Publicly Released: February 17, 2021
The objective of this audit was to determine whether DoD Components, in accordance with Public Law 116-136, “Coronavirus Aid, Relief, and Economic Security Act” (CARES Act) and other Federal and DoD requirements:
- procured information technology products and services to support operations in response to the coronavirus disease–2019 (COVID-19) pandemic;
- paid fair and reasonable prices for those products and services;
- assessed whether known cybersecurity risks existed and developed risk mitigation strategies for the risks before procuring or using the information technology products; and
- accurately reported the required COVID-19-related codes to USAspending.gov.
COVID-19 is an infectious disease caused by a newly discovered coronavirus. On January 31, 2020, the Secretary of Health and Human Services declared a public health emergency due to confirmed cases of COVID-19 in the United States. On March 11, 2020, the World Health Organization declared the COVID-19 outbreak a pandemic, and on March 13, 2020, the President declared the COVID-19 pandemic a national emergency as COVID-19 continued to spread across the country. On March 15, 2020, to protect the health and safety of the workforce, the Acting Director of the Office of Management and Budget issued a memorandum asking all Federal Executive Branch departments and agencies to offer maximum telework flexibilities to all eligible personnel. Two days later, on March 17, 2020, the Office of Management and Budget issued a memorandum directing agencies to begin implementing policies and procedures to safeguard the health and safety of Federal workplaces, including maximizing telework across the Nation for the Federal workforce, while ensuring that Government operations continue.
On March 27, 2020, the President signed the CARES Act, appropriating $2.2 trillion in additional funding for Federal agencies to prevent, prepare for, and respond to COVID-19, including $10.5 billion to the DoD. The CARES Act requires each Federal agency to develop a plan describing how it will spend CARES Act funds and to submit the plan to the Council of the Inspectors General on Integrity and Efficiency, Pandemic Response Accountability Committee. On May 29, 2020, the DoD submitted its CARES Act Spend Plan to the Committee, detailing how the $10.5 billion in CARES Act funds would be spent. The spend plan identified $323.6 million to procure information technology products and services to enhance the DoD’s network capabilities, enforce social distancing, and support continuing operations within the maximum telework environment.
The Army, Navy, Air Force, Defense Health Agency, and Defense Information Systems Agency procured information technology products and services in accordance with the CARES Act and other Federal and DoD requirements. Specifically, for 28 of 367 nonstatistically sampled contract actions reviewed, the DoD Components:
- procured information technology products and services to support operations in response to the COVID-19 pandemic and provided contract documentation that supported that the contracts were issued to support the DoD’s response to the pandemic;
- paid fair and reasonable prices for products and services procured because their contracting officials completed and documented one or more Federal Acquisition Regulation-compliant price analysis techniques in their fair and reasonable price determinations;
- assessed whether known cybersecurity risks existed by running vulnerability scans before procuring or using the information technology products and developing corrective action plans for the vulnerabilities that could not be immediately mitigated; and
- accurately reported the COVID-19-related codes to USAspending.gov in accordance with Federal requirements. Army, Navy, Air Force, Defense Health Agency, and Defense Information Systems Agency contracting officials accurately reported the National Interest Action Code in the DoD FY 2020 second and third quarter Digital Accountability and Transparency Act submissions.
As a result of the DoD’s compliance with the CARES Act and other Federal and DoD requirements, DoD stakeholders have assurance that the Army, Navy, Air Force, Defense Health Agency, and Defense Information Systems Agency procured $81.5 million in information technology products and services in response to the COVID-19 pandemic at reasonable prices and at a reduced risk of cybersecurity vulnerabilities. Continued DoD efforts to comply with the CARES Act and other Federal and DoD requirements will reduce the risk of waste, fraud, and abuse associated with the procurement of information technology products and services and ensure that the American public has visibility of DoD spending on contract actions associated with the response to COVID-19. Furthermore, continued DoD efforts to identify and mitigate cybersecurity vulnerabilities before procuring or using the information technology products and services, will reduce the risk of introducing vulnerabilities into DoD systems and networks that could potentially jeopardize the DoD’s missions, information, and assets.
This report is the result of Proj. No. D2020-D000CS-0129.000