VA continues to pay ineligible contractors, audit finds

The Veterans Affairs Department appears to be awarding about $500 million a year to ineligible contractors, according to recent audits.

In a July 25 audit, investigators evaluated the veteran-owned small business (VOSB) and the service-disabled veteran-owned small business programs (SDVOSB), which together generated about $3.5 billion in procurements in fiscal 2010, or about 23 percent of total VA procurements.

The inspector general’s office reviewed 42 “statistically-selected” contracts in those two programs with a total value of $46.5 million that had been awarded to businesses alleged to be eligible for those programs. The review found that 32 of the businesses were ineligible to participate in the programs or were ineligible for the specific contracts they were awarded.

Based on that analysis, the inspector general’s office forecasted the total impact of contracts in those programs awarded to businesses that are ineligible for those programs.

“We project that VA awarded ineligible businesses at least 1,400 VOSB and SDVOSB contracts valued at $500 million annually, and that it will award about $2.5 billion in VOSB and SDVOSB contracts to ineligible businesses over the next five years if it does not strengthen oversight and verification procedures,” Belinda Finn, assistant inspector general for audits and evaluations, wrote in the report.

“VA and the Office of Small and Disadvantaged Business Utilization (OSDBU) need to improve contracting officer oversight, document reviews, completion of site visits for 'high-risk' businesses, and the accuracy of VetBiz Vendor Information Pages information,” Finn concluded.

Finn recommended that the VA implement “comprehensive program controls to ensure awards are not made to ineligible businesses and improve adherence to federal and VA regulations.” VA officials agreed with the recommendations.

In a second report, issued on July 27, the inspector general found that certain contractor personnel did not comply with VA information security policies when accessing VA networks and the VA’s electronic health record system known as “VistA” (Veterans Health Information System and Technology Architecture).

The contractor personnel improperly shared user accounts, did not terminate user accounts for former employees on a timely basis, and did not obtain appropriate security clearances or complete security awareness training, the report said. The contractor personnel also possibly exposed VA systems to potential IT security deficiencies that could have infected VA systems, the report said.

“VA has not implemented effective oversight to ensure that contractor practices comply with its information security policies and procedures. Contractor personnel also stated they were not well aware of VA’s information security requirements. As a result of these deficiencies, VA sensitive data is at risk of inappropriate disclosure or misuse,” Finn wrote in the report.

The report made several recommendations to the VA’s Office of Information and Technology to improve security. VA managers agreed with the findings and recommendations.

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Thu, Aug 4, 2011 Linda Joy Adams OK

Last Fall, our president asked agencies to set up contract compliance complaint offices so those with documentation and violations causing personal harm, etc. could file. And if one is in a protected class, a civil rights complaints. Few agencies did this. Congress gave govt contractors immunity from criminal investigations or prosecutions and they can't be internally audited. Many of these companies are subsidiaries of mega international corporations that are financially interlocked with each other. I personally am in a life and death fight with one who has lost files and monies in 5 different agencies and even throwing away administrative law judges hearing files to block their subpoena power,etc. One may find federal workers comp in the control of the same entity as your medical provider at a large medical school with many clinics, especially if its a state health system as this is not just federal. Bellingham , Washington is having problems as they are also your traffic cam company. Subsidiaries include, your local child protective service and adult protective service and this is getting down right ' scary' as they have too much power to be in the hands of an entity that is outside of the law and constitution. One needs evidence to cancel a contract and that needs to come from those who have been harmed and have documentation which I do in abundance; but so far all I have received is retaliation and hopefully whistle blower rights complaints won't get contracted out to the same companies, too. Linda Joy Adams

Wed, Aug 3, 2011 Ensign Bill

This is not a surprise. The VA has no ability to judge quality in its procurement. Meanwhile, for those of us who are LEGITIMATE SDVOSBs (DD214 showing discharged for medical, own 51% of my company) we are made to send another fly-by-night contractor 30 Megs of data as part of the new verification program. That is even when we are already verified as SDVOSB. They wanted meeting minutes of partners meetings, tax returns of partners going back for three years, tax returns of the company going back three years, etc., etc., ad nauseum. Now considering VA's previous mindfulness of my privacy (read "not at all") and release of my medical records to the ether, how do you think I feel about giving a non-CPA, non-MBA, non-veteran contractor all my personal informaion? When all they needed was two pieces of paper: my DD214 and my corporate structure.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above