The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for monitoring

By

How to manage risk along the federal government supply chain

Even the most sophisticated federal agencies have found it difficult to effectively measure and evaluate the cyber risk of their contractor base.

The U.S. federal government relies on an ever-expanding supply chain of tens of thousands of contractors and subcontractors to provide critical services, hold and maintain sensitive data, and perform key functions. While this supply chain is essential to agencies’ fundamental operations, it also increases the number of access point nefarious actors have to their systems and data and, consequently, puts agencies and sensitive data at greater risk.

Even the most sophisticated federal agencies have found it difficult to effectively measure and evaluate the cyber risk of their contractor base. For example, the Navy recently released a report that highlighted growing concerns around supply chain cybersecurity, noting that the federal supply chain has been “compromised in ways and to an extent yet to be fully understood.” In a July 2019 report on the security of its contractors, the Defense Department Inspector General was blunt: The department “does not know the amount of DoD information managed by contractors and cannot determine whether contractors are protecting unclassified DoD information from unauthorized disclosure.”

In fact, data suggests that contractors are not meeting agency expectations for security. Recent BitSight research found that the average security performance rating across all federal agencies was at least 15 points higher than the mean security performance rating of any contractor sector. In other words, there is a significant security performance gap between federal agencies and their supply chain partners.

The time has come for agencies to prioritize this critical risk in their cybersecurity programs. There are steps agencies can take to more effectively measure, monitor and manage this challenge.

Keep reading this article at: https://www.nextgov.com/ideas/2019/08/how-manage-risk-along-federal-government-supply-chain/159401/

By

Lax oversight of VA project caused $17.7M overrun, construction collapse

The Office of Inspector General for the U.S. Department of Veterans Affairs issued a report that found both a contractor and VA hospital officials demonstrated “shoddy planning” and poor oversight of an $8.7 million generator project that is $17.5 million over budget.

The VA in June 2014 hired Florida-based BCI Construction for $8.7 million to install a generator system and accompanying structure to house the unit at the Jack C. Montgomery VA Medical Center in Muskogee, Oklahoma. According to the inspector general, the VA did not submit an excavation plan for approval before beginning work. Subsequently, a hillside and parking lot collapsed, and the damage will cost $17.5 million to fix.

Photos show noticeable deterioration of parking lot before collapse. (photos by VA Medical Center employee)

In addition to supervisory and procedural errors, the inspector general also found that BCI’s worksite to be unsafe. Safety inspections were sporadic, and 49 safety violations were never reported to the government contracting officer, which is a violation of VA policy.

The inspector general recommended requiring contracting officer representatives are qualified and follow VA regulations and mandating that employees follow safety inspection guidelines. The current Muskogee hospital director, hired after the collapse, said the facility has implemented the recommendations.

Keep reading this article at: https://www.constructiondive.com/news/report-lax-oversight-of-va-project-caused-177m-overrun-construction-col/520242/

Read the article in The Oklahoman newspaper on this subject at: http://newsok.com/article/5588662/construction-collapse-at-muskogee-va-hospital-will-cost-17.5-million-to-repair-and-was-the-result-of-poor-planning-federal-report-finds

Read the VA’s full OIG report at: https://www.oversight.gov/sites/default/files/oig-reports/VAOIG-15-04678-114.pdf

By

How Homeland Security spent millions on a nonexistent service: No QASP

The Homeland Security Department did such a poor job of monitoring a contractor’s implementation of new performance management software the DHS inspector general found that the “failure literally meets [the Government Accountability Office]’s textbook definition of ‘waste.’”

The Performance and Learning Management System, intended to manage employee training and performance and for which the Human Capital Office spent $24.7 million since 2013, still doesn’t meet the department’s needs, Inspector General John Roth wrote in a report released on Wednesday.

Though PALMS was projected to achieve cost savings of more than $52 million over five years, delays in operations resulted in pointless expenses, such as subscription fees totaling $5.7 million for a nonexistent service.

One big problem, according to the IG: “Despite concerns raised by several internal stakeholders, DHS accepted PALMS as operational in January 2015 without verifying that it worked as it was supposed to.”

Keep reading this article at: http://www.govexec.com/contracting/2017/07/how-homeland-security-spent-millions-nonexistent-service/139276/

By

The reality of risk in third-party contract relationships

Government organizations rely on outside third-parties to provide the goods and services they need to operate effectively.  Contracting with an outside third-party exposes these organizations to significant risks.

Picture these scenarios:

  • A contractor prepared and submitted inflated invoices and false change orders for labor and materials on a project to build a water treatment plant for a State agency resulting in overbilling of $4.8 million.
  • A municipal government contracted with a fire safety company to annually inspect and re-size firefighter safety equipment. However, the company failed to perform this critical function, putting the safety of firefighters in jeopardy.
  • A freight merchant submitted false fuel and weight claims to the U.S. Government totaling $13 million for oversized air shipments when the standard load was actually delivered via ground transport.

Scenarios like these are just a few of the many risks affecting organizations that work with third-party vendors. As Government organizations continue to rely on outside suppliers or service providers, their exposure to risk and fraud increases.

You might be asking, “What measures could these organizations have taken to prevent and detect these scenarios?”

Keep reading this article at: http://www.mondaq.com/article.asp?articleid=596650

By

Union urges Congress to make Pentagon quantify services contracting

The American Federation of Government Employees is asking Congress to step in and require the Defense Department to “improve the oversight and management for the vast sums it spends so carelessly on contracted services,” its president said in a late-April letter to congressional chairmen.

“Anything less is handing a blank check to the Pentagon to waste [money] on contracted services,” wrote national president J. David Cox in a letter urging that Congress require implementation of Government Accountability Office (GAO) recommendations that would establish more detailed long-term projections in spending on such services as information technology, research and development, and facilities maintenance.

“This action is needed to ensure that funds are properly allocated to the readiness and recapitalization priorities of the Department of Defense and not diverted to headquarters contracts,” Cox said.

Keep reading this article at: http://www.govexec.com/contracting/2017/05/union-urges-congress-make-pentagon-quantify-services-contracting/137594/

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter