GAO-11-68, Secure Border Initiative: Controls over Contractor Payments for the Technology Component Need Improvement


This is the accessible text file for GAO report number GAO-11-68 
entitled 'Secure Border Initiative: Controls over Contractor Payments 
for the Technology Component Need Improvement' which was released on 
May 26, 2011. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 
GAO: 

Report to Congressional Requesters: 

May 2011: 

Secure Border Initiative: 

Controls over Contractor Payments for the Technology Component Need 
Improvement: 

SBInet Contractor Payment Controls: 

GAO-11-68: 

GAO Highlights: 

Highlights of GAO-11-68, a report to congressional requesters. 

Why GAO Did This Study: 

In 2005, the Department of Homeland Security (DHS) initiated a 
multibillion-dollar contract to secure part of the nation’s borders, 
the Secure Border Initiative (SBI). At that time, SBI was to include a 
single solution technology component; SBInet. DHS assigned the U.S. 
Customs and Border Protection (CBP) responsibility for overseeing the 
SBI contract, including SBInet. In January 2011, DHS announced that it 
was ending SBInet, and replacing it with a new technology portfolio. 
GAO was asked to (1) assess CBP’s controls over payments to the prime 
contractor under the original SBInet program, and (2) provide 
information about the SBI program prime contractor’s reporting against 
small business subcontracting goals. GAO assessed CBP controls against 
federal standards for internal control and relevant federal regulatory 
provisions, and summarized data on contractor performance against 
small business contracting goals. 

What GAO Found: 

GAO’s review of CBP’s controls over payments to the prime contractor 
under the original SBInet program identified the need to improve 
controls in two critical areas. Specifically, GAO found that CBP’s 
design of controls for SBInet contractor payments did not (1) require 
invoices with sufficiently detailed data supporting billed costs to 
facilitate effective invoice reviews or (2) provide for sufficiently 
detailed, risk-based invoice review procedures to enable effective 
invoice reviews prior to making payments. Although CBP’s established 
procedures were based on the Federal Acquisition Regulation (FAR), GAO 
identified numerous instances of CBP contracting officers lacking 
detailed support in the SBInet contractor invoices they received for 
review. 

Table: Excerpt of a SBInet Prime Contractor September 12 through 25, 
2008, Invoice Showing Cost Data Submitted for CBP Review and Payment: 

Other Direct Cost: $107,889.73;
Travel: $108,148.57; 
Overtime Premium: $52.00; 
Direct Labor: $1,518,873.38. 

Source: GAO analysis of CBP records of contractor invoice. 

[End of table] 

Because CBP’s preventative controls were not fully effective, the 
agency will continue to (1) be impaired in providing assurance that 
the reported $780 million it already paid to the contractor under the 
original SBInet program was allowable under the contract, in the 
correct amount, and only for goods and services provided, and (2) rely 
heavily on detective controls (such as timely, effective contract 
closeout audits) for all SBInet funds disbursed. Further, timely 
action to improve CBP’s preventative controls is critical for the 
estimated $80 million in original SBInet program funds yet to be 
disbursed. Also, in light of the recent DHS announcement that it is 
replacing the originally conceived SBInet program with a new 
technology portfolio-based approach, GAO’s findings concerning 
weaknesses in CBP’s design of controls over payments to the prime 
contractor under the recently ended SBInet program can serve as “
lessons learned” to be considered in designing and implementing 
controls as part of the newly announced portfolio-based approach to 
providing technological support to border security. 

With respect to performance against small business contracting goals, 
the prime contractor reported that it met two of the six small 
business subcontracting goals for the overall SBI program. 
Specifically, it reported that it met subcontracting participation 
goals for Historically Underutilized Business Zone and Veteran-Owned 
small business categories, but was unable to meet the other four small 
business goals because a large steel purchase significantly reduced 
the subcontract dollars available for small businesses to participate 
in the SBI contract. 

What GAO Recommends: 

GAO makes five recommendations to improve CBP controls over prime 
contractor payments under the SBInet and the successor technology 
portfolio, including actions to strengthen invoice review procedures, 
provide more detailed support, and to better focus closeout audits. 
DHS concurred in principle with all recommendations, but for some, DHS 
also commented on the cost-effectiveness or others’ role in 
implementation. GAO addresses these comments in the report. 

View [hyperlink, http://www.gao.gov/products/GAO-11-68] or key 
components. For more information, contact Susan Ragland at (202) 512-
9095 or raglands@gao.gov. 

[End of section] 

Contents: 

Letter: 

Background: 

Controls over Prime Contractor Payments for SBI Technology Component 
Need Improvement: 

SBI's Prime Contractor Reported That It Met Two of Its Six Small 
Business Subcontracting Goals: 

Implications of January 2011 Decision to End the Original SBInet 
Program: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendix I: GAO Contact and Staff Acknowledgments: 

Table: 

Table 1: Summary of Prime Contractor's Reporting on Small Business 
Participation Awards versus Goals for the SBI Program: 

Figures: 

Figure 1: DHS and CBP Organizational Components that had SBI Contract 
Oversight Responsibilities: 

Figure 2: Process for Paying SBInet Invoices: 

Figure 3: Example of SBInet Prime Contractor Voucher with Lump Sum 
Amounts by Cost Element Submitted for CBP Review and Payment: 

Abbreviations: 

CBP: U.S. Customs and Border Protection: 

CO: contracting officer: 

COTR: contracting officer's technical representative: 

DCAA: Defense Contract Audit Agency: 

DHS: Department of Homeland Security: 

FAR: Federal Acquisition Regulation: 

HSAM: Department of Homeland Security Acquisition Manual: 

HSAR: Department of Homeland Security Acquisition Regulation: 

HUBZone: Historically Underutilized Business Zone: 

IDIQ: Indefinite Delivery/Indefinite Quantity: 

NFC: National Finance Center: 

OTIA: Office of Technology Innovation and Acquisition: 

SBA: Small Business Administration: 

SBI: Secure Border Initiative: 

SBInet: Secure Border Initiative Network: 

SOP: standard operating procedures: 

[End of section] 

United States Government Accountability Office: 
Washington, DC 20548: 

May 25, 2011: 

The Honorable Peter T. King: 
Chairman: 
The Honorable Bennie G. Thompson: 
Ranking Member: 
Committee on Homeland Security: 
House of Representatives: 

The Honorable Michael T. McCaul: 
Chairman: 
The Honorable William R. Keating: 
Ranking Member: 
Subcommittee on Oversight, Investigations, and Management: 
Committee on Homeland Security: 
House of Representatives: 

The Honorable Gus M. Bilirakis: 
Chairman: 
The Honorable Laura Richardson: 
Ranking Member: 
Subcommittee on Emergency Preparedness, Response, and Communications: 
Committee on Homeland Security: 
House of Representatives: 

The Department of Homeland Security's (DHS) Secure Border Initiative 
(SBI), begun in November 2005, was intended as a multiyear effort to 
secure the nation's borders. At that time, the Secure Border 
Initiative-network (SBInet) component of SBI was intended to provide a 
single technology-based solution for the nation's entire Southwest 
border using a highly integrated set of fixed sensor towers. The U.S. 
Customs and Border Protection (CBP), a component of DHS, was assigned 
responsibility for monitoring and overseeing the prime contractor, 
including contractor payments, for both the overall SBI and SBInet 
programs. 

