Skip to main content

National Flood Insurance Program: Progress Made on Contract Management but Monitoring and Reporting Could Be Improved

GAO-14-160 Published: Jan 15, 2014. Publicly Released: Jan 15, 2014.
Jump To:
Skip to Highlights

Highlights

What GAO Found

The Federal Emergency Management Agency (FEMA) has made progress in improving its processes for monitoring NFIP contracts since GAO last reported on these issues in 2008 and 2011. For example, GAO recommended in 2011 that FEMA complete the development and implementation of its revised acquisition process to be consistent with a Department of Homeland Security (DHS) directive. FEMA updated its contract management guidance and revised its handbook for contracting officer's representatives to be consistent with DHS directives. The updated handbook also contained many of the elements identified in a federal guide to best practices for contract administration. Furthermore, the FEMA division that manages the National Flood Insurance Program (NFIP) developed a contract management reference guide that followed FEMA's handbook and federal best practices guidance.

With some exceptions, FEMA largely followed its contract monitoring procedures for the three largest NFIP contractors GAO reviewed. For example, FEMA ensured that relevant staff overseeing selected contracts received appropriate training. Also, FEMA periodically compared and analyzed actual performance data against goals for each of the three contracts through operating reports, which would allow management to review the status of deliverables and milestones and be aware of inaccuracies or exceptions that could indicate internal control problems. However, FEMA did not develop a quality assurance surveillance plan for one of the contractors--a best practice and a key requirement identified in regulations and guidance. In 2010 and 2011, FEMA identified persistent issues with the contractor's deliverables, including quality and timeliness, and faced challenges in resolving those issues, which might have been avoidable if a quality assurance surveillance plan had been developed and used. FEMA officials stated that they are considering options to ensure that the plans are in place for future contracts, but did not provide specifics on those options or when they plan to implement them. Without detailed quality assurance surveillance plans, the expectations of the agency and the contractor can be misaligned during performance evaluations. Separately, for two of the contracts FEMA staff did not enter performance evaluations in the Contractor Performance Assessment Reporting System (CPARS), a database DHS uses to record assessments of performance of government contractors. Federal and DHS regulations and FEMA contract management guidance require entry of contract performance information in CPARS within certain time frames. By not reporting such information, FEMA disadvantaged the contractors and the government by not providing data that could be used in evaluating the contractors for future contract awards. For instance, receiving a positive CPARS assessment can enhance a contractor's reputation when bidding on future contracts, and as such, the assessments provide an incentive for the contractor to perform as expected. FEMA officials have acknowledged the issue. By determining the extent to which performance evaluations have not been entered into CPARS for its contracts, identifying the reasons why, and addressing those reasons, as needed, FEMA can help ensure that its--and other agencies'--contracting decisions and management draw on complete, relevant, and timely performance information.

Why GAO Did This Study

In operating NFIP, FEMA spends hundreds of millions of dollars annually on contractors that perform critical functions. The Biggert-Waters Flood Insurance Reform Act of 2012 mandates GAO to review the three largest contractors used in administering NFIP. In prior reports, GAO found problems with FEMA's oversight of contractors responsible for performing key NFIP functions. This report examines (1) FEMA's progress in updating its process for monitoring NFIP contractors since GAO's prior reports, and (2) the extent to which FEMA followed its monitoring process for the largest NFIP contractors. To address these objectives, GAO analyzed FEMA data on funds obligated to contractors from fiscal years 2008 through to 2012, reviewed information from FEMA on contract management policies and procedures, and assessed data covering fiscal years 2011 to 2013 on the implementation of these policies and procedures as they pertained to the three largest contractors. GAO also interviewed FEMA contracting staff and contractors.

