Management Implication Report: The EPA Has Insufficient Internal Controls for Detection and Prevention of Procurement Collusion March 12, 2024 | Report No. 24-N-0027 ------- U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL March 12, 2024 MEMORANDUM SUBJECT: Management Implication Report: The EPA Has Insufficient Internal Controls for Detection and Prevention of Procurement Collusion Purpose: We have identified concerns regarding lack of internal control methods within the U.S. Environmental Protection Agency Office of Acquisition Solutions, or the OAS, for identifying and preventing collusion and anticompetitive behavior with respect to Agency procurement solicitations stored in the EPA Acquisition System, or the EAS. The Office of Management and Budget Circular No. A- 123, Management's Responsibility for Enterprise Risk Management and Internal Control, requires the EPA to establish internal controls to manage, among other things, the risk of fraud. The OAS does not store and organize all of its procurement data in a manner that allows for proactive oversight and program management that could detect and prevent fraudulent, collusive behavior, such as bid rigging, price fixing, or other anticompetitive practices. Collusion and anticompetitive behavior could harm the EPA because it may lead to increased prices of goods and services that the Agency needs to complete its mission. Since fiscal year 2017, the OAS has awarded over 3,500 competitively bid, negotiated contracts worth over $2 billion for goods and services. We are concerned that those contracts could have been susceptible to procurement collusion due to the EPA's lack of internal controls within the EAS. We are issuing this management implication report to inform the Agency of our concerns and to provide considerations for establishing internal controls that would strengthen the EPA's ability to detect and prevent procurement collusion and would allow us to conduct effective oversight of EPA solicitations. FROM: Adam Seefeldt, Acting Assistant Inspector General Office of Strategic Analysis and Results TO: Kimberly Patrick, Principal Deputy Assistant Administrator Office of Mission Support Pam Legare, Office Director Office of Acquisition Solutions Office of Mission Support 24-N-0027 1 ------- Background: Statutory and Regulatory Authorities Concerning Internal Controls and Procurements OMB Circular No. A-123 defines the responsibilities and provides guidance for agencies on how to implement internal control processes required by the Federal Managers' Financial Integrity Act of 1982 and the U.S. Government Accountability Office's Standards for Internal Control in the Federal Government. An internal control is a process that provides reasonable assurances that the operations, reporting, and compliance objectives of an agency can be achieved. Implementing effective internal controls requires agencies to identify key program risks and develop mitigation strategies for those risks, thereby reducing costs incurred from, for example, fraudulent actions. The Federal Acquisition Regulation, or FAR, is the primary collection of regulations that executive agencies, like the EPA, use when acquiring goods and services. Agencies may supplement the FAR with regulatory requirements that address their unique conditions, such as the EPA Acquisition Regulations. The FAR and the EPA Acquisition Regulations require the Agency to establish procedures ensuring that it does not solicit offers from ineligible contractors, award contracts to ineligible contractors, or agree to contracts listing such contractors as subcontractors absent a compelling reason.1 For contracts in excess of the simplified acquisition threshold of $250,000, contracting officers are required to review records from the U.S. General Services Administration's System for Award Management, or SAM, and other federal systems designed to help acquisitions officials assess the integrity of contractors and their past performance. For example, after receiving proposals or quotes and before making an award, contracting officers must search vendor exclusion records in SAM to determine whether proposals list ineligible firms as contractors or subcontractors and ensure ineligible contractors or subcontractors do not receive awards.2 Federal statute and the FAR require agency staff to report bids that evidence violations of antitrust laws to the attorney general. Additionally, the EPA's internal guidance requires staff to report suspected collusive and antitrust vendor behavior to the Office of Inspector General. Examples of collusive and antitrust violations can include, but are not limited to: • Two or more vendors agreeing to fix bids so that a predetermined vendor wins the solicitation. • Simultaneous price increases or follow-the-leader pricing. • A sudden change from competitive bidding to identical bidding. 1 48 C.F.R. §§ 9.404(c),405(a-b); 48 C.F.R. § 1509.406-3(a). 2 48 C.F.R. §§ 9.405(b), 44.202-2(a). 