Since its inception, we have issued a number of reports highlighting 
issues concerning technical problems, cost overruns, and schedule 
delays with the SBI program[Footnote 1].1 In March 2010, the Secretary 
of Homeland Security announced a freeze on all SBInet program 
disbursements, with the exception of SBInet contractual agreements to 
support technology-based security for a 53-mile section along the 
Arizona border. In January 2011, the Secretary directed CBP to 
terminate the SBInet program as originally conceived, and instead 
focus on developing terrain-and population-based solutions utilizing 
existing proven technologies. The Secretary also provided that while 
the new technology approach should include elements of the former 
SBInet program where appropriate, DHS did not plan to use the current 
contract to procure any of the technology systems under the new 
approach, but rather would solicit competitive offers. Since the 
inception of the SBI program, for which Congress has appropriated a 
total of about $4.4 billion through fiscal year 2010, about $1.5 
billion of that amount has been available for the original SBInet 
program. As of January 2011, CBP reported it had paid the prime 
contractor a total of about $780 million under the original SBInet 
program, and had obligated, but not yet disbursed, almost an 
additional $80 million. 

In response to your request, this report provides (1) our assessment 
of CBP's controls over payments to the prime contractor related to the 
original SBInet program and (2) information about the overall SBI 
program prime contractor's reporting on the extent to which it met 
small business subcontracting goals. In addition, this report provides 
our analysis of the implications of the January 2011 DHS SBInet 
termination decision on our findings and conclusions related to prime 
contractor payment controls under the original SBInet program. 

To accomplish our first objective, we assessed the original SBInet 
program's internal controls over prime contractor payments in 
comparison with our Standards for Internal Control in the Federal 
Government[Footnote 2] and other relevant criteria, including relevant 
provisions of the Federal Acquisition Regulation (FAR), the Department 
of Homeland Security Acquisition Regulation (HSAR), DHS policies, and 
CBP procedures. We conducted structured interviews with CBP officials 
and a walk-through of CBP's prime contractor invoice review, approval, 
and processing procedures under the original SBInet program.[Footnote 
3] 

We also selected five task orders issued by CBP under the prime 
Indefinite Delivery/Indefinite Quantity (IDIQ) contract to review. 
[Footnote 4] These task orders represented 84 percent of all payments 
made to the prime contractor and 79 percent of the total value of all 
task orders from the original SBInet program's inception in November 
2005 through the end of fiscal year 2009. The selected task orders 
included types priced on both a fixed price and cost reimbursement 
basis and included both open and closed task orders. For each of the 
five task orders selected for review, we obtained and reviewed 
available contract documentation, including individual task orders, 
task order modifications, statements of work, and invoices. We also 
obtained available information related to all 99 invoices submitted 
under the five task orders for the purpose of assessing the extent to 
which they complied with the original SBInet contract and were 
properly supported.[Footnote 5] 

To address our second objective of providing information about DHS's 
prime contractor's reporting on the extent to which it met small 
business subcontracting goals for the overall SBI program, we obtained 
and summarized information from the prime contractor's Subcontractor 
Plan, the prime contractor's five semiannual Small Business 
Subcontracting Review Summit reports from November 2007 through May 
2010, and documentation supporting the prime contractor's small 
business subcontracting award reports. We did not assess or validate 
the accuracy or reliability of the contractor's reporting and 
supporting data. 

We also gathered and assessed information DHS provided concerning its 
January 2011 decision to terminate the original SBInet program. 
Specifically, we assessed information provided in terms of its 
implications for the remaining funds yet to be disbursed under the 
original SBInet program, SBInet contract closeout audits, and the 
limited information available as to the contractor and related 
contractor payment controls under the new technology portfolio 
approach. 

We conducted this performance audit from June 2009 to April 2011, 
[Footnote 6] in accordance with generally accepted government auditing 
standards. Those standards require that we plan and perform the audit 
to obtain sufficient, appropriate evidence to provide a reasonable 
basis for our findings and conclusions based on our audit objectives. 
We believe that the evidence obtained provides a reasonable basis for 
our findings and conclusions based on our audit objectives. 

Background: 

Figure 1 provides an overview of CBP organizational components that 
had prime contractor invoice review, approval, and payment 
responsibilities under the original SBInet program. 

Figure 1: DHS and CBP Organizational Components that had SBI Contract 
Oversight Responsibilities: 

[Refer to PDF for image: organization chart] 

Top level: DHS. 

Second level, reporting to DHS: CBP. 

Third level, reporting to CBP:
* National Finance Center (NFC); 
* Office of Administration Procurement Directorate; 
* Office of Technology Innovation and Acquisition (OTIA)[A]. 

Fourth level, reporting to Office of Administration Procurement 
Directorate: 
* Enterprise Contracting Office; 
- SBI Contracting Division. 

Fourth level, reporting to Office of Technology Innovation and 
Acquisition (OTIA): 
* SBI Program Management Office; 
- SBI Business Operations Division. 

Source: GAO analysis of SBI documentation. 

[A] This office was created in November 2010. According to DHS 
officials, SBI was eliminated under the OTIA reorganization. 

[End of figure] 

CBP's Contracting Division, which is part of the Office of 
Administration Procurement Directorate's Enterprise Contracting 
Office, was assigned SBInet program prime contractor management and 
administrative responsibilities, including receiving and approving or 
rejecting invoices. The Office of Technology Innovation and 
Acquisition within CBP was assigned responsibility for managing key 
program and contractor oversight acquisition functions associated with 
SBInet, such as verifying and accepting contract deliverables. This 
office was also to work closely with CBP's SBI Contracting Division. 
Contracting officers (CO)[Footnote 7] and contracting officer's 
technical representatives (COTR)[Footnote 8] in the SBI Contracting 
Division were assigned responsibility for reviewing invoices and 
maintaining contract files. The SBI Business Operations Division was 
responsible for providing CO-approved invoices to CBP's National 
Finance Center (NFC) for processing contractor invoices for payment. 

In carrying out its assigned prime contractor invoice-related 
responsibilities under the original SBInet program, CBP relied on the 
FAR, HSAR, as well as DHS, CBP, and SBI program policies and 
procedures. The overarching policy for federal contracting is the FAR. 
DHS issued a supplemental regulation, HSAR, an acquisition manual for 
DHS contracting and, in October 2008, CBP's SBI Contracting 
Division[Footnote 9] issued standard operating procedures (SOP) 
setting out required review, approval, and processing steps for all 
SBI prime contractor invoice processing.[Footnote 10] 

Figure 2 provides an overview of CBP's process for reviewing, 
approving, and paying prime contractor invoices under the original 
SBInet program. 

Figure 2: Process for Paying SBInet Invoices: 

[Refer to PDF for image: illustration] 

Prime contractor: 
submits invoice to Contracting Officer’s Technical Representative 
(COTR), Contracting Officer (CO), and National Finance Center (NFC) 
(automated process). 

CBP: Contracting Division: 
COTR: Reviews invoice and recommends payment or rejection of invoice 
to CO (automated process); 
CO: Obtains COTR rejection or approval, approves or rejects invoice, and
notifies SBI’s Business Operations Division (automated process). 

CBP: Business Operations Division: 
For approved invoices, verifies available funding, communicates 
payment approval or wire transfer request,and enters information in 
SAP (automated process); 
Wire transfer request (manual process). 

CBP: NFC: 
Processes invoice upon receipt of CO and SBI’s Business Operations 
Division approval in SAP and sends payment information to Treasury; 
(automated process); 
SAP: Financial management and reporting system; records payment 
information and general ledger details (automated process). 

