The Intersection of Defective Pricing, False Statements, and False Claims
First, an apology of sorts. It’s been a long time since I’ve posted an article. The truth is, I’ve been struggling with an article I need to write/post, but it won’t come together, at least right now. It’s 4,000 words long, and I’ve discussed my points with a respected colleague and a very respected member of the Beltway Legal Bandit bar, and I still don’t think it’s ready for prime time. While I’ve been wrestling with it I’ve not been posting. Sorry about that – to the extent you noticed.
Moving on from that mea culpa, here is another article about how defective pricing can become something else, something more fraught with legal peril. When I say “another article” I mean just that – I’ve posted on this topic before. There are many articles on this blog discussing defective pricing. There are even a couple of articles discussing the interesting intersection between defective pricing and false claims. For example, you can check out this 2013 article if you’re so inclined.
In today’s article, we have another interesting evolution from allegations of defective pricing to allegations of violations of the False Claims Act, with potential allegations of violations of the False Statements Act along the way. (Note: If you want to know more about those two things then feel free to do a keyword search on this site; I’ve written about them as well.) That being said, as always I have to remind readers that I am not an attorney and you shouldn’t think that I am giving out legal advice. I’m just a layperson with, shall we say, some experience in the areas being discussed.
Let’s start with the Department of Justice press release headline: “Navistar Defense Agrees to Pay $50 Million to Resolve False Claims Act Allegations Involving Submission of Fraudulent Sales Histories.” So: $50 million is a rather large legal settlement value. Let’s see what caused Navistar—maker of MRAP vehicles—to have to negotiate and agree on such a large settlement.
According to the DoJ, the settlement was made to resolve allegations that the contractor “fraudulently induced the U.S. Marine Corps to enter into a contract modification at inflated prices for a suspension system for armored vehicles known as Mine-Resistant Ambush Protected vehicles.” Let’s unpack that a bit.
First, this issue had to do with a contract modification. That means that Navistar already had a contract and was negotiating some type of price adjustment with its customer, the USMC. Apparently, the contract mod had something to do with the MRAP suspension system, but that’s not the important part. What’s important is that all post-award contract price adjustments valued in excess of $2 million are always subject to TINA (Truth-in-Negotiations Act or what is today called the Truthful Cost or Pricing Data Act). TINA is applicable because there is no competition when a contract mod is being negotiated; such actions are always on a single source basis. Even if there was competition when the contract was originally awarded, there is no competition in a contract modification situation. Consequently, Navistar was required to certify that the cost or pricing data it provided to the USMC negotiators was accurate, complete, and current. A failure to provide accurate, complete, and current cost or pricing data when the contractor certified that it did so is called “defective pricing,” and there are contractual remedies associated with that situation. (See, for example, the FAR contract clause 52.215-10.)
But there may be more to this situation than simply a failure to provide accurate, complete, and current certified cost or pricing data. The DoJ added more details, as follows:
The United States alleged that Navistar knowingly created fraudulent commercial sales invoices and submitted those invoices to the government to justify the company’s prices. The sales reflected in the commercial sales invoices never occurred. The government relied on the fraudulent sales invoices in agreeing to Navistar’s inflated prices.
The foregoing seems to indicate that maybe TINA wasn’t involved and maybe this was not a case of relatively simple defective pricing.
Besides the presence of adequate price competition, another exception to the requirement to obtain certified cost or pricing data is when a commercial item is being acquired. When acquiring commercial items, the contracting officer is prohibited from obtaining certified cost or pricing data. (See FAR 15.403-1(b)(3).) The FAR is clear that “Any acquisition of an item that the contracting officer determines meets the commercial item definition in 2.101, or any modification, as defined in paragraph (3)(i) of that definition, that does not change the item from a commercial item to a noncommercial item, is exempt from the requirement for certified cost or pricing data.”
Accordingly, it seems that Navistar may have been claiming that the MRAP vehicle suspension system, or a component thereof, was a commercial item. In that case, it would not have been required to provide certified cost or pricing data; in fact, the contracting officer was prohibited from requesting it.
So what happened? Even though commercial item acquisitions are not subject to TINA and there is no requirement to provide certified cost or pricing data, that doesn’t mean that the contractor gets off scot free. Indeed, the contracting officer is directed to obtain sufficient information (other than certified cost or pricing data) to permit a determination that the price being paid is fair and reasonable. This requirement is discussed at FAR 15.403-3.
