In 2005, the Department of Homeland Security (DHS) initiated a multibillion-dollar contract to secure part of the nation's borders, the Secure Border Initiative (SBI). At that time, SBI was to include a single solution technology component; SBInet. DHS assigned the U.S. Customs and Border Protection (CBP) responsibility for overseeing the SBI contract, including SBInet. In January 2011, DHS announced that it was ending SBInet, and replacing it with a new technology portfolio. GAO was asked to (1) assess CBP's controls over payments to the prime contractor under the original SBInet program, and (2) provide information about the SBI program prime contractor's reporting against small business subcontracting goals. GAO assessed CBP controls against federal standards for internal control and relevant federal regulatory provisions, and summarized data on contractor performance against small business contracting goals.
GAO's review of CBP's controls over payments to the prime contractor under the original SBInet program identified the need to improve controls in two critical areas. Specifically, GAO found that CBP's design of controls for SBInet contractor payments did not (1) require invoices with sufficiently detailed data supporting billed costs to facilitate effective invoice reviews or (2) provide for sufficiently detailed, risk-based invoice review procedures to enable effective invoice reviews prior to making payments. Although CBP's established procedures were based on the Federal Acquisition Regulation (FAR), GAO identified numerous instances of CBP contracting officers lacking detailed support in the SBInet contractor invoices they received for review. Because CBP's preventative controls were not fully effective, the agency will continue to (1) be impaired in providing assurance that the reported $780 million it already paid to the contractor under the original SBInet program was allowable under the contract, in the correct amount, and only for goods and services provided, and (2) rely heavily on detective controls (such as timely, effective contract closeout audits) for all SBInet funds disbursed. Further, timely action to improve CBP's preventative controls is critical for the estimated $80 million in original SBInet program funds yet to be disbursed. Also, in light of the recent DHS announcement that it is replacing the originally conceived SBInet program with a new technology portfoliobased approach, GAO's findings concerning weaknesses in CBP's design of controls over payments to the prime contractor under the recently ended SBInet program can serve as "lessons learned" to be considered in designing and implementing controls as part of the newly announced portfolio-based approach to providing technological support to border security. With respect to performance against small business contracting goals, the prime contractor reported that it met two of the six small business subcontracting goals for the overall SBI program. Specifically, it reported that it met subcontracting participation goals for Historically Underutilized Business Zone and Veteran-Owned small business categories, but was unable to meet the other four small business goals because a large steel purchase significantly reduced the subcontract dollars available for small businesses to participate in the SBI contract. GAO makes five recommendations to improve CBP controls over prime contractor payments under the SBInet and the successor technology portfolio, including actions to strengthen invoice review procedures, provide more detailed support, and to better focus closeout audits. DHS concurred in principle with all recommendations, but for some, DHS also commented on the cost-effectiveness or others' role in implementation. GAO addresses these comments in the report.
Recommendations for Executive Action
|Department of Homeland Security||With respect to the remaining funds not yet disbursed under the original SBInet contract, the Secretary of Homeland Security should direct CBP's SBI Contracting Division Director to revise CBP's SBI standard operating procedures (SOPs) to require the SBInet contractor to submit data supporting invoiced costs to CBP in sufficient detail to facilitate effective contracting officer (CO) and the contracting officer's technical representatives (COTR) invoice review.|
|Department of Homeland Security||With respect to the remaining funds not yet disbursed under the original SBInet contract, the Secretary of Homeland Security should direct CBP's SBI Contracting Division Director to revise CBP's SBI SOPs to include specific, risk-based steps required for COs and COTRs to properly review and approve contractor invoices to ensure that they accurately reflect all program costs incurred, including specifying required documentation of such review and approval.|
|Department of Homeland Security||With respect to closeout audits under the original SBI prime contract and any task orders that receive closeout audits under DHS's SOPs, the Secretary of Homeland Security should direct CBP's SBI Contracting Division Director to request that the Defense Contract Audit Agency (DCAA) to perform closeout audits as expeditiously as possible, including providing information on the contractor payment control findings concerning the original SBInet program that we identified for consideration in determining the extent and nature of DCAA testing required as part of such audits.|
|Department of Homeland Security||With respect to closeout audits under the original SBI prime contract and any task orders that receive closeout audits under DHS's SOPs, the Secretary of Homeland Security should direct CBP's SBI Contracting Division Director to establish procedures for coordinating with DCAA to monitor the status of closeout audits related to the original SBInet program.|
|Department of Homeland Security||With respect to the new technology portfolio approach, the Secretary of Homeland Security should direct CBP's SBI Contracting Division Director to document the consideration and incorporation as appropriate, of lessons learned based on our findings on the design of controls over payments to the original SBInet contractor in designing and implementing contract provisions and related policies and procedures for reviewing and approving prime contractor invoices. Such provisions should provide for obtaining sufficiently detailed data supporting invoiced costs to support effective invoice reviews and include the specific, appropriately risk-based steps required for COs and COTRs to carry out an effective contractor invoice review.|