U.S. Department of the Treasury: 
Receives payment information from SAP (automated process); 
Pays invoice to Prime contractor via electronic funds transfer or wire 
transfer (automated process). 

Source: GAO analysis of SBI documentation. 

[End of figure] 

CBP's process for reviewing, approving, and paying prime contractor 
invoices under the original SBInet program relies on both preventative 
and detective controls.[Footnote 11] Generally, preventative controls 
are more efficient and effective than detective controls. CBP's 
detective controls began with SBInet's prime contractor submitting an 
invoice to the SBI Contracting Division's CO, COTR, and CBP's NFC for 
review. After reviewing the invoice, the COTR was responsible for 
recommending whether the CO should approve or reject the invoice. If 
the CO and COTR approved an invoice, the CO was to notify the SBI 
Business Operations Division within the Program Management Office to 
check for fund availability.[Footnote 12] If funds were available, 
CBP's NFC was to be notified to process the invoice for payment. 
Further, while not required, CBP's COs may request the Defense 
Contract Audit Agency (DCAA), a defense agency within the U.S. 
Department of Defense, to conduct an invoice review or rate 
verification for any invoice. In addition, CBP officials told us that 
the CO will always request DCAA to conduct a closeout audit (a 
detective control) for any task order, although this is not required. 
[Footnote 13] DHS's Office of Procurement provides that the CO submit 
a memorandum to request a final audit for the entire IDIQ contract, or 
any of it delivery order, or task order components. 

Controls over Prime Contractor Payments for SBI Technology Component 
Need Improvement: 

Under the original SBInet program, CBP took actions intended to 
establish internal controls over contractor payments. CBP established 
SOPs setting out required contractor invoice review, approval, and 
processing steps for CBP's COs and COTRs to follow. These procedures 
were based on requirements in the FAR. We identified the need to 
improve CBP's controls in two important areas. Specifically, we 
identified the need to improve CBP's preventative controls over 
payments to the SBInet program contractor with respect to requiring: 

* invoices with sufficiently detailed data supporting billed costs to 
facilitate effective invoice review and: 

* specific, sufficiently detailed, risk-based invoice review 
procedures to enable full, effective, and documented reviews prior to 
making payments. 

Because CBP's preventative controls were not fully effective, the 
agency will continue to (1) be impaired in its ability to provide 
assurance that the estimated $780 million already paid the prime 
contractor under the original SBInet program was proper and allowable, 
in the correct amount, and only for goods and services provided and 
(2) rely heavily on detective controls (primarily contract closeout 
audits) for assurance concerning the propriety of SBInet program 
disbursements. Further, until CBP takes action to improve its 
preventative controls, it will continue to be impaired in its ability 
to effectively review the estimated $80 million obligated, but yet to 
be disbursed, to the prime contractor under the original SBInet 
program. In addition, our findings have implications as possible 
"lessons learned" for DHS to consider and address as appropriate in 
designing and implementing contract payment controls for its new 
technology portfolio approach. 

Detailed Data Supporting Invoiced Costs Not Required: 

Standards for Internal Control in the Federal Government and related 
guidance provide that an entity's internal controls should enable it 
to verify that ordered (invoiced) goods and services were proper and 
met the government's specifications.[Footnote 14] CBP's policies and 
related SOPs applicable to the original SBInet program required the 
prime contractor to submit invoices showing total costs incurred by 
cost element (i.e., direct labor, direct materials, major 
subcontracts, other direct costs, overtime premium, overhead, travel, 
and general and administrative expenses). However, CBP's policies and 
procedures did not require the invoices to include any additional 
supporting detail. Not requiring such detail not only precluded us 
from testing whether invoiced costs complied with the SBInet contract 
and were properly supported, but, more important, resulted in numerous 
instances in which CBP's COs and COTRs did not have the detailed 
support they needed to effectively review the SBInet contractors' 
invoices. For example, in one instance a CO requested additional 
detailed information such as travel dates and travel destinations to 
review the reasonableness of a lump sum invoiced cost amount for 
travel. 

Figure 3 shows an example of a SBInet prime contractor invoice 
submitted and paid for costs incurred for the period from September 12 
through 25, 2008. Figure 3 also highlights lump sum invoiced costs for 
the "Direct Labor" and "Travel" cost elements. 

Figure 3: Example of SBInet Prime Contractor Voucher with Lump Sum 
Amounts by Cost Element Submitted for CBP Review and Payment: 

[Refer to PDF for image: illustration] 

Example of cost element: Travel; 
Cost element amount billed for current period (Sept. 12, 2008 through 
Sept. 25, 2008: $108,148.57. 
Cumulative cost element amount billed from inception of the task
order, April 15, 2008 to Sept. 25, 2008: $202,490.24. 

Example of cost element: Direct Labor; 
Cost element amount billed for current period (Sept. 12, 2008 through 
Sept. 25, 2008: $1,518,873.38. 
Cumulative cost element amount billed from inception of the task
order, April 15, 2008 to Sept. 25, 2008: $20,800,218.64. 

Total: 
Cost element amount billed for current period (Sept. 12, 2008 through 
Sept. 25, 2008: $3,705,718.70. 
Cumulative cost element amount billed from inception of the task
order, April 15, 2008 to Sept. 25, 2008: $45,571,243,06. 

Source: GAO analysis of CBP's records of contractor vouchers. 

[End of figure] 

In this example, the SBInet prime contractor billed, and CBP paid, a 
total of $3,705,718.70, including $1,518,873.38 for the period for 
direct labor without any supporting details such as the hours worked 
and labor rate category. Supporting details are necessary to allow 
reviewing officials to determine, for example, whether the appropriate 
rate was charged and to assess the reasonableness of the hours charged. 

Similarly, for the $108,148.57 billed for travel for the period, the 
contractor did not provide supporting details necessary for a 
reviewing official to assess the amount claimed, such as the purpose 
of the trip and travel destination. Supporting details help CBP's COs 
and COTRs assess the propriety of invoice cost elements billed to the 
government, and effectively review the prime contractor's invoices. 

Lacking sufficiently detailed data supporting the original SBInet 
contractor's invoiced costs, we were unable to determine whether the 
99 invoices we sampled for review were proper and in compliance with 
original SBInet program contract provisions. Our review identified 
numerous instances of CBP CO and COTR frustration when they were 
unable to obtain detail to support SBInet contractor lump sum invoiced 
costs, despite repeated requests. The SBInet prime contractor denied 
these requests on the basis that CBP's policies did not require 
supporting detail. CBP paid the invoiced amounts in all cases. 

In November 2009, CBP requested, and the SBInet prime contractor began 
providing, some additional information with its invoices submitted 
under the original SBInet program task orders. For example, the prime 
contractor included additional information on work performed for the 
invoice period. However, the additional information the contractor 
provided did not include sufficient additional detail needed to 
support an effective review of invoiced costs, such as hours worked, 
labor rate category, purpose of travel, or travel destination. 

CBP could have relied on a provision of the contract to obtain 
additional support for lump sum invoiced costs. That is, as authorized 
by the contract's Allowable Cost and Payment Clause (FAR 52.216-7 (a) 
(1)), CBP could have required the SBInet contractor to provide, in 
such form and with reasonable details, support for lump sum invoiced 
cost element claims. CBP and SBI Contracting Division management 
officials told us they were aware of their ability to obtain 
supplemental detailed supporting cost information under the FAR 
Allowable Cost and Payment clause. However, they also told us that CBP 
made a business decision for the overall SBI program (including the 
original SBInet program) not to request such detailed supporting data 
from its prime contractor, but rather to rely on other oversight 
mechanisms (such as closeout audits) to help identify any contractor 
billing issues. 