There is a lot of language in that FAR section discussing the kind of information that might support the determination that the price being paid for a commercial item is fair and reasonable. FAR 15.403-3(c) states (in part)—
(1) At a minimum, the contracting officer must use price analysis to determine whether the price is fair and reasonable whenever the contracting officer acquires a commercial item (see 15.404-1(b)). The fact that a price is included in a catalog does not, in and of itself, make it fair and reasonable. If the contracting officer cannot determine whether an offered price is fair and reasonable, even after obtaining additional data from sources other than the offeror, then the contracting officer shall require the offeror to submit data other than certified cost or pricing data to support further analysis (see 15.404-1). This data may include history of sales to non-governmental and governmental entities, cost data, or any other information the contracting officer requires to determine the price is fair and reasonable. Unless an exception under 15.403-1(b)(1) or (2) applies, the contracting officer shall require that the data submitted by the offeror include, at a minimum, appropriate data on the prices at which the same item or similar items have previously been sold, adequate for determining the reasonableness of the price.
(Emphasis added.)
So that’s what I think happened to Navistar. Without knowing anything more than provided by the language in the DoJ press release, I think Navistar claimed that its suspension system was a commercial item. When the contracting officer requested sales history information to support why the price being quoted by Navistar was fair and reasonable, somebody made a bad mistake and (allegedly) created fraudulent sales information, and then provided that information to the contracting officer.
If that was the case—and I think it was—then we are looking at far more than a tawdry defective pricing case. We are looking at a potential violation of the False Statements Act (18 U.S.C. § 1001). If the contract mod was awarded on the basis of one or more false statements, then (potentially) every contract invoice Navistar submitted thereafter was potentially a false claim. Violations of the False Claims Act can get expensive very very quickly.
Thus, a $50 million settlement probably seemed like a very good idea at the time.
Another thought. The majority of False Claims Act cases start out as lawsuits filed by whistleblowers, or qui tam relators, as they are called. This case was not an exception. As the DoJ noted in its press release, “The civil settlement includes the resolution of claims brought under the qui tam or whistleblower provisions of the False Claims Act by Duquoin Burgess, a former Government Contracts Manager for Navistar. … Burgess will receive $11,060,000 out of today’s settlement.” That turns out to be roughly a 22% bounty.
And now a final thought: I will be speaking on a panel on Tuesday, June 8th, at the American Conference Institute’s 12th Advanced Forum on DCAA & DCMA Cost, Pricing, Compliance & Audits. I will be joined by two others—Phil Seckman (Dentons) and Jamie Sybert (Grant Thornton). Our topic will be “Are You Prepared for Defective Pricing Audits?”
A timely topic, isn’t it?
No Porn for You
The Consolidated Appropriations Act, 2021 (Pub. L. 116-260), was signed into law December 27, 2020. The final language was 2,124 pages long, covering 32 Divisions (or sections), each with multiple Titles. Division C (“Department of Defense Appropriations Act, 2021”) contained nine Titles. Title VIII “General Provisions” contained 138 Sections covering many aspects of DoD activity, and appropriating funding for those activities. (We should note that the other eight Titles within Division C contained their own multitude of Sections, but that’s not what we are talking about today.)
Section 8116 of Title VIII of Division C contained this limitation associated with certain appropriated funding:
SEC. 8116. (a) None of the funds made available in this Act may be used to maintain or establish a computer network unless such network is designed to block access to pornography websites. (b) Nothing in subsection (a) shall limit the use of funds necessary for any Federal, State, tribal, or local law enforcement agency or any other entity carrying out criminal investigations, prosecution, or adjudication activities, or for any activity necessary for the national defense, including intelligence activities.
You can find that prohibition on page 151 of 2,124, if you are inclined to check our veracity. (You should totally check. We could easily be fake news.)
As a consequence of that statutory requirement, on April 5, 2021, the Principal Director, Defense Pricing and Contracting, issued a Class Deviation (2021-O0003) that established a solicitation provision that requires “offerors to represent, by submission of their offer, that they are not providing as part of their offer a proposal to maintain or establish a computer network unless such network is designed to block access to pornography websites.” The provision is 252.239-7098, Prohibition on Contracting to Maintain or Establish a Computer Network Unless Such Network is Designed to Block Access to Certain Websites—Representation. It is to be included “in all solicitations, including solicitations for the acquisition of commercial items under FAR part 12.”
Because accessing porn is the most significant cyber-security threat facing the Department of Defense right now.
Please.
Without taking a moral stand either for or against pornography, and without entering into the legitimate debate about whether pornography degrades/exploits people or perhaps gives certain people a vehicle to generate wealth who would otherwise be stuck in a cycle of poverty—and without expressing an opinion as to whether such a limitation amounts to de facto censorship in possible violation of the First Amendment of the Constitution—let us see if we can find common ground by asking whether this is really the most important issue that Congress, and therefore the contracting officers of the DoD and the contractors of the DoD, should really be concerned with?
We assert it is not.
There are many cyber-security threats facing the Department of Defense at the moment.
