Government Procurement Fraud
Could SOX Be Used to Hold Contractors Accountable?

By Gerald H. Lander, Valerie J. Kimball, and Kimberly A. Martyn

E-mail Story Print Story

According to U.S. Department of Justice (DOJ) statistics reported for the fiscal year ending September 30, 2005, the United States recouped more than $1.4 billion dollars in settlements and judgments pursuing allegations of fraud. For the fiscal year ending September 30, 2006, the government recovered a record total of more than $3.1 billion in settlements and judgments from cases involving claims of fraud. According to a November 2006 DOJ report, defense procurement fraud accounted for $609 million in settlement and judgment awards in 2006.

Procurement fraud squanders limited funds, threatens safety and national defense, cheats American taxpayers, and harms government efforts to obtain needed goods and services. What follows is a discussion of types of procurement fraud and what is being done to prevent and discover it. In addition, the authors recommend that section 406 of the Sarbanes-Oxley Act of 2002 (SOX), which requires all publicly held companies to have a code of ethics and specifies what that code should contain, be incorporated into the Government’s Cost Accounting Standards (CAS). These standards should also be modified and expanded to cover all fully covered CAS contracts. The databases that track companies banned from future government contracts should also be expanded to include individuals, to mitigate the possibility of individuals who are found personally liable under the proposed CAS (which incorporates SOX) from participating in future government contracts.

Government Acquisition Methods

The U.S. procurement process begins with requests for acquisition of goods or services, using three acquisition or bidding process methods:

• Competitive or advertised bidding;
• Competitive proposals or negotiations; and
• Sole source.

At any stage of the procurement process, anyone with the knowledge, opportunity, and need can take advantage of the contract. The goal is to purchase the most appropriate and highest-quality goods or services for the lowest cost.

Competitive or advertised bidding. The government uses competitive or advertised bidding when it has exact specifications for the product or service required. When evaluating bids, the government considers price and other important factors such as experience and past performance. In this process, requests for procurement must specify the government’s requirements clearly, accurately, and completely. No negotiation occurs between the government and bidders. This method promotes competition. Fair and honest consideration is implied and given to all bidders soliciting the government contract. By bidding, the contractor agrees to all specified conditions.

Legitimate reasons for rejecting a low bid include that the bid price may be considered unrealistic, the bidder may be deemed unresponsive (e.g., a poor reputation for the follow-up parts market), failing to conform to standards, a conflict of interest, or the appearance of favoritism.

Competitive proposals or negotiations. This more flexible method of contracting often begins with a government agency request. In a competitive negotiation, the government has an idea of what it requires but lacks the resources to establish specifications and costs. Thus, contractors have a degree of freedom to develop the procurement proposal and an opportunity to sway the government to pay higher prices. After an agreement is reached, a contract is written and signed by both parties.

Sole source. In this method, the government contacts the contractor it wants to supply the product or service. The sole source process vests much power with contracting officers, but its rationale must be justified to the responsible oversight individual, committee, or government agency, such as Congress (e.g., by showing that it is the best or only way for the contracting agency to acquire the goods and services needed). A request for a proposal to the contractor selected is delivered and is answered by the contractor, later resolving other issues such as price and delivery terms. Finally, a contract is written and signed by both parties.

Competitive Versus Noncompetitive Bidding

Detractors claim that the government increasingly uses unfavorable contracts and avoids the proven benefits of competitive bidding for negotiated deals that tend to cost more. Noncompetitive awards increased by 115% from 2000 to 2005, rising from $67.5 billion to $145 billion (U.S. Representative Henry Waxman, “Dollars, Not Sense,” House Government Reform Committee, www.democrats.reform.house.gov/Documents/ 20060620140127-02294.pdf, 2006, p. 15). Many different categories of noncompetitive contracts exist. Of the $145 billion in noncompetitive contracts awarded in 2005, $97.8 billion were no-bid contracts, a 110% increase from 2000; $63.4 billion was awarded under the rationale that only one contractor could supply the needed goods or services. The other $34.4 billion in no-bid contract dollars was awarded under such exceptions as emergency circumstances ($8.7 billion) and where a statute authorizes or requires restricted competition ($2.9 billion) (Waxman 2006). Much of this increase is related to the rebuilding of Iraq and the recovery from Hurricane Katrina. Federal acquisition law provides exemptions from competitive sourcing requirements under certain circumstances, such as emergencies, or if there is only one source for the required service. Still, the use of these types of contracts has increased from 33% of federal contract dollars in 2000 to 38% in 2005 (Waxman 2006).