Closeout audits are less effective as a control to identify or correct 
any contractor payment issues because they may not be conducted until 
a number of years after completion of a contract. The contractor's 
ability to repay any improper payments may deteriorate, responsible 
prime contractor officials may change, their memories may fade, or 
needed supporting data may be lost. 

Design of Procedures for Review and Approval of Original SBInet 
Contractor Invoices Was Not Sufficiently Detailed: 

As provided by Standards for Internal Control in the Federal 
Government, well-developed and consistently implemented policies and 
procedures are critical in providing reasonable assurance that 
management's directives are carried out and program risks, such as the 
risk of improper payments, are minimized. 

CBP's SOP applicable to COs' and COTRs' reviews of SBInet contractor 
invoices provided general guidance that COs and COTRs were to 
"evaluate invoices to certify receipt of the product or service in 
accordance with the terms of the contract or order, as well as the 
accuracy and validity of the elements in the invoice." However, CBP's 
procedures for reviewing prime contractor invoices submitted under the 
original SBInet program were not sufficiently detailed and 
appropriately risk based to enable consistent, effective, and 
documented invoice reviews. 

CBP's prime contractor invoice review procedures under the original 
SBInet program did not identify the specific review steps required for 
COs and COTRs to carry out and document effective, risk based reviews 
that could reasonably ensure that the SBInet contractor's invoices 
were in the correct amount and accurately reflected all and only 
allowable goods and services as provided for under the original SBInet 
program. For example, CBP's SOP for reviewing payments to the prime 
contractor under the original SBInet program did not reflect such 
specific review steps as how to consider the relative risks and review 
invoice cost elements (including major subcontracts, direct materials, 
direct labor, and other direct costs); what qualifies as sufficient 
supporting evidence for amounts invoiced by the prime contractor; and 
how to review invoice credit amounts and contract reserve adjustments. 
[Footnote 15] 

SBI's Prime Contractor Reported That It Met Two of Its Six Small 
Business Subcontracting Goals: 

SBI's prime contractor reported to CBP that it met two of its six 
small business[Footnote 16] subcontracting goals that were identified 
in the prime contractor's subcontracting plan for the reporting period 
ended March 31, 2010. The prime contractor reported that it was unable 
to meet the remaining small business goals primarily as a result of 
non-small business contract awards necessitated by the Secure Fence 
Act of 2006, as amended. Specifically, to obtain the material needed 
to meet the 2006 statutory directive, in December 2007, the prime 
contractor entered into a large-scale steel purchase of approximately 
$242 million that it told us was only available from a large business. 
Consequently, the SBI prime contractor reported that this steel 
purchase reduced the subcontract award dollars available such that it 
was unable meet all of its small business contract award goals for the 
SBI program. 

The SBI's prime contractor reported on its performance against small 
business subcontracting goals that were identified in its 
subcontracting plan and aligned with the categories used by the Small 
Business Administration (SBA) for prime contracts. That is, consistent 
with SBA definitions, the SBI prime contractor established five socio- 
economic subcategories for its SBI program: (1) Small Disadvantaged 
Business,[Footnote 17] (2) Woman-Owned Small Business,[Footnote 18] 
(3) Historically Underutilized Business Zone (HUBZone),[Footnote 19] 
(4) Veteran-Owned Small Business,[Footnote 20] and (5) Service-
Disabled Veteran-Owned Small Business.[Footnote 21] The SBI prime 
contractor-established goals for each subcategory ranged from 1 to 5 
percent of the total SBI program contract dollars awarded. 
Additionally, the SBI prime contractor also established an overall 
small business goal of awarding 40 percent of the total SBI program 
contract dollars to small businesses, which included, but was not 
limited to socio-economic small business goals. 

As shown in table 1, as of March 31, 2010, the SBI contractor reported 
that it met subcontracting participation goals for the HUBZone and 
Veteran-Owned small business categories. Further, the prime contractor 
reported that while it had awarded a total of over $262 million in SBI 
program funds to small businesses, its overall small business 
participation rate of approximately 33 percent from November 2005 
through March 31, 2010, fell short of the 40 percent subcontracting 
goal. 

Table 1: Summary of Prime Contractor's Reporting on Small Business 
Participation Awards versus Goals for the SBI Program: 

Category of business: Small Disadvantaged; 
Planned percentage participation goal: 5; 
Actual percentages reported as of March 31, 2010: 3.77%; 
Subcontracting dollars awarded as of March 31, 2010: $29,874,672. 

Category of business: Woman-Owned; 
Planned percentage participation goal: 5; 
Actual percentages reported as of March 31, 2010: 1.70%; 
Subcontracting dollars awarded as of March 31, 2010: $13,491,664. 

Category of business: HUBZone; 
Planned percentage participation goal: 1; 
Actual percentages reported as of March 31, 2010: 2.35%; 
Subcontracting dollars awarded as of March 31, 2010: $18,615,635. 

Category of business: Veteran-Owned; 
Planned percentage participation goal: 3.5; 
Actual percentages reported as of March 31, 2010: 4.02%; 
Subcontracting dollars awarded as of March 31, 2010: $31,917,214. 

Category of business: Service-Disabled Veteran-Owned; 
Planned percentage participation goal: 3; 
Actual percentages reported as of March 31, 2010: 1.13%; 
Subcontracting dollars awarded as of March 31, 2010: $8,978,247. 

Category of business: Overall small business; 
Planned percentage participation goal: 40; 
Actual percentages reported as of March 31, 2010: 33.05%; 
Subcontracting dollars awarded as of March 31, 2010: $262,221,614. 

Source: Prime Contractor's Supplier Diversity Roundtable Report, March 
31, 2010. 

[End of table] 

SBI prime contractor officials told us they relied on self reported 
subcontractor data to report on the extent to which it met established 
small business participation targets. 

Implications of January 2011 Decision to End the Original SBInet 
Program: 

DHS's January 2011 decision to end the original SBInet program has 
implications for contractor payments controls under both the original 
SBInet program and its successor program. That is, our SBInet 
contractor payment findings apply to the remaining residual original 
SBI program funds, to SBInet contract closeout audits, and as "lessons 
learned" for the successor SBI technology program. 

In January 2011, the Secretary directed CBP to end SBInet as 
originally conceived as a single technology solution, and instead to 
implement a new border security technology portfolio approach 
utilizing existing technologies tailored to specific sectors of the 
Southwest border and their varying terrains and population densities. 
DHS announced that it intends to acquire all the technologies for the 
new approach through full and open competitions. The Secretary also 
directed that while the new technology approach should include 
elements of the former SBInet program where appropriate, DHS did not 
plan to use the current SBInet prime contract to procure any of the 
technology systems under the new plan. Therefore, our SBInet 
contractor payment findings are directly relevant to the remaining $80 
million in original SBI program funds obligated but not yet disbursed. 
As discussed previously, CBP has an opportunity to improve the design 
of its preventative controls with respect to the remaining funds to be 
paid to the original SBInet program prime contractor. 

Further, our findings have implications for the contract closeout 
activities associated with the contract and task orders under the 
original SBInet program. Given our findings on the design of prime 
contractor payment controls under the original SBInet program, prompt 
action to complete closeout audits related to payments to the prime 
contractor under the original SBInet program contract and task orders 
is imperative. 

