IG: VA Biased in Awarding Infosec Contract

VA Disputes IG Claim that Process Favored Incumbent Provider
IG: VA Biased in Awarding Infosec Contract

The Department of Veterans Affairs may have been biased when it awarded last year a high-bid, $133 million IT security services contract to the incumbent provider, the consultancy Booz Allen Hamilton, the VA inspector general said in a just-issued audit.

See Also: A CISO’s Guide to Defender Alignment

Two other vendors offered to provide the same services for $109 million and $115 million.

A VA executive vehemently disagreed with the IG's contention that it showed bias in awarding the contract, saying Booz Allen clearly demonstrated strengthens over the other bidders irrespective of its incumbency.

VA put up for bid services to improve and support its information security, privacy and risk management programs as well as the daily activities and responsibilities of the department's Office of Information Protection and Risk Management, tasks similar to those performed by Booz Allen for the previous two years.

"Organizational knowledge can be a key consideration in evaluating vendor proposals and a deciding factor where multiple bids are indistinguishable," Assistant Inspector General Belinda Finn wrote in the audit dated Dec. 20. "However, as explained in the Federal Acquisition Regulation 15.304, such knowledge should not be a justification for assigning strengths and weaknesses without first identifying the criteria as a significant evaluation factor in the RFQ (request for quotation)."

The unidentified losing vendors did not complain about the bidding process, and Finn said her findings were aimed at educating VA officials. "We are sending this memorandum to alert you of issues and to make recommendations for improving future VA acquisitions of information technology products and services," she said.

The audit revealed that knowledge of VA procedures and practices was the most significant evaluation factor in determining the best overall technical proposal, and Finn faulted the department for failing to disclose knowledge of its procedures and practices as a significant evaluation factor, which prevented all vendors from submitting comparable proposals and placed potential contractors at a disadvantage in the bidding process.

VA traded off lower cost in favor of vendors' technical knowledge of departmental procedures and practices in evaluating the offers, the audit said. "The weighting of its knowledge and experience with VA procedures and practices was a key factor in Booz Allen Hamilton winning the technical evaluation and ultimately the contract award decision," Finn said. "If knowledge of VA procedures and practices had not been used as a key evaluation factor, another vendor might have won the contract at lower cost to the government."

Glenn Haggstrom, executive director of VA's Office of Acquisition, Logistics and Construction, took exception with the IG's conclusions in a five-page rebuttal. Haggstrom said the technical evaluation panel did not place greater emphasis on knowledge of VA procedures than on any other factors when evaluating the vendors' proposals, and that seven of the nine "significant strengths" awarded to BoozAllen made limited or no mention of the contractor's VA experience.

"Basically, if the word 'VA' is mentioned in the strength then it was mistakenly assumed it was the sole basis for the assessment," Haggstrom wrote. "The OIG (Office of Inspector General) ignored the comprehensive and detailed basis for the strength/weakness assessments."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.