In response to growing procurement spending, on July 28, 2006, U.S. Representative Leonard Boswell introduced the Competitiveness in Contracting Act to limit noncompetitive awards of federal contracts in response to major disasters and emergencies. The House overwhelmingly passed the bill, renamed the Accountability in Contracting Act, on March 15, 2007. The legislation limits the awards of no-bid contracts for emergencies to one year. The bill passed the Senate with an amendment (S.680) and, as of press time, had been sent back to the House.

Government Contract Fraud

Upon awarding a contract, potential fraud exists in areas such as product substitution, cost mischarging, defective pricing, progress payment fraud, and antitrust violations.

Defective pricing. This practice arises from intentionally using old or inaccurate cost data to inflate costs. Under the Truth in Negotiations Act, contractors must submit cost or pricing data prior to negotiations, and certify that the data are accurate, complete, and current as of the close of negotiations. Submitting defective (inaccurate, incomplete, or noncurrent) data entitles the government to a price reduction under a contract clause included whenever certified cost or pricing data are required. Existing defective pricing data does not indicate fraudulent behavior, and recovery under the contract clause is not based on fraudulent intent. This clause makes contractors liable for the overpayment along with simple interest computed from the date of overpayment to the date the government is repaid [at the applicable underpayment rate effective for each quarter prescribed by the Secretary of the Treasury under 26 USC 6621(a)(2)], and for a penalty equal to the amount of the overpayment, if the contractor or subcontractor knowingly submitted defective data.

Significant fraud indicators in defective pricing cases include:

• Falsifications or alterations of supporting data;
• Failure to update cost or pricing data when past activity indicates price decreases;
• Failure to completely disclose data known to responsible contractor personnel;
• Distortion of overhead accounts or base line information by transferring charges or accounts that have a material impact on government contracts;
• Protracted delay in release of data to the government to preclude possible price reductions;
• Repeated denials by responsible contractor employees of the existence of historical records that are subsequently found;
• Submitting fictitious documents;
• Failing to disclose internal documents on vendor discounts; and
• Nondisclosure of actual costs for follow-up contracts. (See U.S. Army Logistics Management College, “Procurement Fraud,” ALM-31-6082c, 2006, www.almc.army.mil/ledd/8a-f17/Adobe/Fraud.pdf.)

Progress payments fraud. Payments made to contractors based on costs incurred or on a percentage or phase of completion can result in progress payment fraud. Because the government relies heavily on the contractor’s integrity, progress payments are not always audited beforehand. Such fraud cases usually involve erroneous labor charges for work not yet performed, charges for materials not purchased, or false documentation of the phase of completion. This fraud is perpetrated to receive more money in a cost-type contract, but could also be committed to influence future contract awards (e.g., as when contracts are awarded in phases, with funds dependent upon completion of prior phases).

Organizations That Detect and Prevent Fraud

National Procurement Fraud Task Force. Deputy Attorney General Paul J. McNulty announced on October 10, 2006, the establishment of a new national procurement fraud initiative by the Justice Department’s Criminal Division (www.usdoj.gov/criminal/npftf/pr/press_ releases/2006/oct/10-10-06procfraudannounce.pdf). The task force’s charge is to detect, prevent, and prosecute procurement fraud resulting from increased contracting activity for national security and other government programs.

The task force is expected to reinforce the government’s efforts against procurement fraud and to increase criminal enforcement, focusing on defective pricing, product substitution, misuse of classified and procurement-sensitive information, false claims, grant frauds, labor mischarging, accounting fraud, foreign military sales fraud, ethics and conflict-of-interest violations, and public corruption.

Inspector General and SIGIR. The Inspector General Act of 1978 established the Inspector General as the primary advisor to the Secretary of Defense for issues related to prevention of fraud and abuse in the Department of Defense (DOD). Congress also instituted the Special Inspector General for Iraq Reconstruction (SIGIR) to oversee the $18.4 billion reconstruction fund. As a result, the Department of Defense Inspector General has limited its audit role in order to prevent duplication of efforts due to the oversight provided by the SIGIR, the DOD audit community, and the Government Accountability Office (GAO).

