http://www.sanluisobispo.com/mld/sanluisobispo/news/nation/16982592.htm By Chris Adams McClatchy Newspapers March 27, 2007 WASHINGTON - The Department of Veterans Affairs backdated a key document and violated other rules as it pushed through a $100 million computer security contract that resulted in inflated prices and duplicate payments, according to a previously undisclosed report. In the end, the contract turned into "an open checkbook" for various VA expenses, and the agency today can't detail the whereabouts of some $35 million in equipment purchased under the contract, the report by the VA's inspector general said. Indeed, the agency blew through the contract's funds so quickly that the VA was temporarily left without proper defenses against computer hackers and was forced into a higher "CYBERCON" alert level. As it responds to concerns about the treatment of veterans served by its health care and disability programs, the VA's internal auditor has said in recent months that the agency has another significant problem: the way it contracts for millions of dollars in supplies and personnel. With a budget of more than $70 billion and more than 235,000 employees, the VA is one of the largest departments in the federal government. But the VA inspector general has repeatedly found that the agency doesn't follow proper contracting procedures, resulting in "significant dollar losses and failed projects," in the words of the most recent report. Although it disputed some of the inspector general's legal interpretations, for the most part the VA accepted the investigator's findings and promised to make fixes. In response to questions about this report and others, a VA spokesman said that the agency was having trouble keeping good workers and that annual turnover in its central acquisition office has been more than 60 percent. "VA is committed to being a good fiscal steward of taxpayer dollars," said spokesman Matt Burns, who added that the department is "working aggressively to strengthen its acquisition function and correct issues identified by the IG." The agency has taken several steps to help prevent future problems, he said. An official for SecureInfo Corp., the company that received the contract, disagreed with the inspector general's conclusions. Stewart Curley, the chief financial officer, said the VA "at no time during the review raised any concerns to us regarding" his company's activities. He said the company would detail its objections to the inspector general in writing. The Feb. 26 inspector general's report detailed a series of decisions between 2002 and 2005 to purchase computer services for what was called the "central incident response capability" contract. It's designed to help the VA fend off computer hackers. In 2002 testimony before a congressional subcommittee, a top VA official said the agency had conducted a rigorous several-month effort to award the contract to a collective bid from several companies joined together under the name VAST, for Veterans Affairs Security Team. The lead company was SecureInfo, which has offices in Virginia and Texas and supplies several government agencies with computer security expertise. The contract was valued at $103 million. But the inspector general found several problems in the VA's decisions, resulting in "uncontrolled spending, overpayments and illegal contracting actions." Among them: - Although the contract was awarded in July 2002 as a small business set-aside, the inspector general said VAST didn't meet the requirements of a small business. VAST brought together several small and large businesses and had been incorporated in Texas seven days before the contract was awarded. At one time in the contracting process, VAST boasted that it had "180,000 technical professionals" at its disposal, calling into question its status as a small business. - Even though the VA's in-house lawyer recommended they do so, two VA contracting officials chose not to tell the VA's inspector general that they heard an allegation that somebody was trying to manipulate the contracting process. The allegation didn't involve VAST, said Maureen Regan, who handled the report for the inspector general's office. But not referring the allegation to the inspector general for proper investigation was "inappropriate," the report said. - In October 2002, the VA made a key modification to the contract, changing a portion of it from fixed terms to more open-ended terms. It made that change retroactive to August 2002. That decision helped turn the contract into "an open checkbook for" computer-related expenditures, many of which weren't related to the original contract. Those new expenditures "were essentially awarded non-competitively and with little or no assurance of price reasonableness." Other expenses may have been double-billed - meaning the VA paid VAST twice for at least some of the same services, the report said. But because VAST had been formed just to get the VA contract and "was nothing more than an empty shell," it could be difficult for the VA to recoup $8.5 million in potential overpayments. In addition to labor costs, the VA spent more than $35 million for equipment and supplies under the contract. But the VA doesn't know what equipment it has or where it might be located, the report says. The contract was expected to last up to 10 years. But the VA spent $92 million within three years and had to let the contract expire when its funds ran out. The VA's in-house lawyer disputed some of the report's legal findings and also rejected the contention that the office hadn't adequately examined the contract. But the inspector general said the lawyer's office didn't document why the VA modified the contract in 2002. The lawyer responded that "thorough review and analysis are not always reduced to writing," according to the report. The inspector general concluded that the VA's unwillingness to accept some of the report's findings "will most likely result in a continuation of contract failures such as this." _________________________________________ Visit the InfoSec News Security Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Mar 28 2007 - 00:16:47 PST