No longer a performance model, TSA’s ITMS provides lessons

DHS IG finds that the contract lacked the proper performance measures

Once considered a model for performance-based contacting, the Transportation Security Administration’s massive Information Technology Managed Services (ITMS) program is now receiving criticism for some of its faults. A new audit report details the project’s missteps and provides insight into the challenges of managing such contracts.

The recent report by the Homeland Security Department’s inspector general details the failures of the $1 billion contract with Unisys to provide telecommunications, IT infrastructure and managed services at 429 airports, 21 field offices and TSA’s Transportation Security Operations Center. TSA lacked the staff to oversee such a complex acquisition and did not have the proper performance measures in place, the report states.

“The broad scope of requirements and short time frames for implementation caused difficulty in establishing a realistic contract ceiling, structuring specific tasks and establishing reasonable prices for those tasks,” DHS Inspector General Richard Skinner wrote.

Rep. Don Young (R-Alaska), chairman of the House Transportation and Infrastructure Committee, requested the audit.

Although most of the original money has been spent and many airports still lack a basic IT structure, the agency has since adopted a better-managed acquisition strategy, the report states.

TSA awarded the contract in 2002. By the beginning of fiscal 2006, spending had nearly reached the contract ceiling although few products or services had been delivered. TSA officials projected that by the beginning of fiscal 2006, the cost would exceed $834 million. Including option years, the contract was to extend into fiscal 2009, meaning 83 percent of the contract’s spending limit had been spent in less than half of the time allotted for the contract, according to the report. The report faults Unisys for often performing work under the ITMS contract without receiving authorizations to proceed from TSA’s contracting office.

Although the report presents considerable evidence of poor contract management, the IG found that the contract had made appropriate use of small businesses. “TSA has taken an aggressive approach to ensure that Unisys complies with small-business subcontractor management responsibilities,” Skinner wrote.

TSA let the original Unisys contract expire because of IG recommendations from a draft report. In December 2005, the agency awarded the company a bridge contract, under which TSA has implemented sound business practices and addressed the weaknesses that the IG’s office identified in the original draft audit report, Skinner wrote.

The bridge contract has enabled the agency to retain equipment leased under the initial ITMS contract and support a transition to a new departmentwide homeland security contract, once one is in place. Under a DHS enterprisewide contract it would no longer be a TSA project, and the IT services would be interoperable with other DHS agencies, said TSA spokeswoman Amy Kudwa. TSA also has taken parts of the original Unisys work and competed it outside of the bridge contract, she said.

In a statement responding to the IG report, Unisys officials detailed some of the company’s accomplishments under the ITMS contract, such as providing “state-of-the-art technology and communications equipment” to the airports, success rates in implementing equipment such as high-speed access and networking, and satisfaction ratings.

“Unisys successfully met ITMS contract requirements and, in some cases, exceeded them to earn a performance award,” company officials said.

Kudwa said TSA has only awarded $900,000 in performance incentives to date, even though Unisys is eligible for $2.9 million per quarter in performance incentives. Unisys noted that the IG report indicates high customer satisfaction with Unisys, including an average rating of 4.78 on a 5.0 scale. Federal security directors rated Unisys’ ITMS performance a 7.3 on a scale of 1 to 10, with 10 representing excellent. The directors blamed the ITMS problems on inadequate funding, not Unisys’ performance.

“It is not unusual in complex government contracts of this type for the government and the contractor to have questions arise regarding contract obligations,” Unisys officials wrote regarding the IG report. “Unisys has been working with TSA to address the issues that arose on the original ITMS contract.… TSA has indicated publicly its satisfaction with Unisys’ performance on the ITMS contract.”

The IG report states that TSA faced congressionally mandated deadlines and stiff budget constraints when launching the program, which made it difficult to create a workable management structure for the contract. TSA officials agreed, adding that the agency has taken steps to fix those management woes. “The contract was in the early days of TSA, and they had minimal staff and infrastructure,” Kudwa said. “They relied on industry to meet deadlines.”

The tight time frames and massive scope of ITMS would present a challenge for any contractual relationship, and the failures should be put into context, said Chip Mather, a partner at Acquisition Solutions. TSA and Unisys were building IT services from scratch, and the unique demands of the new agency and complexities of managing such a contract resulted in the rocky start, he said.

When the contract was awarded, ITMS was regarded as a unique approach and a potential model for agencies. Government and industry officials touted ITMS’ focus on results and planning. But as some of the pitfalls become visible, experts say there is still much to learn in managing performance-based contracts.

The government is used to directing contractors, Mather said, and performance-based contracts are the antithesis of that. Now, if the contract doesn’t work, it’s no longer just the vendor’s fault. Under a performance-based contract, contractor failure means government failure, he said. “Managing a performance-based contract requires a new set of skills and techniques,” he said. “It is clear that just awarding a performance-based contract is not the end-all, be-all. You have to manage it for results.”

Mather said agencies should prepare to manage a performance-based contract starting on the day of its release. Successfully managing a contract requires a cultural transformation, strategic linkage and governance — disciplines that should be established in the beginning.

Agencies may call a contract performance-based, but actually developing the performance measures and managing them is much more difficult, said Steve Kelman, a Federal Computer Week columnist and a professor at Harvard University’s Kennedy School of Government.

“We need to be careful not to make performance-based contacting just a slogan,” he said. “We need to make it the reality of the way we do contracting.”

DHS isn’t alone in the struggle to execute a performance-based contract, Kelman said. But the good news is that agencies now feel the pressure to move to this form of contracting.

“The fact that people are feeling under the gun to do performance-based contracting will lead to some situations where people do it just in name but other situations where people will do it in reality,” he said. “Now the challenge is more widely to translate that aspiration into contracting reality.”

Robert Guerra, a partner at consulting firm Guerra Kiviat, said that rather than call into question the validity of performance-based contracting, the failures show the concept of performance-based acquisitions was lost in the execution of ITMS.

In a true performance-based contract, the customer is supposed to tell the vendor the objective, rather than detailing hours and rates, and the vendor would then come back with the cost and measures, he said.

“The hard part is the philosophy, not awarding the contract,” he said.

Michael is a writer based in Chicago.

Highlights from the auditor’s reportThe Homeland Security Department’s Office of Inspector General audit examined the Transportation Security Administration’s $1 billion Information Technology Managed Services contract with Unisys.

Here are some of the findings:

  • TSA had a small staff overseeing several major acquisitions when it awarded the Unisys contract, and it was under mandated timeline and budget constraints.

  • By the beginning of fiscal 2006, more than 80 percent of the contract ceiling had been spent in less than half of the allotted time.

  • Actual costs exceeded planned costs, but Unisys failed to supply all promised services and products.

  • TSA lacked adequate performance measures two years into the program, and the existing measures were limited to a small portion of the contract’s deliverables.

  • TSA did not give airport security directors the high-speed connections necessary for daily operations.

  • Unisys properly used small-business subcontractors.
  • Source: Homeland Security Department


    • Defense
      Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

      IVAS and the future of defense acquisition

      The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

    • Cybersecurity
      Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

      Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

      The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

    Stay Connected