While CBP has the authority to do so as of February 2011, it had not 
yet requested that DCAA to conduct closeout audits on any of the 
original SBInet program contracts and related task orders. CBP actions 
to timely request and monitor effective completion of these audits are 
important because it may take several years for a contractor to close 
its books and additional time for DCAA to review the final rates 
applicable in each calendar year. Also, in requesting and monitoring 
contract closeout audits, it will be important that CBP also provide 
information on our findings so that DCAA can adjust its planned review 
and testing procedures accordingly. However, CBP has not yet 
established a monitoring mechanism to follow up on the status of any 
DCAA closeout audits. 

Internal control standards provide that any previously identified 
deficiencies related to an entity or program should be considered in 
planning future audits of the entity or program.[Footnote 22] They 
also state that an entity should establish performance monitoring 
activities. Such monitoring represents an essential internal control 
activity that can be used to help assess the effectiveness of CBP 
controls over contractor payments (including vulnerability to, and 
recovery of, any improper payments), and whether any additional follow-
up actions are necessary. 

Finally, our findings concerning payments to the prime contractor 
under the recently ended SBInet program are useful as "lessons 
learned." Our findings related to DHS controls over prime contractor 
payments under the original SBInet program will be applicable to 
designing procedures and controls for future technology portfolio 
contracting efforts. Our findings related to the design of current 
SBInet prime contractor payment policies and procedures represent 
important "lessons learned" for designing and implementing appropriate 
controls over contractor payments under the new technology portfolio 
approach. 

Conclusions: 

Effective controls over contractor payments are essential to helping 
provide assurance that SBInet program funds were disbursed only for 
authorized goods and services, and in the correct amounts. Because 
preventative controls are generally more cost-efficient and effective 
than detective controls, timely actions to strengthen controls in this 
area are particularly important with respect to the remaining $80 
million in original SBInet program funds not yet disbursed. 
Furthermore, given the nearly $800 million in contract payments CBP 
already disbursed, full and timely completion of detective controls, 
particularly closeout audits, will also be essential in providing 
reasonable assurance that SBInet program funds were disbursed only for 
authorized goods and services and in the correct amounts. As such it 
will be important for CBP to take prompt actions to (1) request that 
DCAA design and conduct closeout audits recognizing the need to 
strengthen detective controls and (2) establish a mechanism to 
coordinate and track completed closeout audits to ensure that such 
audits are fully effective, and completed in time to effectively 
address to any errors or improper payments identified. Further, our 
findings concerning the design of CBP's controls over payments to the 
prime contractor under the recently ended SBInet program serve as 
"lessons learned" to be considered in designing and implementing 
controls as part of the newly announced technology portfolio approach. 

Recommendations for Executive Action: 

We recommend that the Secretary of Homeland Security direct CBP's SBI 
Contracting Division Director to take the following five actions. 

With respect to the remaining funds not yet disbursed under the 
original SBInet contract; 

* Revise CBP's SBI SOPs to require the SBInet contractor to submit 
data supporting invoiced costs to CBP in sufficient detail to 
facilitate effective CO and COTR invoice review. 

* Revise CBP's SBI SOPs to include specific, risk-based steps required 
for COs and COTRs to properly review and approve contractor invoices 
to ensure that they accurately reflect all program costs incurred, 
including specifying required documentation of such review and 
approval. 

With respect to closeout audits under the original SBI prime contract 
and any task orders that receive closeout audits under DHS's SOPs, 

* Request that DCAA to perform closeout audits as expeditiously as 
possible, including providing information on the contractor payment 
control findings concerning the original SBInet program that we 
identified for consideration in determining the extent and nature of 
DCAA testing required as part of such audits. 

* Establish procedures for coordinating with DCAA to monitor the 
status of closeout audits related to the original SBInet program. 

With respect to the new technology portfolio approach: 

* Document the consideration, and incorporation as appropriate, of 
lessons learned based on our findings on the design of controls over 
payments to the original SBInet contractor in designing and 
implementing contract provisions and related policies and procedures 
for reviewing and approving prime contractor invoices. Such provisions 
should provide for obtaining sufficiently detailed data supporting 
invoiced costs to support effective invoice reviews and include the 
specific, appropriately risk-based steps required for COs and COTRs to 
carry out an effective contractor invoice review. 

Agency Comments and Our Evaluation: 

In commenting on a draft of this report, DHS concurred with two of our 
recommendations and concurred in principle with the remaining three. 
DHS agreed that the government needs to perform adequate review of 
contractor requests for interim and final payments and that the 
government should maintain effective and repeatable processes for risk-
based reviews to provide effective "preventative" management controls. 
With respect to the two recommendations for which it concurred, DHS 
cited actions under way to provide more focused, risk-based invoice 
review procedures, and incorporate lessons learned from past contactor 
invoice review experience into policies and procedures for invoice 
review under the new technology portfolio approach. 

For the three recommendations with which it concurred in principle, 
DHS expressed concerns with respect to the cost-effectiveness or 
appropriateness of the recommended actions. Specifically, regarding 
our recommendation to revise CBP's procedures to require the SBInet 
contractor to submit data supporting invoiced costs to CBP in 
sufficient detail to facilitate effective CO and COTR invoice review, 
CBP stated that it plans to enhance its current required review 
process by June 30, 2011 to provide copies of all contractor invoices 
directly to DCAA. However, DHS commented that requiring the prime 
contractor to submit substantial supporting documentation data where 
controls are already in place is not cost-effective. In this regard, 
we modified our recommendation by deleting examples of details to 
accompany invoices in order to allow CBP flexibility to decide 
specifically what detailed supporting data are needed. Nonetheless, as 
evidenced by numerous CO and COTR requests for more detailed data to 
support their invoice reviews discussed previously in our report, we 
continue to believe that the contractor should be required to provide 
information in sufficient detail to facilitate invoice reviews that 
can function as effective preventative controls in this area. 

DHS also concurred in principle with our recommendations to request 
and monitor the expeditious completion of DCAA closeout audits. DHS 
agreed that there is a need to close out contracts as soon as 
practical and plans to continue to discuss with DCAA the importance of 
completing annual incurred cost audits so that contracts can be 
closed. However, DHS commented that DCAA management, not DHS, 
ultimately determines the completion of these audits. As discussed in 
our draft report, the focus of our recommendations was on DHS 
assisting DCAA in efficiently and effectively carrying out its 
responsibilities. Specifically, we recommended that DHS provide DCAA 
with information on our findings concerning the SBInet contractor's 
invoices to help focus its audit work and coordinate with DCAA to 
monitor the status of closeout audits. We continue to believe that DHS 
and CBP need to establish a mechanism to monitor completed closeout 
audits to ensure that such audits are fully effective and completed in 
time to effectively address to any errors or improper payments 
identified. By strengthening their monitoring of the status of DCAA 
closeout audits, DHS and CBP officials could better help ensure that 
corrective actions and lessons learned are effectively implemented and 
adopted, as appropriate. We therefore believe that these two 
recommendations remain valid. We also made changes as appropriate 
throughout the draft in response to DHS technical comments. 

We are sending copies of this report to the Chairmen and Ranking 
Members of the Senate and House Committees on Appropriations and other 
Senate and House committees and subcommittees that have authorization 
and oversight responsibilities for homeland security. We will also 
send copies to the Secretary of Homeland Security, the Commissioner of 
U.S. Customs and Border Protection, and the Director of the Office of 
Management and Budget. The report also is available at no charge on 
the GAO Web site at http://www.gao.gov. 

