By law and regulation, certain products are barred from purchase by federal agencies, like telecommunications products made in China. Yet the General Services Administration’s Office of Inspector General has found that somehow prohibited products have made their way onto the Multiple Awards Schedule contracts. For more, Federal Drive with Tom Temin spoke with Deputy Assistant IG for Acquisition Program Audits, Barbara Bouldin and with the Regional IG for Auditing, Michelle Westrup.
Tom Temin What prompted this audit? You must have had some clue that some of these products were somehow getting on to the schedules. Ms. Bouldin.
Barbara Bouldin Tom, this audit was included in our fiscal year 2021 audit plan. We certainly were aware of the supply chain risk management challenge to GSA. We identified that in our fiscal year 21 and 22 management challenges report to GSA. And so this audit sort of follows our typical annual plan in which we plan for on its that our highest priorities. And that’s sort of where the genesis of this audit.
Tom Temin Yeah, this relates to that whole supply chain question in general, doesn’t it.
Barbara Bouldin Yes, it does.
Tom Temin All right. And Ms. Westrup, just give us a sense of what some of the products are. Refresh our memory on what you can’t have in federal acquisition.
Michelle Westrup Sure, Absolutely. So in response to the federal supply chain risk that Barbara referred to, Congress passed the 2018 National Defense Authorization Act NDAA, and the 2019 NDAA as well. In those laws, those laws prohibit the Federal government’s procurement of certain telecommunication items from named entities, some that you alluded to in your intro as well. So in the 2017 NDAA, it prohibited the Federal Government’s procurement of hardware, software and services by Kaspersky. And then in 2018, that’s when it added on those Chinese companies that you mentioned.
Tom Temin So this is the Huawei ZTE crowd.
Michelle Westrup Correct. Yes.
Tom Temin And in this audit then, were you looking at whether directly those products were somehow on some of the schedule contracts, and there’s hundreds and hundreds of them. Or were you looking at GSA, federal acquisition services processes for ensuring that those things don’t get on to the schedules?
Michelle Westrup Actually, both. Our objective was to look at the FAS’ internal processes for identifying those items and then removing them off of schedule contracts. However, in doing that, we also wanted to do some field work and audit work as well. So we got in there and judgmental a sample of some contracts ourselves for prohibited items, and that’s where we had our findings.
Tom Temin And the people that were carrying these products, they had legitimate MAS contracts probably of long term standing. Were they resellers or manufacturers or service providers? Who’s got these things for sale?
Michelle Westrup Yes, By and large, what we found in our audit, they were resellers, which obviously resellers are out there on contract offering hundreds of products, sometimes from many different manufacturers. So, yes in our audit, that’s what we found.
Tom Temin And it’s safe to say that over the years, the process for modifying contracts, changing prices, adding subtracting specific products, GSA has deliberately made that much more frictionless in recent, really for a couple of decades now, they’ve been working on making things cheaper, faster, easier for both the government and for the contractors.
Michelle Westrup That’s what GSA has reported. Yes.
Tom Temin OK. And so give us some more specifics of what you actually found. You found like a ZTE router or something on a resellers multiple award schedules contract?
Michelle Westrup So generally we found a few things. So the first thing we found is that there are certain controls that FAS has in place, the Federal Acquisition Service has in place. We found that some of those were insufficient and unreliable, and those specifically that we talked to in the report. The first is contractor self-certification. So when a contractor comes in and wants to put their items on contract, their products, their services, they must self-certify if they provide or use these prohibited telecom items. So we found that was insufficient, because in each of the 23 contracts that FAS itself identified with prohibited telecom items, the contractor had self-certified that it didn’t use these items, but in fact they were found to have those items on contract.
Tom Temin Wow. And there’s a program called Prohibited Products Robomod. That sounds like a vacuum cleaner, but that’s not what it is. Or maybe it is in some sense.
Michelle Westrup Yeah. So that’s the second control that we found to be insufficient. It is a Federal acquisition service process, that flags potentially prohibited telecom items from GSA advantage. And GSA advantages GSA’s online ordering system. So based upon keyword searches, this Robomod process will go through, will scour GSA advantage and then flag potentially prohibited telecom items. And we found some weaknesses with the Robomod process as well. We found that FAS doesn’t ensure that contractors remove those items after the Robomod process identifies them. We found that the Robomod process wasn’t flagging all of the items. Lengthy delays were in place when the Robomod did flag items. Sometimes it still took months to get an item off contract, those types of things.
Tom Temin We’re speaking with Michelle Westrup, regional Inspector General for Auditing. And with Barbara Bouldin, deputy assistant Inspector General for Acquisition Program Audits, both at the General Services Administration. And was there evidence that the products were actually acquired by a federal agency using the MAS, and therefore being delivered to an agency?
Michelle Westrup Yes, FAS did know of a few instances in which that took place, yes.
Tom Temin Because that’s surprising, you would think, given all of the publicity, and to say nothing of the rules and regulations and statutes against this, that somewhere someone along the line would catch it and say, wait a minute, that’s ZTE. I don’t think you should be buying that. It’s almost like if you went into a tobacco shop before they legalized marijuana and they offered you pot. You would say, wait a minute, you can’t sell that to me. Barbara.
Barbara Bouldin In that vein, that fast wasn’t taking the adequate actions against those contractors that repeatedly violated those restrictions. They also didn’t have a process in place to notify the customer agencies about their purchases of those prohibited items. And then their initial compliance with our requirements didn’t include the subsidiaries and affiliates of those entities. So there are controls there, but we found those actions were not fully followed through.
Tom Temin All right. So then you must have a long list of recommendations.
Michelle Westrup We did actually. We had five recommendations in a nutshell, honestly, they were to strengthen and enforce the processes and internal controls that FAS currently has in place. And then establish new internal controls to help ensure compliance with these contractual requirements. And we got a little more detailed in our recommendations, which you can find in our report. But we specifically refer to the Robomod and things and the more stringent consequences that we’d like to see for contractors that repeatedly attempt to offer these items.
Tom Temin Yeah, I was going to say the contractors need probably some kind of a sanctioning or warning system. Could it be simply that they might have a commercial side to their business where I guess some companies are still ok in the commercial world with buying these products, and therefore they just get into their line card. And somewhere internally, they’re not making that bifurcation between their commercial line card and their federal line card.
Michelle Westrup That for sure is possible. However, they all have a shared responsibility to not purchase.
Tom Temin Right, not your problem. They’ve got to figure that one out. Got it.
Barbara Bouldin Yeah. They have a responsibility to monitor the contract compliance.
Tom Temin And did the FAS, the Federal Acquisition Service, generally agree with you here?
Michelle Westrup They did. They agreed with all recommendations.
Tom Temin Ok, so it sounds like something you’re going to follow up on maybe in a few months to see if that slate has been wiped clean.
Michelle Westrup Right. Currently, FAS has to provide a corrective action plan to our recommendations. We have not yet received that. It’s not due for another few weeks now. And once we receive that, we’ll take a look at their intended actions, ensure that they are responsive to our recommendations and then accept that. And then we always do have a review process, I guess, in place to come back in and look at this program and ensure that those items and actions were actually taken.
Tom Temin And in the meantime, it’s better to correct a problem than to have operational adjustment for it. But in the meantime, you can kind of maybe send that message out to the contracting community and to the acquisition community. The agencies have your guard up for this kind of thing.
Barbara Bouldin Yeah, we’d hope that they would move on that corrective action immediately.