We determined whether the Defense Information Systems Agency (DISA) implemented adequate controls over communication service authorizations (CSAs). We reviewed 29 CSAs with a value of at least $212.2 million.
The DISA is responsible for purchasing telecommunication services for the DoD. The Defense Information Technology Contracting Organization (DITCO), a component of DISA, provides the contracting support to acquire telecommunications services. These services are obtained under CSAs, which are contracts used solely for the acquisition of telecommunication services. Payments to vendors for those services are funded by the Defense Working Capital Fund.
Customers reimburse the Defense Working Capital Fund for services obtained under CSAs and DISA charges external customers a surcharge to recover overhead costs.
DITCO contracting personnel did not have adequate controls to effectively oversee 29 CSAs with a value of at least $212.2 million. Specifically, DITCO contracting personnel:
- did not properly re-award 11 expired CSAs;
- did not discontinue, in a timely manner, 3 expired CSAs that were no longer needed by the customer;
- could not determine whether there was still a valid need for 13 expired CSAs;
- improperly extended the performance period of 1 expired CSA; and
- did not discontinue 2 expired CSAs when the services were transferred to another contract.
For 16 CSAs, DITCO contracting personnel did not maintain adequate contract files. In addition, for 19 CSAs, DISA’s charges to the customer exceeded disbursements to the vendor and DITCO personnel did not return excess funds to the customers or remedy vendor underpayments in a timely manner.
These problems occurred because DITCO contracting personnel did not follow Federal and DoD regulations and internal guidance for awarding and administering contracts. Additionally, DITCO contracting personnel focused on awarding new service contracts and not managing and overseeing existing CSAs.
By allowing expired CSAs to continue after the performance period ended, DITCO contracting personnel did not ensure that a valid need still existed for the services provided by the CSA or that the DoD received the best value through competition. For example, the DoD continued to pay for services on one expired CSA for nearly five years after the military base closed. CSA customers were also left vulnerable to cost fluctuation, substantial price increases, and possible loss of services because a valid contract no longer existed. Consequently, the DoD made at least $80.9 million in improper payments on expired CSAs, and $3.3 million could have better supported the warfighter if funds were returned prior to expiration.
We recommend that the Director, DISA, in coordination with the Director, Procurement Services Directorate, DITCO:
- Complete a comprehensive review of all expired CSAs, including services that may have transferred to another contract, to determine whether they should be discontinued or re-awarded and take appropriate action.
- Complete a comprehensive review of all soon-to-expire CSAs to determine whether they should be discontinued or re-awarded and take appropriate action.
- Develop and maintain a system to enable both Defense Information Systems Agency personnel and customers to track the status of CSAs.
- Develop standard operating procedures to ensure consistent oversight of communication services authorizations in accordance with Federal and DoD regulations.
- Determine whether payments on expired CSAs were improper. Report the results and initiate recovery actions, when appropriate, in accordance with the Improper Payments Elimination and Recovery Improvement Act.
We recommend that the Director, Procurement Services Directorate, DITCO:
- Institute procedures for all contracting personnel to monitor CSAs for instances when the amount paid by the customer consistently exceeds charges billed by the vendor and perform account reconciliation efforts in accordance with the “Desktop Procedures for the PL82 AP Validation Database.”
- Revise “Desktop Procedures for the PL82 AP Validation Database” to require returning valid excess funds back to the customer and correcting vendor underpayments in a timely manner.
We recommend that the Acting DoD Chief Information Officer, in coordination with the Director, DISA, develop a long term strategy to address active, expiring, and expired CSAs, along with communication improvements between customers and contracting officers.
Management Comments and Our Response
The Vice Director, DISA, responding on behalf of the Director, DISA, agreed with our recommendations to review expired and soon-to-expire CSAs, implement system improvements, improve standard procedures, and determine whether payments on expired CSAs should be recovered. The Vice Director stated that DISA was aggressively working a comprehensive list of expired and soon-to-expire CSAs and had reduced the number of expired CSAs from 10,000 in 2012 to 986 as of July 2017.
The Vice Director stated that a new CSA management module will emphasize that contracting officers must discontinue services if they have not received a customer re-award request or justification. The Vice Director also stated that the module will enhance customer notifications, will provide customers with an expiration and suspense date for completing a review and revalidation of the requirements, and will be more convenient for its customers.
The Vice Director further stated that the CSA management module will be fielded in the second quarter of FY 2018 and that DISA will coordinate with the Office of General Counsel on recovering any identified improper payments. Therefore, Recommendations 1.a, 1.b, 1.c.1-4, 1.d.1-4, and 1.e are resolved but will remain open until we verify that the comprehensive review has been completed, the number of expired CSAs has been reduced, and that the module is operational and the improper payment review has been completed.
The Director, Procurement Services Directorate, DITCO, agreed with our recommendations to improve procedures for its contracting personnel. The Director stated the revised procedures and new weekly billing reconciliation will identify excess funds and provide guidance on reviewing the accuracy of contract obligation amounts. Therefore, Recommendations 2.a and 2.b are resolved but remain open. We will close Recommendations 2.a and 2.b once we verify the procedures have been revised.
The Acting Principal Deputy, responding on behalf of the DoD Chief Information Officer (CIO), agreed and stated that the DoD CIO will continue coordinating with DISA and DITCO on validating CSAs and providing guidance to its customers. The Acting Principal Deputy stated that the DoD Chief Information Officer will partner with the Chairman, Joint Chiefs of Staff, and DoD Components to reinforce policy requiring customers to inform DISA of actions on reviewing, revalidating, and terminating services. Therefore, Recommendation 3 is resolved but will remain open until we verify the coordination efforts have occurred.
This report is a result of Project No. D2016-D000CL-0197.000.