"It's no secret that the U.S. is at cyber war every day," Ellen Lord, told the audience at the Professional Services Council's 2020 Defense Services Conference, in August, 2020. "Cybersecurity risks threaten the industrial base, national security, as well as partners and allies."
While Ms. Lord was talking, hackers had already broken into Texas-based SolarWind's systems and added malicious code into the company's software system. The system, called "Orion," is widely used by companies to manage their IT resources. Starting in March, 2020, “SolarWinds unwittingly sent out software updates to its customers that included the hacked code. The code created a backdoor to customer's information technology systems, which hackers then used to install even more malware that helped them spy on companies and organizations.” (Quoted from this article, written by Isabella Jibillian and Katie Canales.) According to that same article, “US agencies — including parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury — were attacked.”
The attack lasted for months and, even today, there is uncertainty about how many systems were hacked or what the damage was.
This is just one example of the real cyber-threats facing the Department of Defense. Accessing porn may be bad but it doesn’t take out entire “secure” networks.
But unfortunately, porn is the issue that Congress decided to focus on, and so now contractors must certify that they are not providing as part of their offer a proposal to maintain or establish a computer network unless such network is designed to block access to pornography websites.
It is a long-lamented concern that many of the most innovative infotech firms are reluctant (at best) to do business with the DoD. One of their concerns has been the amount of bureaucracy that comes with defense contracts. Commercial item contracts were one means of reducing that bureaucracy, but we see now that such contracts are subject to the same picayune compliance requirements as are the Major Defense Acquisition Programs, at least in this one respect.
Is blocking access to pornography such a big deal? Probably not. But the Congressional focus on blocking access to pornography is emblematic of a lack of focus on areas that are significantly more important to the national security posture of the United States.
|
DOE Inspector General Says M&O Contractors Should Not Audit Themselves
Prior to 1994, the Department of Energy Office of Inspector General (DOE OIG), with assistance from independent public accounting firms, was responsible for auditing the annual Statements of Costs Incurred and Claimed for DOE’s management and operating (M&O) contracts. The OIG conducted these audits pursuant to the United States Government Accountability Office’s Generally Accepted Government Auditing Standards (GAGAS), also known as the “Yellow Book.”
In 1994, that all changed. Starting in that year, the M&O contractors were told that they were responsible for auditing themselves and their subcontractors under what was called the “Cooperative Audit Strategy.” Instead of complying with GAGAS, the M&O audit teams would henceforward comply with the Standards of the Internal Audit Institute (IIA). The change was driven by a GAO report that documented the inadequacies associated with the DOE OIG’s audit approach (“Energy’s IG has had difficulty in auditing, in a timely manner, whether costs claimed by integrated contractors are allowable and have been recorded in accordance with Energy’s accounting policies.”) At that point, the DOE OIG’s role was limited to conducting a limited assessment of the contractors’ internal audit work. The Contracting Officers would then take corrective action on any findings that the DOE OIG unearthed.
As the DOE OIG recently reported, not everybody has been a supporter of the Cooperative Audit Strategy. “For the 26 years that the Cooperative Audit Strategy has been in place, interested stakeholders, including GAO6 and the Department of Defense (DOD), have expressed concerns about the appropriateness of contractors auditing their own costs.”
Apparently, though it doesn’t explicitly say so, the DOE OIG has also been concerned about M&O contractors auditing themselves. That concern led to the issuance of a “special report” that was, essentially, a polemic that both attacked the use of M&O internal audit teams and supported the notion that the DOE OIG should, itself, be performing those audits.
The DOE OIG offered as the primary rationale for moving away from the Cooperative Audit Strategy the assertion that M&O internal audit teams are not independent from the contractors for whom they work. That lack of independence, according to the DOE OIG, undermines public trust. (“… the IIA audit standards do not include these objectives because ‘internal’ auditors are embedded within a company and are chartered to serve that company’s best interest. Internal company auditors in the private sector do not have the same elevated duty to public interest as Federal auditors and external auditors performing audits under GAGAS.”) The DOE OIG concluded that “no amount of changes to the Cooperative Audit Strategy would cure the fundamental defect that the internal auditors cannot meet the independence standards required by GAGAS.”
Except they are not subject to GAGAS so that argument does not seem very strong to us.
As a corollary to the lack of independence, the DOE OIG asserted that the M&O internal auditors aren’t finding the levels of fraudulent activity that they should be finding, leaving it to the OIG to find and investigate such wrongdoing. (“These problems would likely have been identified, reported, and corrected in a timely way through a GAGAS-compliant, independent audit.”)
Um, maybe? We think that assertion is undermined by the historical fact that the DOE OIG was not performing the required audits in a timely manner, which is why the Cooperative Audit Strategy was created in the first place.
