Effective Contract Monitoring Assurance After the Procurement

1
Effective Contract Monitoring Assurance After
the Procurement

• Russell W. Hinton
• State Auditor
• State of Georgia
• June 27, 2007

2
Privatization, Outsourcing and Contracting Out

• State agencies contract out services for a
  variety of reasons, including
• Reducing costs
• Improving service quality
• Insufficient in-house staff
• Insufficient expertise and
• The demand for the service may fluctuate (e.g.,
  tax return processing), making the flexibility
  provided by the use of vendors preferable for the
  agency.

3
An Identified Need for Guidance

• The Governors Commission on Effectiveness and
  Economy in Government noted that a lack of public
  sector expertise was one cause of inadequately
  monitoring. The report stated that many agencies
  do not have employees with the expertise to write
  a contract which effectively describes what they
  expect the contractor to do (and not to do), and,
  more importantly, do not have the personnel and
  procedures in place to assure that the contractor
  is faithful to the agencys expectations.

4
An Identified Need for Guidance

• Two key issues we observed were
• first, once an agency contracts out for services
  their sense of responsibility for the service is
  decreased
• second, program personnel who in the past have
  been responsible for delivering the service are
  now responsible for monitoring a contract for the
  service without adequate training.

5
Inadequate Monitoring

• Inadequate monitoring is often the result of the
  following
• Poorly established criteria for evaluating
  vendor performance
• Perception of oversight as a responsibility to
  develop a partnership rather than enforce rules,
  regulations, or contract provisions
• Perception of oversight/monitoring as hindrance
  to efficient processes
• Focus on rules and regulations rather than
  outcomes
• Failure to conduct follow-up reviews to ensure
  that corrective action was taken and,
• Failure to identify the risk and level of
  review necessary for each vendor.

6
Effective Contract Monitoring

• Communicating Clear Expectations to Vendors
• Creating a detailed Statement of Work (a.k.a.
  Scope of Services) and having performance
  measures in the contract contribute to the
  vendors understanding of what is required and
  essential under the contract.
• By clearly stating contract requirements and
  performance goals, the agency reduces the
  potential for poor performance.

7
Effective Contract Monitoring

• Regular Programmatic Reports from Vendor
• The contract should require the vendor to provide
  specific programmatic information on a scheduled
  basis to determine if the performance measures
  are being met.
• Programmatic reports should require information
  related to the performance measures (outputs and
  outcomes) in the contract.
• Payments Linked to Satisfactory Performance
• For contracts that involve monthly or quarterly
  payments, agencies should require a vendor to
  submit programmatic reports in advance of or
  concurrent with its invoices.
• The programmatic reports should be directly
  related to the terms of the contract.

8
Effective Contract Monitoring

• Use of Incentives and Consequences for Poor
  Performance
• Performance reinforcements, such as incentives
  and consequences for poor performance, are
  helpful in obtaining optimal performance from the
  vendor.
• Financial incentives can be one of the most
  effective methods of inducing a vendor to perform
  a desired service, while consequences for poor
  performance written into a contract provide
  agencies with the ability to take action against
  a vendor that fails to comply with contract
  terms.

9
Effective Contract Maintenance

• Access to Records/Right to Audit Clauses
• Agencies have a responsibility to verify the
  information that the vendor reports to them and
  to ensure that funds are expended properly.
• The contract must include an agreement that the
  agency has access to and can audit those records.
• Post-Contract Review
• At the end of a contract period, agencies should
  evaluate the vendors performance and their own
  method of monitoring the vendor.
• Agencies should consider conducting a
  programmatic review and a financial audit.

10
Ineffective Controls Foster Fraud

• Financial audit of Department of Education (DOE)
  included a review of the internal accounting
  controls utilized in maintaining their system of
  awarding contracts.
• The State Board of Education (State Board), as
  the governing board for the Department of
  Education (DOE), had the responsibility to
  execute or to direct the execution of contracts
  for the DOE. In addition, the State School
  Superintendent (Superintendent) had the statutory
  authority to enter into contracts incidental to
  the day-to-day operations of the GDOE in the
  amount of 50,000.00 or less without prior Board
  approval.