24-N-0027 2 ------- The EPA's Guidance for Procurements with Respect to Suspected Collusion The EPA Acquisition Guide is the Agency's internal guidance for implementing the FAR and the EPA Acquisition Regulations. Prior to awarding a contract, contracting officers and contract specialists are required to review SAM, among other sources, for vendor eligibility. EPA Acquisition Guide section 44.2.1.5.1.1 addresses vendor collusion detection as a component of preaward subcontracts reviews. Specifically, it states that: COs [contracting officers] must be alert to restrictive bidding patterns where contractors may have agreements with other contractors not to compete or bid against each other for a prime contract to be awarded. In return, the contractor submitting a prime proposal may include other contractors as team subcontractors ... Whenever such an arrangement is suspected, it should be referred to the OIG, since such practices may be a violation of the Antitrust Act. (Emphasis added.) The EPA's Procurement Enterprise System The EAS is an automated contract writing and management system with configurable workflows that is built using a commercial off-the-shelf product called PRISM. The EAS is the EPA's official system of record for the life cycle of its contract process, which incorporates the EPA's policies, guidelines, and business processes. According to the EPA, the EAS "enables all key stakeholders in the procurement process to utilize one automated system throughout the acquisition life cycle from requisitioning to contract closeout." Additionally, the EAS fully integrates relevant systems, including the: • EPA's Compass Financials IT, or information technology, System. • EPA's Compass Data Warehouse. • EPA's Data Mart. • General Services Administration's Integrated Award Environment and SAM. • FedConnect system. FedConnect is a private web portal that connects federal agencies and vendors to help streamline the procurement process. Contractors can receive, review, and respond to contract administration actions and documents, such as correspondence, request for proposals, tasking instruments, and contract modifications. According to the EPA's website, companies applying for goods and services contracts submit their proposals via FedConnect. Information from FedConnect then flows directly into the EAS. 24-N-0027 3 ------- Concerns Identified: The EPA Does Not Structure All of Its Procurement Data Within the EAS to Allow for the Detection and Prevention of Fraudulent, Collusive Vendor Behavior Detection of anticompetitive and collusive bidding requires examining all bid and proposal data and retaining such data in a format structured for query and analysis. Vendors submit their proposal documentation via FedConnect, often attaching files as PDFs or other formats, which is then stored in the EAS. FedConnect can extract data fields from the proposals, including vendor name, address, bid amount, and phone number, which allows users to subsequently search on those specific fields. But the EPA does not consistently use FedConnect to extract data fields from proposals, which results in unstructured data, like PDFs, being stored in the EAS in an unsearchable format. This is significant because the EPA's poor data management renders the detection and prevention of anticompetitive and collusive conduct an unnecessarily arduous process. For example, if OAS staff wanted to examine bid information from the previous three years, they would have to manually review potentially hundreds of PDFs, one at a time, to locate and transcribe bid data. The OAS told us that its staff lack the resources for this kind of review, and the EAS has no automated process enabling OAS staff to review incoming proposals or to retrieve and compare vendors' previous proposal data to detect collusive behavior. Fraud is a risk to the procurement process, and failure to structure all procurement data in such a manner that would allow OAS staff to conduct robust reviews for collusive and anticompetitive vendor behavior presents a fraud risk to the Agency because potentially fraudulent activities may go undetected. OMB Circular No. A-123 requires agencies to implement enterprise risk management capabilities and internal control functions that identify, assess, respond to, and report on risks. Structuring all of the procurement data submitted via the FedConnect portal would allow OAS personnel to develop automated data analytics programs that could implement internal controls meant to detect and prevent collusive and anticompetitive behavior. The EPA Has the Ability to Structure Losing and Winning Bid Data Within the EAS to Strengthen Its Procurement Fraud Detection and Prevention Capabilities The OAS could enable system features relatively easily within the FedConnect portal that would collect and analyze losing and winning proposal data and make data fields searchable. This would allow OAS staff to run automated data analytics programs to detect and prevent potential fraudulent, collusive behavior. More specifically, PRISM's vendor, Unison Global, designed a feature in the EAS FedConnect module to help users compare vendor pricing without opening multiple proposal documents. Unison Global demonstrated to us how EAS users can create a solicitation in FedConnect and check an option that allows vendors to provide prices and other data in structured form. EAS users can use the data in their pricing evaluation, collusion detection analysis, or when estimating costs for future procurement planning. Figure 1 shows an image of how the EPA could enable this option. OAS staff were unaware of 24-N-0027 4 ------- this feature when we asked them about it. In response to a draft of this report, the EPA's Office of Mission Support said it would review the feature to determine its viability for identifying collusion. Figure 1: Controlling and Setting Vendor Access Within EAS [7 Send Solicitation to FedConnect Distribution: ~ [Public v| FedConnect Agency Code: ~ EPA 7.X Test P EPA 7.X Test FedConnect Office Code: ~ HPOD 7.X Test P HPOD 7.X Test 0 Allow responders to enter line item unit price and/or amounts in FedConnect ^£ecj^^ction^^^mad^vajjabje] J Add Line Items ~ Edit Line Item Description ~ Edit Line Item Quantity ~ Edit Line Item Unit of Issue ~ Edit Line Item Contract Type [v] Allow Alternate Response Note: This image