Defense Contract Audit Agency. Established in 1965, the Defense Contract Audit Agency (DCAA; www.dcaa.mil) centralized audit functions for the various branches of the military. The DCAA performs standardized contract audits for the DOD and certain other government agencies, along with accounting and financial advisory services related to procurement contracts. DCAA audit services include pre- and post-award contract audits and contractor internal control systems audits. DCAA auditors also provide negotiation assistance in the form of procurement liaison services and fact-finding analysis of contractor information after audits.

In conformity with Government Auditing Standards, DCAA auditors are not responsible for proving fraud. “DCAA’s mission is to perform contract audits of commercial companies, and not to perform investigations,” said a Pentagon official explaining the audit agency (Neil King Jr., “Pentagon Auditor Requests Probe of Halliburton,” Wall Street Journal, Jan. 15, 2004). When auditors suspect unlawful activity, they “make a referral … to the appropriate investigative organization.” Still, the DOD Inspector General’s 1993 Handbook on Fraud Indicators for Contract Auditors says that auditors should design audit steps to reasonably assure detection of irregularities and illegal acts, and report fraud indicators to investigators, but cannot automatically conclude that an indication of fraud means that fraud exists. Indeed, as with all audits, professional skepticism is necessary.

In fiscal year 2006, the DCAA audited $121.1 billion of incurred costs on contracts and forward pricing proposals of $182.3 billion. U.S. taxpayers saved a net $2.3 billion due to audit findings. Thus, the return on investment in the DCAA was approximately 520%.

Laws Designed to Prevent Fraud

Procurement Integrity Act. Private consultants, many of them former governmental employees, often assist in the procurement process. These consultants serve as liaisons between government officials and contractors. The government strictly regulates contractor re-employment after a contractor leaves a governmental position. Government employees must take annual ethical training regarding this issue and are encouraged to contact the government’s human resource department before accepting a position with a contractor, in order to avoid the appearance of a conflict of interest. Failure to comply with the government’s ethical guidelines can result in blacklisting and criminal charges.

The Procurement Integrity Act of 1988 (as amended), which provides the basis for these guidelines, focuses on contractor and government-official inappropriate contacts. It expressly addresses offers of employment, disclosure of information, and compensation of former officials. Remedies to punish violators include criminal prosecution, civil suits, and administrative ramifications. The Act specifies that government employees with access to contractor bid, proposal, or source-selection information may not, except as provided by law, disclose that information prior to the awarding of a contract.

Moreover, no one may knowingly obtain this type of information before an award, regardless of the proposed contract’s dollar amount. A government employee participating personally and substantially in procurement must report any offer for non-federal employment made by a contractor. The employee can either reject the offer of employment or exclude himself from further participation in the procurement process.

False Claims Act Qui Tam Actions. The False Claims Act, passed during the Civil War, punishes military contractors who cheat the government. In 1986, an effort led by U.S. Senator Chuck Grassley strengthened the law to encourage the use of qui tam (abbreviated from the Latin “He who sues for the king sues for himself”) actions, where citizens are authorized to bring, as “private Attorneys General,” lawsuits on behalf of the government. Under the new provisions, whistleblowers can file cases against government contractors who commit fraud. Violations of federal law can result in false claims under the act (see Shawn Zeller, “Face-Off Over Fraud,” Government Executive, July 15, 2005).

The whistleblower begins the qui tam process by retaining a private attorney who investigates the whistleblower’s allegations and, if appropriate, files the lawsuit acting on the government’s behalf alleging violations of the False Claims Act. Qui tam suits are filed secretly so the defendant and others do not learn of the lawsuit. The DOJ is served a copy of the complaint, plus a written disclosure statement detailing the alleged fraud, to provide the government with an opportunity to investigate the allegations (see T.A. Lewis, “The False Claims Act and Its ‘Qui Tam’ Provision—a Primer,” The Government Accountants Journal, Winter 2000, p. 36-44).

The DOJ proceeds to investigate the allegations and may decide to work with the whistleblower’s attorney. If the DOJ declines to proceed, the whistleblower and the attorney can still move forward. A contractor found guilty of making false claims for federal funds is liable for three times the government’s loss, plus a civil penalty of $5,500 to $11,000 for each false claim (“Justice Department Recovers $1.4 Billion in Fraud and False Claims in Fiscal Year 2005; More Than $15 Billion Since 1986,” DOJ press release, Nov. 7, 2005).

If the contractor settles, or is found to have made false claims, the award is shared with the whistleblower. For example, government participation in a qui tam action results in the whistleblower receiving 15% to 25% of any settlement or judgment attributable to the fraud. On the other hand, lack of government participation increases the whistleblower’s share by as much as 30%. The DOJ reported that whistleblowers were awarded $166 million for fiscal year 2005.

According to Kimberly Palmer (“Downfall,” Government Executive, July 1, 2006), “Almost half of fraud investigations in federal agencies are instigated by a tip from someone who notices something isn’t quite right.” The increase in False Claims Act lawsuits may relate to increased incentives for whistleblowers to come forward since the 1986 legislation. Indeed, the number of cases filed under the law jumped from 60 in 1988 to more than 400 in 2004. According to Zeller, “Awards rose from less than $1 million in 1988 to more than $1 billion in 2003, with some cases now yielding judgments in the hundreds of millions” (“Face-Off over Fraud,” Government Executive, July 2005). Nevertheless, federal government employees are limited in their ability to act as whistleblowers. According to Lewis (2000), “The courts generally reason that federal employees should not personally benefit for simply doing what they are required and paid to do—which is to report fraud.”

As reported by the DOJ in November 2005: “Of the $1.4 billion in settlements and judgments received in 2005, $1.1 billion relates to suits initiated by whistleblowers under the False Claims Act’s qui tam provisions.” In 2006, the DOJ reported that of the $3.1 billion recovered by the government for fraud, $1.3 billion was from suits brought by whistleblowers under the provision. Oracle, which agreed to pay $498.5 million for false pricing information provided by PeopleSoft to obtain a government contract, made the largest payment under the False Claims Act; the whistleblower receives a $17,730,000 reward.

Sarbanes-Oxley Act of 2002. SOX has dramatically affected overall awareness and management of internal controls in public corporations. Responsibility for accurate financial reporting has landed squarely on senior management, including CEOs and CFOs who now face the potential for personal criminal liability.

SOX section 406 directed the SEC to issue rules requiring public entities to disclose whether they have adopted a code of ethics (business code of conduct or employee code of conduct) that applies to the organization’s key officers. The SEC adopted final rules implementing section 406 in January 2003.

The final rules (see “Disclosure Required by Sections 406 and 407 of the Sarbanes-Oxley Act of 2002,” June 24, 2003; www.sec.gov/rules/final/33-8177.htm) define “code of ethics” as written standards that are reasonably designed to deter wrongdoing and to promote:

• Honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and professional relationships;
• Full, fair, accurate, timely, and understandable disclosure in reports and documents that a company files with the SEC and in other company communications;
• Compliance with applicable governmental laws, rules, and regulations;
• The prompt internal reporting of any violations of the code of ethics to an appropriate person or persons identified in the code of ethics; and
• Accountability for adherence to the code of ethics.

To comply with the SEC’s requirements for implementation of SOX section 406, the registrant must do the following:

• File with the SEC, as an exhibit to its annual report, a copy of its code of ethics that applies to the registrant’s principal executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar functions;
• Post the text of such code of ethics on its website and disclose, in its annual report, its location; or
• Provide instructions in its annual report how any person may request, without charge, a copy of such code of ethics.

Companies not complying with the SEC guidelines would be subject to the same procedures and due process under the SEC Enforcement Division and the Office of Compliance Inspections and Examinations as in any other Act.

Although SOX does not mandate business ethics training or the adoption of codes of ethics or conduct, it requires that the company disclose whether it has adopted a code per the above definition. If the company has not adopted such a code, it must disclose why. There are increased penalties for corporations and personal liabilities for individuals held accountable for violating the requirements of SOX section 406 and the implementation guidelines in paragraph 229.406, regardless of whether a company has a formal code. Many penalties have doubled or tripled under the United States Sentencing Commission’s “Increased Penalties Under the Sarbanes-Oxley Act of 2002” (January 2003). Of particular interest is required compliance with applicable governmental laws, rules, and regulations—especially important for companies that contract to perform government work.

A Proposal

The authors recommend incorporating SOX section 406 for incorporation into the Cost Accounting Standards (CAS) 419 for Government Contracts. This written standard would apply to all fully covered CAS contracts to make privately held companies and their subsidiaries subject to SOX. At present, any subsidiary not publicly held avoids compliance with SOX and the related penalties for failure to follow ethical standards. Thus, incorporating SOX into CAS mandates the SOX ethics requirement for CAS-covered contracts.

Furthermore, the authors recommend using CAS 419 to incorporate SOX-associated standards and penalties, such as:

• Honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest;
• Full, fair, accurate, timely, and understandable company disclosures in government reports and other company public communications;
• Compliance with applicable governmental laws, rules, and regulations;
• Prompt internal reporting of any violations of the code of ethics to appropriate persons identified in the code of ethics;
• Accountability for adherence to the code of ethics. Perhaps the United States Sentencing Commission’s guidelines should be applied. However, if a contractor appropriately handles transgressing employees and institutes or modifies internal controls so that the transgression is unlikely to reoccur, the contractor might be allowed to continue contract performance and be eligible for future government contracts. If the contractor doesn’t follow the policies, then the CAS penalties would apply, in addition to the contractor potentially becoming ineligible for future contracts.
• Social responsibility (a corporate atmosphere conducive to moral decision making such as the reasonable-person view versus profiteering/price gauging), government contracting in times of crisis and emergency such as war, national disasters, and national security.

CAS 419 should be required for all contracts subject to full CAS. (CAS applicability depends on the type and size of the contract. That guidance can be found within CFR 9903.201-1 and CFR 9903.201-2.)

The Next Steps

The attention given to the detection and prevention of fraud is justifiable because spending on federal contracts has increased by 86% over the last five years. The increase in recovery in settlements and judgments from cases involving fraud against the government provides incentive for both the government and civilians.

Increasing financial penalties with the qui tam provision under the False Claims Act helps to mitigate fraud losses; however, fines are not enough. Taxpayers have a right to expect long-term incarceration for contractors found guilty of procurement fraud in order to discourage others from defrauding the government. The penalties must be severe to discourage those tempted by opportunity.

Before the 1980s, all cases brought under the False Claims Act were prosecuted as criminal, not civil, cases. But research in the early 1980s revealed that criminal prosecution did little to stop procurement fraud. The DOJ was also limited in the number of cases it could litigate, due to the high cost of federal prosecution, so most fraudulent contractors got off the hook. However, the recent formation of the National Procurement Fraud Task Force and its plans to increase criminal enforcement, along with the strengthening of the False Claims Act, increase the risk of prosecution.

Most important, companies that receive government contracts should be socially responsible and conduct themselves in the highest ethical manner. To limit government procurement fraud and increase the responsibility of all companies, public and private, engaged in government contracts, the authors propose that CAS 419 incorporate the standards and penalties associated with SOX section 406. This would require companies to abide by a code of conduct or ethics, and entail monitoring by government audit agencies for compliance. A company’s code of conduct or ethics would be reviewed for appropriateness, and any violations would be reported. Databases established to track companies banned from future government contracts could be expanded to include individuals, to prevent violators from simply closing one business and starting another.

Increased spending on government contracts magnifies the potential for procurement fraud. Taxpayers deserve that the funding for fraud detection agencies be expanded, and the number of qualified auditors be increased, in proportion to procurement spending.

Click here to view Sidebar.

Gerald H. Lander, DBA, CPA, CCEA, CFE, is the Gregory, Sharer and Stuart Term Professor in Forensic Accounting in the College of Business of the University of South Florida, St. Petersburg, Fla.
Valerie J. Kimball, MBA, is an auditor at the Defense Contract Audit Agency.
Kimberly A. Martyn received an MBA from the University of South Florida in December 2007. The authors appreciate the useful comments from Alan Reinstein, George Husband Professor of Accounting, Wayne State University.

The views contained herein do not purport to reflect the position of the U.S. Department of Defense or the Defense Contract Audit Agency.

©2009 The New York State Society of CPAs. Legal Notices