11
Ineffective Controls Foster Fraud

• DOE engaged in the practice of authorizing
  contractors to begin services prior to the
  contract being fully executed by the State Board
  of Education or the State School Superintendent,
  rendering the approval and monitoring process
  ineffective.
• Split transactions were noted, in an apparent
  attempt to circumvent SBEs authority for
  contract approval.

12
Fraud Risk Factors Raised Auditor Concerns

• Superintendent in gubernatorial primary race.
  Fund raising pressures.
• Management dominated by a small group of
  individuals at odds with governing board.
• Management disregarded need for monitoring,
  failed to correct known deficiencies in internal
  control and attempted to circumvent existing
  controls.
• Inadequate system of authorization and approval
  of transactions.
• Impeded auditor access to key employees.
• Domineering management behavior toward the
  auditor, attempts to influence scope of auditors
  work.

13
Questions, Questions

• To test the GDOE contracting process, we selected
  a sample of 215 contracts in the amount of
  6,513,315.04 out of a total population of
  29,164,051.10. Our examination of these items
  revealed 43 contracts whose execution date was
  after the date when services were to begin, and
  in certain instances, after the completion date
  of the services.
• Through interviews with GDOE personnel we
  determined that twelve hand-drawn checks were
  issued on July 24, 2002, on the instructions of
  the State School Superintendent (Superintendent)
  and prior to the initiation of GDOEs contract
  approval process and prior to any goods or
  services being delivered.
• Further investigation indicated that all
  hand-drawn checks were just under 50,000 board
  approval threshold, and several payments were
  splits of similar transactions.

14
Doing Business

• CCS, Inc. 50,000 Technology needs assessment.
• CCS, Inc. 32,493 650 PR Software Licenses
• CCS, Inc. 49,900 500 PR Software Licenses
• CCS, Inc. 48,850 320 PR Software Licenses
• CCS, Inc. 48,850 320 PR Software Licenses
• Majestic LLC 49,900 Web Cast Courses
• Maverix Inc. 47,500 Server ASFD
• Maverix Inc. 47,500 Server GSFD
• ProActive 45,000 180 MP Software Licenses
  ASFD
• ProActive 45,000 180 MP Software Licenses GSFD
• UNetworks 49,598 Software Management GHD
• UNetworks 49,598 Software Management ASFD
• UNetworks 49,598 Software Management GSFD
• Hand-Drawn Checks
• All companies utilized same business address.
• Four companies were incorporated within two
  business days of issuance of checks.

15
Ready, Fire, Aim !!

• Payment was made by a hand-drawn check to the
  (CCS, Inc.) for a Governors Honors Program (GHP)
  information technology needs assessment.
• The contract provided by the Department stated
  The needs assessment will identify needed areas
  of improvement in the technology functions of the
  Governors Honor Program, and will include
  prioritization of needed areas of improvement and
  recommendations made as to the technology
  function-specific assessment(s).
• On the same day another hand-drawn check was
  issued to the same vendor for 650 PR software
  licenses for the GHP. We were unable to
  ascertain why the software was purchased prior to
  the needs assessment being completed.
• Three needs assessment contract extensions were
  issued by GDOE, the final of which was granted
  through December 31, 2002. The needs assessment
  report was delivered in late December. In the
  interim, an additional 1140 PR software licenses
  were purchased. Of 1790 software licenses
  purchased, could only document 50 instances of
  use.

16
The Dog Ate My Homework!

• On August 21, 2002 and again on August 23, 2002,
  we verbally requested documentation (contract,
  vendor invoice and receiving report) to
  substantiate the issuance of these checks. When
  GDOE failed to respond to these requests, we
  formally requested the documentation on August
  26, 2002, and were informed that the
  documentation was not available. Documentation,
  in the form of contracts and vendor invoices, was
  provided on September 10, 2002, with two of the
  contracts signed and dated June 24, 2002, and the
  remainder signed and dated July 24, 2002.
  However, documentation to support receipt of the
  goods and services was not provided as requested.
  Subsequent interviews with GDOE personnel
  confirmed that the contracts were not in
  existence on those dates.