shows the "Allow responders to enter line item unit price and/or amounts in FedConnect" option along with five additional options for which vendors can provide solicitation data in structured form. Source: EPA internal guidance for FedConnect posting fields. (EPA image) The EPA Could Strengthen Guidance and Training for Detecting and Preventing Collusive Behavior Amongst Contractors and Subcontractors The FAR, per 48 C.F.R. § 3.301, says that contracting personnel are "an important potential source of investigative leads" for anticompetitive conduct. Similarly, as noted previously, EPA Acquisition Guide section 44.2.1.5.1.1 instructs staff to "be alert for restrictive bidding patterns" and to refer suspicious activities to us for investigation. However, the EPA's guidance for OAS personnel to detect and prevent collusive and anticompetitive vendor behavior is woefully lacking. The EPA Acquisition Guide merely requires that staff "be alert" for such activity and provides no detailed instruction as to how staff are to identify such behavior. OAS staff receive annual training that includes procurement fraud awareness, but the OAS has suggested to us that such training is insufficient for that purpose. In its response to the draft of this report, the Office of Mission Support agreed and requested the OIG's assistance in providing more robust training on that topic. An Agency self-assessment report of the OAS Headquarters Acquisition Division for fiscal year 2022 described the review and approval of subcontracts as a "critical vulnerability," stating that while staff have "some understanding" of requirements forthe reviewand approval of individual subcontracts, staff had "little systematic involvement with the contractor subcontracting activities." The internal review also noted that: HQAD [Headquarters Acquisition Division] would benefit from training in this subject matter and ensuring subcontractor oversight is a topic for every kick-off meeting following a new award. For current / active contracts, [Headquarters Acquisition Division] 24-N-0027 5 ------- HQAD could also benefit from ensuring contract management plans and contract management checklists including subcontractor oversight activities, and staff are reviewing the subcontractor-related administration activities at least annually. This is a concern because collusive behavior can occur at both the contract and subcontracting levels. Incorporating a checklist of anticompetitive events, or practices to be aware, into a data analytics program would automate the oversight of subcontractors and potentially allow staff to detect and prevent collusive vendor behavior. The EPA's Poor Management of Data Stored in the EAS Hinders Our Ability to Provide Adequate Oversight Over the Agency's Procurements for Goods and Services We have raised these concerns because it adversely impacts our ability to effectively provide oversight of the EPA's procurement processes, especially as it relates to the detection and prevention of collusive vendor behavior. When historical procurement data for losing bids and proposals are not stored and analyzed within a database, it significantly restricts our ability to provide proactive oversight of the EPA's contracting practices. Like the OAS, we do not have the resources to manually review hard copy documents and PDFs for losing bids and proposals spanning several years. In September 2023, we issued OIG Report No. 23-N-0035. Management Implication Report: Lack of Readily Accessible Small Business Innovation Research Data, that described how difficult it was for the Agency and us to readily access a subset of procurement data within the EAS for the Small Business Innovation Research Program. The EPA has awarded over $2 billion worth of contracts for goods and services since fiscal year 2017. We have not received any referrals or tips from OAS staff regarding procurement fraud during this time period. Instead, OAS staff told us that they have generally relied on whistleblowers, such as contractor employees, to provide us with information of possible vendor collusion. This reactive approach can lead to criminal or civil prosecutions for procurement fraud. However, more efficient use of taxpayer dollars requires the development of automated, proactive fraud detection practices, such as data analytics, that could potentially prevent or detect the collusive behavior before a contract is awarded and money is dispersed to vendors. My office is notifying you of these concerns so that the Agency may take whatever steps it deems appropriate. If you decide it is appropriate for your office to take or plan to take action to address these matters, we would appreciate notification of that action. Should you have any questions regarding this report, please contact Daniel Porter, acting director of the Data Analytics Directorate, or porter.daniel@epa.gov or me or seefeldt.adam@epa.gov. cc: Sean W. O'Donnell, Inspector General Nicole N. Murley, Deputy Inspector General 24-N-0027 6 ------- Whistleblower Protection U.S. Environmental Protection Agency The whistleblower protection coordinator's role is to educate Agency employees about prohibitions against retaliation for protected disclosures and the rights and remedies against retaliation. For more information, please visit the OIG's whistleblower protection webpaqe. Contact us: Congressional Inquiries; OIG.CongressionalAffairsffiepa.gov Media Inquiries: OIG.PublicAffairs@epa.gov line EPA OIG Hotline: OIG.Hotline(5)epa.gov mi Web: epaoig.gov Follow us: X (formerly Twitter): (Qepaoig Linkedln: iinkedin.com/company/epa-oig YouTube: voutube.com/epaoig [Bj Instagram: #epa.ig.on.ig ------- |