Should you or your staff have any questions on matters discussed in 
this report, please contact me at (202) 512-9095 or at 
raglands@gao.gov. Contact points for our Offices of Congressional 
Relations and Public Affairs may be found on the last page of this 
report. Key contributors to this report are listed in appendix I. 

Signed by: 

Susan Ragland: 
Director, Financial Management and Assurance: 

[End of section] 

Appendix I: GAO Contact and Staff Acknowledgments: 

Homeland Security: 

May 18, 2011: 

Susan Ragland: 
Director, Financial Management and Assurance: 
U.S. Government Accountability Office: 
441 G Street, NW: 
Washington, DC 20548: 

Re: Draft Report GAO-11-68 "Secure Border Initiative: Controls over 
Contractor Payments for the SBI Technology Component Need Improvement" 

Dear Ms. Ragland: 

Thank you for the opportunity to review and comment on this draft 
report. The U.S. Department of Homeland Security (DHS) and the U.S. 
Customs and Border Protection (CBP) appreciate the U.S. Government 
Accountability Offices's (GAO's) work in planning and conducting its 
review and issuing this report. 

DHS agrees that the government needs to perform adequate review of 
contractor requests for interim and final payments. DHS also agrees 
that the government should maintain effective and repeatable processes 
for risk-based reviews to provide effective "preventive" management 
controls. While we are in general agreement with the report's 
recommendations, some of the detailed conclusions in the draft 
report — specifically statements regarding documentation sufficiency 
for cost reimbursement type orders and recommendations for performance 
of "closeout audits"— require additional discussion and clarification, 
which we provide here and incorporate into our responses to the 
report's recommendations. 

During the first year and half of the contractor's performance, CBP 
worked to ensure appropriate management controls were in place to 
oversee contractor performance, including controls for interim 
payments (public vouchers). Controls established as a result of these 
activities have enabled CBP officials to review and approve (and 
reject) contractor public vouchers and ultimately provide assurance 
the government is reimbursing the contractor only for allowable costs 
on public vouchers and at final payment. 

The master contract with the Boeing Company allows CBP to award two 
general types of task orders: firm fixed-price and cost reimbursement. 
The former type of order provides the government with the least cost 
risk, the latter with far more risk. Accordingly, payment terms for 
each type of contract vary significantly: 

* Firm fixed-price orders are paid when goods or services are 
delivered (note that the cost allowability rules in FAR Part 31 apply 
to pricing of firm fixed price contracts when cost analysis is 
performed, but not to payments under those contracts). Payment on such 
contracts are not based on actual costs incurred, and as such do not 
require a review of whether the costs are allowable. As such, these 
contracts do not require the contractor to submit supporting cost data 
regarding actual costs incurred. 

* Cost type orders are paid on the basis of actual allowable costs 
incurred and are considered provisional – or interim – payments. At 
the end of contract performance, a final invoice request is received 
and a final "adjustment payment" is made, which reflects the 
difference between the interim amounts reimbursed and the final total 
amount due. The final total amount due is determined through Defense 
Contract Audit Agency (DCAA) annual incurred cost audits. These audits 
review all costs incurred on contractor cost type contracts for a 
particular fiscal year, i.e., they are not performed on a contract by 
contract basis. The results of the audit, including the allowable 
direct and indirect costs for each contract, are provided to all of 
the contracting officers that have costs incurred on cost type 
contracts for that fiscal year. 

Given the developmental nature of the initial Secure Border Initiative 
Network (SBInet) technology, CBP awarded cost-reimbursement type task 
orders for the SBInet Block 1 developmental phase of the program. 

Discussion: 

The unique nature of payments under cost reimbursement type orders is 
defined by Federal Acquisition Regulations (FAR) at Subpart 32.001: 

"Commercial interim payment" means any payment that is not a 
commercial advance payment or a delivery payment. These payments are 
contract financing payments for prompt payment purposes (i.e., not 
subject to the interest penalty provisions of the Prompt Payment Act 
in accordance with Subpart 32.9). A commercial interim payment is 
given to the contractor after some work has been done..." 

"Contract financing payment" means an authorized Government 
disbursement of monies to a contractor prior to acceptance of supplies 
or services by the Government. 

(1) Contract financing payments include: 

(vi) Interim payments under a cost reimbursement contract, except for 
a cost reimbursement contract for services when Alternate 1 of the 
clause at 52.232-25[Footnote 1], Prompt Payment, is used." 

Interim payments under cost reimbursement contracts are subject to 
final audit, i.e., the amount paid on an interim basis are adjusted at 
the end of the contract to reflect the final amounts owed.
Once the final amounts owed are determined, the difference between the 
interim and final payments is computed, and the difference is paid to 
the contractor (if the final payment exceeds the interim payment, 
which occurs in most instances) or the contractor provides a refund to 
the government (in those instances where the interim payments exceed 
the final amount due). Thus, although costs claimed for both interim 
and final payments must be allowable, government review for final 
payment is performed at a more detailed level, since this is the final 
determination of how much the government will ultimately pay. However, 
the government also reviews interim payments using risk-based 
procedures, and has additional protections to assure there are no 
overpayments during contract performance. These protections include 
the following: 

* The amounts billed during each contractor fiscal year are adjusted 
on a regular basis to reflect any significant differences between the 
indirect rates being charged and the actual rates being incurred. DCAA 
monitors the indirect rates to assure the contractor complies
with this requirement. 

* The government withholds 10 percent of the contractor's fee to 
mitigate any potential interim overbillings. 

* The government generally does not pay the interim payments if the 
contractor has significant deficiencies in their accounting or billing 
systems. In the subject instance, the SBInet contractor has accounting 
and billing systems that have been deemed acceptable by DCAA. 

For the SBInet contract, Boeing has adhered to the general guidance 
promulgated by DCAA regarding interim and final payment requests, 
including the format and content required for its vouchers.[Footnote 
2] In particular, CBP is following the FAR requirement for withholding 
a percentage of the contract fee, which provides further protection to 
the government should an instance arise where an unallowable cost is 
included and paid in an interim payment request. Furthermore, the 
annual incurred cost audit, which DCAA performs in accordance with 
Generally Accepted Government Auditing Standards, provides assurance 
that final payments to the contractor will only include allowable 
costs in accordance with the provisions of FAR Part 31. 

This general construct serves as the foundation for CBP's management 
and review of interim payment requests under its orders with Boeing. 
To augment these robust controls, CBP relies on a series of management 
controls and supporting information necessary to properly oversee and 
process interim payment requests. These controls typically include CBP 
reviewing the contractor's detailed cost account plans — derived 
originally from their cost proposal — that identify planned labor 
hours, labor rates, travel estimates (i.e., numbers of trips, 
locations, etc), as well as indirect and other allocated costs. 
Moreover, monthly contractor cost reporting identifies actual labor 
hours expended, actual labor costs incurred, actual travel events and 
costs incurred, as well as indirect and other allocated costs. The 
government and contractor management teams collectively review this 
information jointly at least monthly, and usually weekly, in 
Integrated Product Teams (IPTs). As part of these management controls, 
CBP also receives monthly status reports from Defense Contract 
Management Agency (DCMA) that include Defense Contract Audit Agency's 
(DCAA's) assessment of the overall health of Boeing's accounting 
system. 

