By law and regulation, the Veterans Affairs department is supposed to check out the employees used by its contractors. A recent look-see by VA's Office of Inspector...
By law and regulation, the Veterans Affairs department is supposed to check out the employees used by its contractors. A recent look-see by VA’s Office of Inspector General found pretty serious non-compliance. For details and why this is so risky, the Federal Drive Host Tom Temin talked with Jeffrey Brown, VA’s deputy assistant IG for audits and evaluations.
Interview Transcript:
Tom Temin And you looked at 50 contracts that involve supplying people. Tell us the nature of these contracts, the types of services that were being supplied. And then we’ll get into the details of what you found.
Jeffrey Brown The type of contracts that we selected were obviously service contracts, because that would involve the most amount of individuals and personnel that would need background and security checks. And they ranged everything from, health care, exams, unarmed security guards, child care, medical disability exams and janitorial work, anything that would require access to a VA facility.
Tom Temin Right. So that means it included people who actually touch veterans.
Jeffrey Brown That’s correct. Yes.
Tom Temin And you found that 47 out of 50 contract files did not, and I’m reading and you can explain what this means, did not include position designation records that established the position investigative requirements for the contract. Translate that for us.
Jeffrey Brown Sure. The position designation is is key for the kind of the first step in vetting the people that would work for the contractors that support the VA, largely because we don’t want to waste on unnecessary resources in delving into people’s background unnecessarily. So depending on the level of involvement, the level of access to facilities and information, will dictate how much background investigation is required into each individual. So, an individual with computer access, computer technician, they could possibly steal or violate information security policies would need a certain level of background check. Someone that deals directly with veterans or employees of the VA would need a certain level of background check. And then someone with more limited access, maybe a janitorial service or something like that, would need less of a background check. But they all need some form of vetting. And, that begins with a position designation to establish that security risk.
Tom Temin And these lacked that designation. Did that mean these contracts also lacked the background checks themselves?
Jeffrey Brown In many cases, yes. They did lack the background checks as well. We started off with the position designation because before you can do anything, you have to determine what level of background check is needed for these individuals. And without that, that’s kind of getting off on the wrong foot with the first step.
Tom Temin Right. So I imagine the different individual contracts had different designations. That is, if you’re buying a custodial contract to clean up labs and operating rooms and hallways, that’s probably going to be a different company than is supplying physicians to examine veterans.
Jeffrey Brown Yeah. In the different company, or at least a different level of background check for that individual. Some of these contracts can have several types of individuals, from security guards to janitorial services, as we said, under one contract. But that’s why each position, each body that we’re contracting for has a different position designation to establish that security background check needed.
Tom Temin Right. And then the majority of these cases, you also found that VA did not include the, again I’ll read it, did not include contract language to communicate contractor vetting requirements to the contractor.
Jeffrey Brown That’s correct. When it wasn’t included in the contract. And the company is unaware that this is even needed. It can be fairly certain that it’s not being accomplished the way it should be.
Tom Temin And then ultimately, 215 of 286 contractor employees that you looked at under these contracts, 75% of them had no evidence that they had fingerprint checks. A whole bunch did not have any kind of background investigative work done at all.
Jeffrey Brown That’s correct. It was a large percentage, 75%, as you mentioned. Didn’t have any kind of background check or any documentation of it being done. As auditors we can only say what we find. So it’s hard when you’re looking at 2020 contracts in 2023 to say, no, this wasn’t done. But it’s kind of the record isn’t there, then we can safely assume that it probably wasn’t done. We have to catch it that way, that the documentation wasn’t there because someone could always bring out a, we did have these records. We just mislocated them or something like that.
Tom Temin Yes. If you looked at 50 contracts, the VA has tens of thousands of contracts, but if the bulk of those 50 lacked all of these requirements and weren’t carried out, it’s probably safe. You’re assuming this is a projectable finding across VA writ large.
Jeffrey Brown That’s correct. We think it’s systematic. We looked at as a judge mental sample, so in audit language, a statistical sample is something we’d project across the whole universe of contracts. Our teams tend to be about a four person team is reviewing this. So we have to select a sample that’s big enough that they can accomplish in a timely manner and get the information needed out, but is large enough to capture the view of the whole. So we thought 50 was a good example. And that was across different contracting organizations in the VA. And as we said, different types of contracts or different types of services.
Tom Temin We were speaking with Jeff Brown. He’s deputy assistant inspector general for audits and evaluations at the Veterans Affairs Department. And what raised this issue to the VA, OIG did someone blow the whistle or did someone say, hey, you better look at this.
Jeffrey Brown Well, we’ve actually done a lot of work in this area, another group within our organization has looked into the government side for vetting and granting badges in security cards to government direct government workers. And being in the contracting realm, we looked at the the physical security of contractor IDs prior to this report, in what is termed a PIV card or personal identification verification card. During that review, we found that the background checks in to obtaining those cards were often the documentation wasn’t there, and we started asking the questions. We begin any review, we have the IG hotline, it gets hundreds of thousands of complaints each month. And so we come through that database of hotlines to see if any allegations have been made that support or raise more concern about the area. And as you see, for example, in the report of the Saint Cloud, Minnesota, hospital issue, we did find hotlines that directly related to this. So we investigated those as well as we’re conducting the audit.
Tom Temin Would it be accurate to say this is kind of a hot button? This is something urgent for VA to get after?
Jeffrey Brown Yeah, I believe so. The VA has a has a huge mission and they have a lot on their plate. And so determining the priority of this one issue is probably somewhat above my pay grade. But yes, it is a hot button issue because, I mean, we really want to make sure that our veterans and our workers are safe when they’re doing their job. No one can kind of focus on what they have to do and providing the best care to our veterans. If they have to worry about the support staff they have working with them.
Tom Temin And let’s talk about some of the top line recommendations you made.
Jeffrey Brown We felt that a lot of the issues that generated these problems were a lack of clear guidance. There’s external government wide, regulations from the Office of Personnel Management and other federal entities that apply to any contract or position with the federal government, including VA. And then to build on that, VA has several policies that are meant to implement those regulations. And when you read through them, it isn’t very hard to understand why some of these mistakes might have been made. It’s conflicting, it’s outdated. I think the most recent policy update was in the 2010 timeframe. So you can imagine just how different the world has been in the last 13 years and how security requirements may have changed, including accessing social media of individuals that may be applying for positions, etc.. And so we just felt that hinged a lot on that conflicting guidance in determining responsibility. So that was probably our most key recommendation was to streamline those policies, firmly designate what entities are responsible for what, and make sure that these contractors are being vetted properly.
Tom Temin And do the VA, I guess it’s mostly VHA officials that you dealt with, agree with the findings and the recommendations, generally?
Jeffrey Brown We made six recommendations, they agreed with all six. The only deliberation between us in the agency was how conflicting or again, who was responsible for editing these policies or ultimately doing the contractor background checks. But we were able to hash that out during the recommendation and comment period. And two of the recommendations currently have already been closed for us to open, but they have corrective action plans in place to try to mitigate those recommendations. And we’ll continue to monitor those and close those when appropriate action has been taken.
Tom Temin Jeff Brown is deputy assistant inspector general for audits and evaluations at the Veterans Affairs Department. Thanks so much for joining me.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Tom Temin is host of the Federal Drive and has been providing insight on federal technology and management issues for more than 30 years.
Follow @tteminWFED