17
Wheres My Stuff?

• The contracts were approved only by the
  Superintendent and did not proceed through the
  GDOE normal contract approval process.
• Interviews with GDOE personnel responsible for
  the programs for which the purchases were made
  revealed that they were not aware of the
  contracts and had not been consulted concerning
  their technology resource needs prior to the
  contracts being signed. It was also revealed that
  GDOE program personnel had not received the goods
  and services nor had they been contacted about
  future delivery of the goods and services.

18
I Did It.

• Superintendent and certain management staff took
  advantage of inadequate contract approval and
  monitoring function to funnel money to
  gubernatorial campaign (and for a facelift).
• First segment in the scheme...individuals
  requested to participate in focus groups upon
  agreement that a portion of their expense
  reimbursement be returned to the campaign in the
  form a campaign contribution.
• Superintendent pleaded guilty and began an eight
  year sentence in September 2006.

19
Ineffective Controls Foster Fraud Yet Again

• Purchase Card (PCard)
• After twenty years of use by federal and state
  agencies, purchase cards are viewed as tools of
  potential abuse by some, as tools for large scale
  efficiencies by others.
• Highly publicized cases have created an aura of
  abuse surrounding use of the card, when mere
  attention to internal controls would have averted
  this perception.

20
Key Breakdowns

• Many specific controls applicable to purchasing
  cards are available to the user community, yet
  our recent audit of this process identified two
  key controls which were either circumvented or
  rendered ineffective
• Restriction of Purchase by Merchant Category Code
  (MCC), and
• Approval of Purchase Details by Supervisory
  Personnel

21
Merchant Category Code (MCC)

• Four-digit number used to denote various types of
  businesses (e.g. 5111 office supplies, 7299 dog
  grooming services).
• Each purchasing card can have specific MCC codes
  turned off so that a user cannot use their
  purchasing card at certain types of merchants.
• For example, in Georgia MCC codes for merchants
  such as cruise lines, manual cash disbursement,
  dating/escort services, massage parlors, and
  money orders are turned off so employees cannot
  purchase items from these merchants.

22
Where theres a will, there's a way

• Individuals circumvented the MCC control by
  purchasing gift cards and then using the gift
  cards for a wide variety of personal items. The
  PCard transaction was in effect, converted to
  cash.
• Individuals would go to an authorized merchant
  such as Wal-Mart, a UPS store, or a drug store
  such as CVS and purchase American Express, VISA,
  or store specific (such as Wal-Mart) gift cards.

23
Transactions Lost Identity

• Individuals then used the gift cards to make
  payments on their car loans, utility bills, and
  paid for a Honolulu hotel reservation for a
  personal vacation.
• An individual purchased 4 500 VISA gift cards
  and the same day used the gift cards to pay 2000
  on her car loan.
• Cards were also used to pay for nail salons,
  clothing, gasoline, beauty supplies, and meals at
  restaurants. Store specific gift cards were used
  for personal groceries and items such as
  PlayStations and ipods.

24
Approval of Purchase Details by Supervisory
Personnel

• An approving official should review the detailed
  receipts of the purchasing card transactions to
  ensure that the transaction has a legitimate
  business purpose.
• Individuals circumvented the approving officials
  review because the approving officials, either
  through lack of diligence or collusion, allowed
  them to do so.

25
Failure of Review

• Individuals failed to submit receipts without
  consequence or submitted non-detailed receipts
  without being questioned.
• Accepted transactions included
• Receipt for the 27 AMEX gift cards was a receipt
  from a UPS store for 2800 (100 was the
  processing fee). There was no detail to show what
  was actually purchased.
• Receipts from Wal-Mart for 423 with no detail.
  Detailed receipt the purchase includeds 3 100
  Wal-Mart gift cards.

26
Failure of Review

• Noted purchases to legitimate merchants, but for
  non-business related items
• Amazon non-detailed receipt for 1340, upon
  receipt of detail from Amazon, discovered that
  the State had purchased a diamond tennis
  bracelet.
• Payments to several insurance companies appeared
  legitimate, as grant could be used to pay for
  student medical insurance. Detailed receipts
  identified multiple payments to Progressive
  Insurance for automobile insurance. The State was
  insuring the administrators sons 1999 Ford
  Mustang.

27
Questions???