This recurring management activity is normally sufficient for CBP 
officials to develop a detailed understanding of the work the 
contractor performed, costs the contractor incurred, products the 
contractor delivered, travel the contractor completed, and whether the 
actual performance is consistent with the negotiated contract terms 
and rates. Therefore, armed with the cost performance information and 
insights from management discussions regarding the actual contractor's 
performance, CBP officials are well postured each month to conduct a 
review of the contractor's interim payment requests and to determine 
whether the request conforms to the contractor's actual performance. 

When situations have arisen where interim payment requests are 
questioned or rejected, additional information is requested of the 
contractor. On occasion, CBP has also requested DCAA conduct spot 
audits on individual payment requests. DCAA's tests determined that 
the contractor invoices were accurate, invoice preparation procedures 
were adequate, the billing system was reliable, and actual invoiced 
costs were reasonable and accurate. 

Finally, CBP acknowledges the potential value and opportunity for 
continued process improvement and is establishing and aligning invoice 
approval procedures based on "lessons learned," a recent 
reorganization, and the need to manage prescribed time lines to avoid 
late payment interest penalties. Also, CBP is improving Contracting 
Officer (CO) and Contracting Officer Technical Representative (COTR) 
awareness of the relative risks associated with the various contract 
types through its new COTR Management Program, announced in April 2011. 

CBP and the Department as a whole share the GAO concern for assuring 
there are effective controls. This is reflected by the recent revision 
to the DHS-DCAA Memorandum of Agreement. This agreement now provides 
for DCAA to receive copies of all interim payments
on cost type DHS contracts. DCAA will conduct a review of all interim 
payments in excess of $1 million, and will include all other interim 
payments as part of their periodic sampling universe. This process 
will ensure that (a) DHS is included in the regular monitoring by DCAA 
of the indirect rates, and (b) assist identifying any significant 
costs that were not reimbursable under the provisions of the FAR 
and/or the contract. CBP will include the requirement for the 
contractor to submit a copy of the public voucher directly to DCAA in 
all ongoing and future cost type contracts. 

Recommendations: 

The report contained five recommendations. As discussed below, DHS 
concurs or concurs in principle with all of the recommendations. 
Technical comments on the draft report have been provided under 
separate cover. 

Specifically, GAO recommended that the Secretary of the U.S. 
Department of Homeland Security, direct CBP's SBI Contracting Division 
Director to take the following actions: 

Recommendation #1: With respect to the remaining funds not yet 
disbursed under the original SB1net contract, revise CBP's SBI SOPs to 
require the SBInet contractor to submit data supporting invoiced costs 
to CBP in sufficient detail to facilitate effective CO and COTR 
invoice review (for example, requiring invoice support to include 
hours worked and labor rates used for invoiced lump sum direct-labor 
cost charges). 

Response: Concur in principle. DHS agrees that it is imperative for a 
contractor to provide sufficient information to support an effective 
government CO and/or COTR review and approval. CBP will continue to 
exercise robust invoicing review activities that rely on (1) extensive 
performance and cost information routinely furnished by the 
contractor, and (2) the Defense Contacting Audit Agency (DCAA) reviews 
of the contractor's accounting and billing systems, as well as 
vouchers, for continued assurance of invoice accuracy and reliability.	

In addition, as part of our efforts for continuous improvement, CBP will 
enhance the current review process by incorporating the recently 
revised DHS Memorandum of Agreement with DCAA to conduct detailed 
examinations of all contractor requests for interim payments that exceed
$1 million and all first vouchers under its cost type orders and 
contracts. 

While DHS concurs in principle with the GAO recommendation, requiring 
the contractor to submit substantial supporting data as part of the 
public voucher submission is not cost-effective where controls such as 
those implemented by CBP are in place. In fact, the Department of
Defense has recognized, via two memorandums to contracting personnel, 
the duplication in effort that results from requiring contractors to 
submit detailed supporting data with each interim voucher. This 
approach results in extensive additional data submitted (which is done 
at a significant cost to the government, since the contractor charges 
those costs to government contracts). Such additional data could 
include a multi-hundred line item report each month, for each invoice, 
identifying hours worked, hourly rates, by prime contractor and by 
subcontractor, by employee and work site, with travel claims, etc. 
This additional detail would not be a cost-effective improvement for 
the recurring interim payment review and is contrary to established 
best practices for interim payment reviews.[Footnote 3] 

By June 30, 2011, CBP will take the following actions: 

(1) Modify all existing cost reimbursement contracts to include a 
requirement for the contractor to send a copy of all public vouchers 
(requests for interim payment) directly to the cognizant DCAA field 
office; and; 

(2) Modify standard operating procedures to require that any new cost 
reimbursement contracts/orders include a requirement for the 
contractor to send a copy of the public vouchers directly to the 
cognizant DCAA field office. 

Recommendation #2: With respect to the remaining funds not yet 
disbursed under the original SBInet contract, revise CBP's SBI SOPs to 
include specific, risk-based steps required for COs and COTRs to 
properly review and approve contractor invoices to ensure that they 
accurately reflect all program costs incurred, including specifying 
required documentation of such review and approval. 

Response: Concur. CBP's Office of Technology Innovation and 
Acquisition (OTIA) Program Management Office and Procurement 
Directorate are updating the invoice review and approval process, to 
include identifying risk-based steps that accommodate various contract 
types (e.g., cost-type invoice risks and procedures are different than 
fixed-price contracts), focusing on timeliness for invoice approval 
and improving awareness and utilization of numerous contract data 
sources to facilitate invoice approvals (Estimated Completion Date:
June 30, 2011). 

Recommendation #3: With respect to closeout audits under the original 
SBI prime contract and any task orders that receive closeout under 
DHS's SOPs, request that DCAA perform closeout audits as expeditiously 
as possible, including providing information in the contractor payment 
control findings concerning the original SBInet program that we 
identified for consideration in determining the extent and nature of 
DCAA testing required as part of such audits. 

Response: Concur in principle. DHS agrees that there is a need to 
close contracts as soon as practical after contract performance is 
complete. As part of this process, DHS will work closely with DCAA to 
try to facilitate the required audits. However, as previously noted in 
our response, the key to closing the contract is completion of the 
DCAA annual incurred cost audits. The contracts cannot be closed until 
these audits are completed. DHS notes that completion of these audits 
is ultimately determined by DCAA management, not DHS. However, DHS 
will continue to discuss with DCAA senior officials the importance of 
completing the annual incurred cost audits so that the contracts can 
be closed. 

CBP will close contracts within 90 days after receipt of the DCAA 
annual incurred cost audits that cover all contract years for the 
particular contract/task order at issue. As previously noted, such 
close out is contingent upon DCAA completion of the annual incurred 
cost audits (DCAA audits final incurred costs based on contractor 
fiscal years, not individual contracts). 

Recommendation #4: With respect to closeout audits under the original 
SBI prime contract and any task orders that receive closeout under 
DHS's SOPs, establish procedures for coordinating with DCAA to monitor 
the status of closeout audits related to the original SBInet program. 

Response: Concur in principle. DHS agrees with the GAO on the 
importance of having procedures for coordinating with DCAA on the 
status of closeout audits. However, such procedures are already in 
place. A current Interagency Agreement exists for the CBP contracting 
team to request DCAA support with financial controls and closeout 
audits. We currently receive from the Administrative Contracting 
Officer, on a monthly basis, a system status matrix (update) used to 
monitor Boeing's systems status (i.e., accounting, billing, budget 
compensation, information technology, estimating, indirect, labor, 
material, purchasing and control environment); the status of forward 
pricing; the status of Incurred Cost Audits; and the status of 
disclosure statement and Cost Accounting Standards issues. In 
addition, our resident DCAA Financial Liaison Advisor has access to 
the Boeing Contract Audit Coordinator network, and the staff of DCAA 
Field Office in Huntsville, AL, to remain apprised of the status of 
Boeing contract audits and Boeing corrective action progress. However, 
as previously noted, contract closeout audits cannot be performed 
until DCAA has conducted its annual incurred cost audits for the 
contractor business segment. 