Recommendations

To improve monitoring and reporting of contractor performance, we are recommending that FEMA (1) determine the extent to which quality assurance surveillance plans and CPARS assessments have not been prepared, (2) identify the reasons why, and (3) take steps, as needed, to address those reasons. FEMA concurred with GAO's recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
Federal Emergency Management Agency While FEMA has begun to consider how to address the lack of a quality assurance surveillance plan for the Bureau and Statistical Agent (BSA) contract and to enter Risk Mapping Assessment and Planning (Risk MAP) contractor performance assessments into CPARS, aimed at improving monitoring and reporting of contractor performance, and to help ensure FEMA's contract monitoring provides a consistent, structured, and transparent method to assess contractor services, the FEMA Administrator should (1) determine the extent to which quality assurance surveillance plans have not been developed for FEMA contracts; (2) identify the reasons why quality assurance surveillance plans were not developed; and (3) develop additional actions as needed to address the reasons to help ensure that quality assurance surveillance plans are developed for its future awards.
Closed – Implemented
The Federal Emergency Management Agency (FEMA) responded to the first part of our recommendation by providing copies of the quality assurance surveillance plans (QASP) for each of the contracts it administers under the National Flood Insurance Program (NFIP). As a result, FEMA has demonstrated that it ensured all of its NFIP contracts had a QASP. FEMA responded to the second and third parts of our recommendation by providing a copy of the Risk Insurance Division's (RID) "Best Practices for Contracting Officer's Representatives," (COR) published in December 2014. This document was produced to "align the performance of COR duties with the achievement of RID's goals and objectives; provide transparency in the oversight and administration of RID contracts; and, ensure effective and efficient administration of RID contracts and adherence to Federal Acquisition regulations." The document addresses our concerns about why a QASP was not developed for the BSA contract because it reinforces basic contract management requirements that previously were not fully implemented. Further, FEMA staff noted that the document includes a requirement that COR reports, which are monthly contract performance reports, must address the objectives contained in the QASP. The document addresses the third part of our recommendation because it should ensure that QASPs are developed for future contract awards.
Federal Emergency Management Agency While FEMA has begun to consider how to address the lack of a quality assurance surveillance plan for the BSA contract and to enter Risk MAP contractor performance assessments into CPARS, aimed at improving monitoring and reporting of contractor performance, and to help ensure that federal contracting officials have complete and timely information about the performance of contractors, the FEMA Administrator should (1) determine the extent to which CPARS assessments have not been completed for FEMA contracts; (2) identify the reasons why CPARS assessments were not completed; and (3) develop additional actions as needed to address the reasons to help ensure that assessments (ratings) for FEMA contractors are reported in CPARS on a timely and consistent basis.
Closed – Implemented
In January 2014, GAO recommended that the Federal Emergency Management Agency (FEMA) determine the extent to which required Contractor Performance Assessment Reporting System (CPARS) assessments have not been completed for FEMA contracts; identify the reasons why CPARS assessments were not completed; and, develop additional actions as needed to address the reasons to help ensure that assessments (ratings) for FEMA contractors are reported in CPARS on a timely and consistent basis. In response, FEMA indicated that they had completed all outstanding and backlogged CPARS assessments, and provided documentation to that effect. In addition, FEMA officials stated that they now track weekly all new required CPARS assessments and have coordination meetings every other week that are used to discuss CPARS. FEMA provided a spreadsheet showing the current status of CPARS assessments for ongoing contracts and an agenda for coordination meetings that includes review of CPARS. FEMA also stated that they have conducted training sessions for the contracting officer's representatives in its Risk Mapping, Assessment, and Planning program and the Federal Insurance and Mitigation Administration. FEMA provided briefing slides used in the training sessions that, among other things, highlight the need to improve the quantity and quality of information provided by CPARS assessments. Finally, FEMA provided narrative and ratings summary templates that can be used by contracting officer's representatives to aid in completing their assigned CPARS. As a result, FEMA has addressed our recommendation by completing past CPARS assessments and preparing to complete timely and consistent CPARS assessments in the future.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Best practicesContract administrationContract oversightContract performanceCost plus award fee contractsData collectionInternal controlsPerformance measuresQuality assuranceReporting requirementsRisk assessmentPolicies and proceduresContractsMonitoring