As an additional corollary, the DOE OIG asserted that the M&O internal auditors have not been performing appropriate audits of subcontractor costs. According to the DOE OIG, there were subcontracts whose costs were not audited, subcontracts that missed being included in the audit universe because the Purchasing function misclassified them, and there were audits performed (but poorly). The problem with the assertions is that they are largely based on unissued reports that are still in draft, to which the contractors have not yet formally responded.
Another issue is with the subcontracts that were not audited because the Purchasing function misclassified them. First, there is no linkage between the issue raised and the alleged lack of independence. Maybe the root cause is that the M&O contractors’ purchasing systems are inadequate. Second, it is not clear that, had the DOE OIG been performing the audits, the misclassification would have been discovered. It is just as likely that the DOE OIG would have skipped those audits as well.
With respect to poor audits, another draft report indicates that “the M&O contractor did not sustain subcontract costs that were questioned by its own contract audit office in 54 of 61 (88.5 percent) subcontract closeout files, with no documentation or justification as to the M&O contractor’s rationale.” Based on that finding (as well as some other findings), the DOE OIG concluded that “either internal audit’s work was superficial and that the recommendations could not be acted upon, or worse, that the M&O contractor’s management may have disregarded the internal audit report findings and billed the Government for the questionable subcontract costs despite the internal audit report findings.”
Our concern with the foregoing is that it is not internal audit’s responsibility to disposition the audit findings and, if appropriate, seek recovery of unallowable costs from subcontractors. That’s the role of subcontractor management. While the DOE OIG findings may be legitimate and call into question whether the M&O contractor is appropriately managing subcontracts, it honestly seems to have nothing to do with how internal audit performs.
After the litany of M&O contractor internal audit deficiencies, the DOE OIG concluded with the recommendation that things return to the way they used to be. Ignoring its own historical malfeasance with respect to performing audits of M&O contractor and subcontract costs, the DOE OIG recommended that independent audits, performed by either the DOE OIG, DCAA, independent CPA firms, or some combination of those approaches, be implemented. The DOE OIG noted that “additional appropriations will be necessary” in order to effectuate the new (old) independent audit strategy.
It is not clear to us that the DOE OIG complied with applicable GAGAS when preparing this “special report.” It seems that there may have been some self-interest involved here, a self-interest that taints some of the findings. While it may well be true that the current M&O contractor internal audit approach should be improved, it is not at all clear that the correct path forward involves a return to the way things used to be, before DOE OIG was removed from its role because of a documented failure to perform.
Management Systems and Internal Controls
To assure compliance with complex administrative and financial requirements, government contractors are expected to establish robust management reporting and internal control systems. In addition, the Sarbanes-Oxley Act of 2002 and the SEC’s implementing rules place even greater burdens on publicly traded companies to evaluate and certify as to the effectiveness of internal controls and procedures. Never before has the contracting environment been so focused on the adequacy of management systems and internal controls.
It is the structuring of detailed internal operating procedures to insure that problems during contract performance are being properly managed and surfaced to middle and senior management that will present the greatest degree of difficulty. [SOX] calls for controls over operational issues, as well as financial issues. This is an area where there remains a great deal of hard work to be done by companies.” -- Contract Research and Analytic Institute, 2005 [Emphasis in original.]
The Defense Contract Audit Agency (DCAA) audits Department of Defense (DoD) and other government agency contractors. DCAA auditors are directed to gain an understanding of the contractor’s internal controls which provide reasonable assurance that government contract costs are allowable, allocable, and reasonable in accordance with contract terms. Generally, the DCAA Internal Control Questionnaire (ICQ) is used to document an auditor’s understanding of a contractor’s internal controls. In addition, the DCAA lists ten key accounting and management systems relevant to the contract audit environment. Each key system has its own individual audit program. The list includes:
- Environmental and overall accounting controls
- General Information Technology system
- Budget and planning system
- Indirect cost and other direct costs (ODC) system
The DoD’s Contractor Risk Assessment Guide (CRAG) was published in the mid-1980’s to assist government contractors in establishing internal control systems. The CRAG lists five topical areas requiring internal control systems, including:
-
Calculation and submission of indirect cost calculations
-
Timekeeping and labor charging
-
Material Management and Accounting System (MMAS),
-
Estimating
-
Purchasing
Although the lists above are not all-inclusive (excluding, for example, Earned Value Management Systems), they have served as internal control guideposts for decades. Accordingly, it is quite likely that publicly traded government contractors have had a head start, compared to commercial entities, in complying with provisions of the Sarbanes-Oxley Act, particularly with respect to the Section 404 requirement that management must take responsibility for, and assess the effectiveness of, its internal control systems. Nonetheless, establishing, maintaining, monitoring, and enhancing a government contractor’s system of internal controls is no easy task.
Apogee Consulting Inc. can help
|