Recommendation #5: With respect to the new SBI technology plan, 
document the consideration, and incorporation as appropriate, of 
lessons learned based on GAO's findings on the design of controls over 
payments to the original SBInet contractor in designing and 
implementing contract provisions and related policies and procedures 
for reviewing and approving prime contractor invoices. Such provisions 
should provide for obtaining sufficiently detailed data supporting 
invoiced costs to support effective invoice reviews and include the 
specific appropriately risk-based steps required for COs and
COTRS to carry out an effective contractor invoice review. 

Response: Concur. As discussed in response to Recommendation #2, the 
OTIA Program Management Office and Procurement Directorate are 
updating policies and processes for reviewing and approving contractor 
invoices on the basis of lessons learned from the past, as well as 
enhancements now available through a new DCAA support agreement for 
expanded invoice review support. CBP will continue to rely on 
extensive periodic program cost and status reporting information to 
review and approve interim payment invoices on cost-type contracts. In 
the future, CBP's processes will highlight both (1) risk-based steps 
required by COs and COTRs, and (2) appropriate use of all available 
performance and cost information to approve interim contract payments 
(Estimated Completion Date: June 30, 2011). 

Please note that CBP has no new SBI technology plan. There is, 
however, a new technology portfolio approach that replaces the 
obsolete SBInet program. The acquisition strategy for the current 
portfolio of procurements includes limited cost-type contracting. 

Again, thank you for the opportunity to review and comment on this 
draft report. We look forward to working with you on future Homeland 
Security issues. 

Sincerely, 

Signed by: 

Jim H. Crumpacker: 
Director: 
Departmental GAO/OIG Liaison Office: 

Footnotes: 

[1] Alternate I of the Prompt Payment clause is applicable to most 
cost type orders under Boeing's master contract. This provision allows 
for the payment of interest under cost reimbursement type orders for 
services. 

2 Reference DCAA's guide: DCAAP 7641.90 January 2005 - Information For 
Contractors, found at [hyperlink, 
http://www.dcaa.mil/dcaap7641.90.pdf]. 

[3] Reference memorandum from the Principal Deputy Undersecretary for 
Defense, Acquisition and Technology, of October 2001, Public Vouchers. 

[End of Appendix I] 

Appendix II: 

GAO Contact: 

Susan Ragland, (202) 512-9095 or raglands@gao.gov: 

Staff Acknowledgments: 

In addition to the contact named above, Chanetta Reed, Assistant 
Director; Kwabena Ansong; Heather Dunahoo; Nicholas Epifano; Aaron 
Livernois; and Stephen Lowery made key contributions to this report. 

[End of Appendix II] 

Footnotes: 

[1] See for example, GAO, Secure Border Initiative: DHS Needs to 
Strengthen Management and Oversight of Its Prime Contractor, 
[hyperlink, http://www.gao.gov/products/GAO-11-6] (Washington, D.C.: 
Oct. 18, 2010); Secure Border Initiative: DHS Needs to Address Testing 
and Performance Limitations That Place Key Technology Program at Risk, 
GAO-10-158 (Washington, D.C: Jan. 29, 2010); and Secure Border 
Initiative: DHS Needs to Address Significant Risks in Delivering Key 
Technology Investment, [hyperlink, 
http://www.gao.gov/products/GAO-08-1086] (Washington, D.C.: Sept. 22, 
2008). 

[2] GAO, Standards for Internal Control in the Federal Government, 
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] 
(Washington, D.C.: November 1999). 

[3] Throughout this report, we use the term invoice (consistent with 
FAR 2.101) to refer to a contractor's bill or written request for 
payment under a contract using standard form 1034 "Public Voucher for 
Purchases and Services Other Than Personal." 

[4] IDIQ contracts are used when the government cannot predetermine, 
above a specified minimum, the precise quantities of supplies or 
services that the government will require during the contract period. 
Under IDIQ contracts, the government can issue delivery orders (for 
supplies) and task orders (for services). 

[5] While the prime contractor submitted a total of 101 invoices for 
these five task orders during this time frame, 2 invoices were 
rejected and included in a subsequent invoice. 

[6] During this time frame we also issued GAO-11-6 in response to this 
congressional request. 

[7] COs are responsible for ensuring performance of all necessary 
actions for effective contracting, ensuring compliance with the terms 
of the contract, and safeguarding the interests of the United States 
in its contractual relationships. COs have authority to enter into, 
administer, or terminate contracts. 

[8] A COTR is delegated authority by the CO to monitor the 
contractor's progress, including the surveillance and assessment of 
performance and compliance with project objectives. 

[9] These SOPs were issued by the SBI Acquisition Office which was 
consolidated into the CBP Office of Administration Procurement 
Directorate as the SBI Contracting Division in November 2009. 

[10] SBI Acquisition Office, SBI Community-400-01 (Oct. 31, 2008). 

[11] Preventative controls are designed to prevent improper payments, 
or waste, before the payment is made. Detective controls are designed 
to identify improper payments, or waste, after the payment is made. 

[12] DHS officials commented that more recent guidance calls for the 
Project Manager to confirm the COTR's recommendation to approve the 
invoice. 

[13] The Homeland Security Acquisition Manual (HSAM) and a memorandum 
of understanding between DHS and DCAA included in the HSAM establish 
contract audit relationships between DHS and DCAA. 

[14] GAO, Internal Control: Streamlining the Payment Process While 
Maintaining Effective Internal Control, [hyperlink, 
http://www.gao.gov/products/GAO/AIMD-21.3.2] (Washington, D.C.: May 
2000). 

[15] Contract reserve adjustments are amounts that represent prime 
contractor charges in excess of available funds for a specific 
contract line item. These amounts are adjusted after funding 
availability is confirmed. 

[16] The Small Business Act defines a small business as a business 
concern that is independently owned and operated and is not dominant 
in the field of operation. The act states that the definition of a 
small business shall vary from industry to industry to the extent 
necessary to reflect industry differences. Small business size 
standards define the maximum size that a concern, together with all of 
its affiliates, may be if it is to be eligible for federal small 
business programs. 

[17] A small disadvantaged business is a small firm owned and 
controlled by one or more individuals who are socially and 
economically disadvantaged. 

[18] A woman-Owned Small Business is a small business concern in which 
one or more women have 51 percent or more stock ownership. 

[19] HubZone Small Business is a small business that must be at least 
51 percent controlled by U.S. Citizens, or a Community Development 
Corporation, or an agricultural cooperative or an Indian tribe. The 
principal office must be located within a HUBZone and at least 35 
percent of its employees must reside in a HUBZone. 

[20] A Veteran-Owned Small Business is a small business that is at 
least 51 percent unconditionally owned by one or more veterans (as 
defined at 38 U.S.C. 101(2)) and whose management and daily business 
operations are controlled by one or more veterans. 

[21] A Service Disabled Veteran-Owned Small Business is a small 
business that is at least 51 percent unconditionally and directly 
owned by one or more service-disabled veterans. The veteran must have 
a service-connected disability that has been determined by the 
Department of Veterans Affairs or his or her respective military 
branch of service. 

[22] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: