our approach to procurement integrity

Procurement Integrity

“Specializing in assessment and mitigation strategies for procurement integrity to reduce the risk of financial and reputation losses”

Introduction

Procurement Integrity Consulting Services (PICS)

www.procurement-integrity.net

[email protected](540) 907-8654

Tom Caulfield

http://www.procurement-integrity.net/

mailto:[email protected]

Learning Objectives

- Identify the various approaches to ensure procurement integrity

- Understand the predictive model approach to procurement integrity

- Describe four (4) strategies within the OIG profession to combat procurement fraud and abuse.

- Describe the Procurement Integrity Control System

Procurement Fraud


All phases of obtaining necessary goods and services areperformed with transparency, confidentially, competitiveness,fairness, is honest, impartial, legal, can be audited andsupports a valid requirement within the organization.

In sum, to ensure that all contracting is done with the highestdegree of procurement integrity and free from fraud andabuse.

Anything less places an organization at significant risk tocontract termination, default, litigation, and for a privateentity, suspension and/or debarment.


National Reconnaissance Office/OIG

Procurement Integrity Assurance Program (PIAP)

Port Authority/OIG

Fraud Prevention Program for Major Capital Construction Projects;Vendor Integrity Program; and Integrity Awareness Program

United States Postal Service/OIG

Risk Assessment Data Repository (RADR)

Palm Beach County/OIG

Contract Oversight and Evaluations Division

Procurement Integrity Consulting Services

Procurement Integrity Control System®

Procurement Integrity Efforts



Port Authority/OIG








Share Success Stories



Port Authority/OIG








Generate Ideas for your OIG


The Procurement Integrity Assurance Program(PIAP), was a focused, proactive and evolvingeffort by the NRO/OIG to enhance the efficiencyand integrity of the NRO’s procurement processesby detecting and exposing procurement fraudindicators/leads.

Procurement Integrity Assurance Program (PIAP) – Core Beliefs

There is no greater tool in the detectionof procurement fraud than knowledgeablegovernment and contractor employees,looking for, and reporting, potentialprocurement fraud to the OIG.

Procurement Integrity Assurance Program (PIAP) – Focused & Tailored

• The PIAP was a cross-functional programinvolving Auditors, Inspectors and Investigators- Focused on the NRO’s most-likelyprocurement fraud vulnerabilities. [InformalRisk Assessment]

• Tailored the program to generate procurementfraud indicators/leads from government andcontractor employees in positions to most-likelyobserve the indicators. [Targeted vs. Shotgun]

Procurement Integrity Assurance Program (PIAP) – 6 Components

EducationContractor

ReferralAudit

Inspection Steps

Information Exchange

Risk Analysis Data-Mining

Systemic Concerns

Procurement Integrity Assurance Program (PIAP) – Education

NRO/OIG educated employees through tailored briefings,publications, videos, and posters on the NRO’s most-likely procurement fraud vulnerabilities, along with how toreport potential violations to the OIG.

Procurement Integrity Assurance Program (PIAP) – Contractor Referral

The OIG maintained an effective NRO regularcontractor procurement fraud referral program throughinteraction with corporate ethics and procurementofficials, and through an OIG-specific contract clause.

FAR Subpart 52.203-13 - Ensure timely disclosure, in writing, to theagency OIG, with a copy to the Contracting Officer, whenever, inconnection with the award, performance, or closeout of this contract orany subcontract thereunder, the Contractor has credible evidence of:

• A violation of Federal criminal law involving fraud, conflict of interest,bribery, or gratuity violations found in Title 18 of the United States Code;or

• A violation of the Civil False Claims Act.

Procurement Integrity Assurance Program (PIAP) – Audit – Inspection

Staff trained to a high level of proficiency inprocurement fraud schemes and red flags.

Assigned PIAP Coordinator with the responsibility todiscuss potential procurement vulnerability detectionsteps in audit and/or inspection.

Included Vulnerability Assessment Questions, whichwere non-accusatory, non-threatening, informationgathering, procurement fraud focused questions.

Developed a Red-Flag Database, tracking medium/highrisk internal control weaknesses to a shared database{whether reported externally or not}.

Procurement Integrity Assurance Program (PIAP) – Information Exchange

They routinely exchanged investigative caseinformation with other NRO departments, like theAudit Department, Office of Security, Office ofContracts, along with other OIGs and lawenforcement agencies.

Procurement Integrity Assurance Program (PIAP) – Systemic Concerns

At the conclusion of each substantiatedprocurement fraud investigation, the OIG briefed theresults to the Office of Contracts and the AgencyAudit Department to collectively identify systemicconcerns for corrective action.

Procurement Integrity Assurance Program (PIAP) – Risk Analysis &

Data-MiningNRO/OIG attempted to develop methods to identifyprocurement fraud indicators through acquisition riskanalysis and financial system data mining.



Questions?

The Port Authority of New York & New Jersey OIG

The OIG Office of Investigations, in partnership with PortAuthority (PA) officials, have various programs to helpmaintain a corruption-free environment, including the:• Fraud Prevention Program for Major Capital

Construction Projects;• Vendor Integrity Program; and• Integrity Awareness Program.

The Port Authority of NY & NJ OIG - Fraud Prevention Program for Major Capital Construction Projects

The Fraud Prevention Program for Major Capital ConstructionProjects started with the redevelopment of the World TradeCenter site and expanded to include other major capitalconstruction projects. This effort has six components:

1. Integrity Monitors;2. Partnership with other Inspectors General; 3. OIG Fraud Hotline; 4. Vendor Integrity Program; 5. Background screening of contract employees; and 6. Integrity Awareness Program.

Project Specific Monitors

o Traditionally, Integrity Monitors have been associatedwith vendors who have had past integrity issues. But insome cases, monitors are appointed proactively andpaid for by the PA, due to the complexities of a projectand the need to monitor it on a daily basis to preventcost overruns, potential abuses, and other issues.

o Such effort cost the PA more on the front end, but arebelieved by PA to be cost-effective in the long run.

The Port Authority of NY & NJ OIG - Integrity Monitors

Project Specific Monitorso The services of the IM shall generally consist of performing

integrity monitoring services for the project, including butnot be limited to: creating, implementing and monitoringpolicies and procedures to ensure that the entities engagedin the project comply with relevant laws and regulations, aswell as preventing/deterring, uncovering and reportingunethical and illegal conduct.

o The IM shall work with the OIG in designing an appropriateintegrity-monitoring program for the project.


Company Specific Monitors - tailored to theproblems found and the types of remedial measuresneeded

o Nature and seriousness of the underlying misconduct.o Pervasiveness and duration of the misconduct, including

complicity or involvement of senior management.o The corporation’s history of similar misconduct and the nature

of the corporate culture.o The scale and complexity of remedial measures, including the

size of the entity or business unit.o Extension or early termination options.



Project Specific Monitors (Proactive)

o Large capital construction projects.o RFP: Direct Government contract with monitor.o Monitor paid by Port Authority.o Full period of construction project.

Company Specific Monitors (Reactive)

o Contractors with prior and/or ongoing integrity issues.o Monitoring is a condition of award and/or continued contract.o Company pays for the monitor and they are chosen by the

OIG.

The monitoring agreement will dictate when, andthe frequency, of written reports.

There is frequent contact (phone or in person)with the Monitor.

Any negative information uncovered is reportedASAP to be addressed.


The Port Authority of NY & NJ OIG - Vendor Integrity Program

To ensure that the Port Authority is doing businesswith firms that possess high ethical standards and arecord of law-abiding conduct, the OIG, inconjunction with other PA departments, conductsVendor Integrity Checks.

Vendor Integrity Checks are conducted on:o All contractor tiers > $100,000.o Selected industries (e.g., trucking, concrete, demolition,

asbestos and lead abatement, etc.).

Checks are conducted by PA Procurement and OIG.

Process begins with the entity completing an OIGBackground Qualification Questionnaire (“BQQ”).


BQQ includes information such as: General Identification Business Organization and History (including Key

People) Compliance

o Defaults, suspensions, debarments, lawsuits. o Imposed Integrity Monitor.o Pending investigations, arrests, indictments,

convictions.o Etc.


PA Procurement checks: Google Vendex Various Debarment Lists:

o (e.g., Federal EPL, NJ Debarment List, NYC TransitAuthority Debarment List, NYS Dept. of LaborDebarment List, NYC SCA Debarment List, POGO’sFederal Contractor Misconduct Database).


OIG checks:o Terrorist Watch List.o Organized Crime database.o OIG internal files.o Inspector General Community (Federal, State and

Local).

OIG helps mitigate steps when integrity relatedissues exist.



The OIG becomes part of the procurement processby embedding themselves. In doing so, they providereal time input. They review contract documentsbefore they are issued to make certain that languagepertaining to integrity controls is included. Inaddition, their main objective is to make certain that alevel playing field is maintained throughout theprocurement process.


Fraud Prevention Program for Major Capital Construction Projects; Vendor Integrity Program; and

Integrity Awareness Program.

Any Questions Call Them?

United States Postal Service Office of Inspector General

The USPS/OIG has developed its own in-houseautomated system to analyze data that visualizes theresults, identifying high-value “anomalies” for potentialfraud investigation. The system has a suite of algorithmsthat merges data from a variety of sources and scores iton the likelihood of fraud.


The USPS/OIG system is called Risk Assessment DataRepository (RADR) and was developed using subjectmatter and technical experts within the OIG working witha contractor [“Elder Research”]. The first algorithmdeveloped examined USPS worker compensationrecords for fraud. Three additional algorithms weredeveloped one being used to evaluate USPS contractingdata.


The contracting module has around 30 high-risk-indicators.o Utilizes various scales of 0 to 10 totaling to 100.

Scoring is based on “standard deviations” of a similar/known. Ranks the contracts based on weighted combinations of the

risk indicators. Sources of data:

o Contract Authoring & Management System.o Financial Management System.o Human Capitol.

Allows analysts and investigators to access and visualize dataon the high-risk contracts.

Risk Assessment Data Repository (RADR) - Example

Contract Modifications:

RADR (10) – Assign score based on standarddeviation away from average number of mods for asimilar type contract.o The more abnormally high the number of mods, the

higher the score.

Assign score based on the difference in daysbetween the award date and the first mod date ofthe contract.o The shorter the number of days, the higher the

score.

Risk Assessment Data Repository (RADR) - Example

Assigns score based on the number of times the nameof CO and COR are the same or CO/COR is therequester.

Assigns score based on standard deviation fromaverage cost of similar product type.

Assigns score based on whether or not the contract islisted as a non-competitive contract.

Assigns score based on the ratio of the sum of theinvoice line amounts to the current contract amount.o The higher the ratio is, the higher the score.


Questions?

Globally

E-Procurement

• Increasingly, predictive analytics and other advancedanalytic tools are used to increase efficiency andminimize risk in the procurement process.

1. Parameter Analytics (A + B = C)2. Distribution Analytics (%)3. Social Media or Link Analysis (Ownership)4. Predictive Analytics (Low to High)

DG

Development GatewayCorruption Risk Dashboard - The dashboard uses high-poweredanalytics and global research to identify risk profiles for potentialcorruption in procurement. This red-flagging tool can assist inidentifying procurement activities that merit in-depth auditing orpublic scrutiny, and view fluctuations in risk over time.

Department of Interior / OIG

Procurement Integrity Dashboard – Splash Page

Process Irregularities Payment Irregularities Ownership Irregularities Product Irregularities

Supplier (784)Procurement Unit (49)Contract (28,202)

OverviewProcess Irregularities - Payment Irregularities - Ownership Irregularities - Product Irregularities

Irregularities

500400300200100500

2018 2019 20202021

Filter Your Data – Procurement Method/Type Deliverable/Value Amount/Date Range

• Total number of Contracts • Total number of

Irregularities

1,787

28,202

The Contract with the most Irregularities

Contract Number Status Procurement

UnitContract

ValueAward Date

Number of Irregularitie

s2019-125 Closed SIGINT 657,009 3/1/2019 92020-043 Active MASINT 154,785 1/31/2020 82020-197 Active SIGINT 332,643 2/15/2020 82021-097 Closed MASINT 77,908 1/1/2021 52018-087 Closed SIGINT 125,670 2/12/2018 42019-245 Active IMINT 778,098 10/15/2019 32020-649 Active MASINT 1,123,857 11/30/2020 32020-875 Active IMINT 98,098 1/31/2020 32021-198 Active IMINT 456,132 2/1/2021 3

The Palm Beach County – Florida OIG Contract Oversight and Evaluations Division

The Contract Oversight and Evaluations Division(COED) is responsible for reviewing procurement andcontracting activities of the County, all 39municipalities, and other government entities withinthe OIG’s jurisdiction.

The goal of the COED is to promote accountability,integrity, openness, transparency, and efficiencythroughout county and municipal procurementprocesses.


COED reviews an entity's procurement process whichcould result in recommendations to addressshortcomings, irregularities and/or opportunities forimprovement;

Periodically attends contract selection committeemeetings and provides feedback with a managementletter, where appropriate; and

Conducts procurement and fraud awareness trainingfor county and municipal employees andvendors/contractors.


Contract Oversight and Evaluation Division Reports A review of one or more procurement/contracting

process/activity/area that identifies risks and irregularities,and opportunities for improvements.o These may be initiated in response to a complaint or

expressed concern;o At the request of management as a tool for program

improvement; or,o As a result of an OIG contract risk assessment.

The Palm Beach County – Florida OIGContract Oversight and Evaluations Division

Contract Risk Assessment Method

The Palm Beach County (PBC) OIG assessment has a two partcontract risk assessment method (Systemic Risk x SpecificRisk). They have an established “systemic risk” score (high,medium or low) for each of their jurisdictions based on a 2014COED review. High risk is a multiplier of “3”, medium risk at “2”,and low risk at “1”. That multiplier is then brought forward to thespecific risk score to get a total risk score.

The specific risk is calculated based on 6 specific risk factorsmeasured against individual contracts. The risk categories againare low (06 to 12), medium (13 to 24) and high (25 to 36).


Systemic Risk Factors

Updated 11-22-16

Contract Monitoring Procedure

Milestones Confirmed Staff Training Risk Assessment Observed Risk Problem Reports Total

Survey 2014OIG Observations while

doing other workCollected Reports be them

audit or investigation Pahokee 3 1 1 1 1 1 1 6Palm Springs 3 1 1 1 1 0 1 5Boca Raton 3 1 1 1 1 0 4Belle Glade 2 1 0 1 1 0 3Briny Breezes 2 1 1 1 1 1 1 6Cloud Lake 2 1 1 1 1 0 4Wellington 1 0 1 1 0 0 2Jupiter Inlet Colony 1 1 0 0 0 0 1Palm Beach Gardens 1 0 0 0 0 1 1 2


Systemic Risk Factors


Specific Risk Factors


Contract Risk Assessment Method

For example, West Palm Beach issued a RFP for a subjectcontract. OIG would complete the specific risk evaluation todetermine the specific risk based on the scores given for the sixspecific risk factors. Let’s say in this case, the specific risk is 9(low risk).

OIG has assessed West Palm Beach as having a high systemicrisk, so the systemic risk factor multiplier of 3 would bemultiplied against the specific risk of 9 to get a total risk score of27. This total score would make this West Palm Beach RFP ahigh risk activity.


Contract Risk Assessment Model


Palm Beach County Code (Article XII, Section 2-423)provides for the inspector general to be notified inwriting prior to any meeting of a selection committeewhere any matter relating to the procurement ofgoods or services by a municipality is to bediscussed.


Contract Oversight and Evaluations Division (COED)

Any Questions Call?

This control system consists of five (5) interrelated elementsthat when implemented correctly can function as aprocurement fraud and abuse risk mitigation programspecifically for today’s contracting processes.

PICS - “Procurement Integrity Control System®”

Commitment to Procurement IntegrityTailored Vulnerability AssessmentProtections within PolicyTargeted Information SharingIdentification of Deficiencies

1. PICS - “Procurement Integrity Control System®”2. GAO - “Fraud Risk Management Framework”3. COSO/ACFE - “Fraud Risk Management Guide”

Aligns with GAO and COSO/ACFE

Commitment to Procurement Integrityo Demonstrated commitment to procurement integrity

within an ethical culture.


COSO/ACFE & GAO = Control Environment

Tailored Vulnerability Assessmento Focused and tailored assessment of the

organization's greatest risks to the traditionalprocurement fraud and abuses schemes, alongwith employee non-compliance to procurementpolicies, procedures, processes and instructions.


COSO/ACFE & GAO = Risk Assessment

Protections within Policyo Sound protections built into organizational policies,

procedures, processes and instructions that aredesigned to the organization's unique vulnerabilitiesto procurement fraud and abuse.


COSO/ACFE & GAO = Activity Controls

Targeted Information Sharingo Targeted training and information sharing in the

areas of fraud, abuse and impact ofprocurement policy non-compliance, to allappropriate levels within the organization.


COSO/ACFE & GAO = Information Sharing

Identification of Deficiencieso Robust quality assurance processes which

identify internal and external deficiencies in theprocurement integrity control system®.


COSO/ACFE & GAO = Monitoring


Any Questions?

Review

Contact Information

(540) [email protected]

Website: www.procurement-integrity.net

mailto:[email protected]

http://www.procurement-integrity.net/

THANK YOU!

www.Procurement-Integrity.netA Woman-Owned Small Business with a Service Veteran as its Chief Operating Officer

our approach to procurement integrity

Documents