from OAS staff regarding procurement fraud during this time
period. Instead, OAS staff told us that they have generally relied on whistleblowers, such as contractor
employees, to provide us with information of possible vendor collusion. This reactive approach can lead
to criminal or civil prosecutions for procurement fraud. However, more efficient use of taxpayer dollars
requires the development of automated, proactive fraud detection practices, such as data analytics, that
could potentially prevent or detect the collusive behavior before a contract is awarded and money is
dispersed to vendors.
My office is notifying you of these concerns so that the Agency may take whatever steps it deems
appropriate. If you decide it is appropriate for your office to take or plan to take action to address these
matters, we would appreciate notification of that action. Should you have any questions regarding this
report, please contact Daniel Porter, acting director of the Data Analytics Directorate,
or porter.daniel@epa.gov or me or seefeldt.adam@epa.gov.
cc: Sean W. O'Donnell, Inspector General
Nicole N. Murley, Deputy Inspector General
24-N-0027
6
-------�
Whistleblower Protection
U.S. Environmental Protection Agency
The whistleblower protection coordinator's role
is to educate Agency employees about
prohibitions against retaliation for protected
disclosures and the rights and remedies against
retaliation. For more information, please visit
the OIG's whistleblower protection webpaqe.
Contact us:
Congressional Inquiries; OIG.CongressionalAffairsffiepa.gov
Media Inquiries: OIG.PublicAffairs@epa.gov
line EPA OIG Hotline: OIG.Hotline(5)epa.gov
mi Web: epaoig.gov
Follow us:
X (formerly Twitter): (Qepaoig
Linkedln: iinkedin.com/company/epa-oig
YouTube: voutube.com/epaoig
[Bj Instagram: #epa.ig.on.ig
-------� |