The Buzz

Free Money

After a spanking from Government Accountability Office auditors, the Defense Department is trying to reward only contractors that deliver weapons that work, avoid cost increases and stick to their schedules. Currently, that's not standard operating procedure.

Between fiscal 1999 and 2003, the mili- tary services and Defense agencies paid $157 billion for award- and incentive-fee contracts, that's 21 percent of all spending on contracts worth more than $25,000.

These contracts, the only ones that allow agencies to adjust contractors' fees based on performance, are intended to spur companies to meet goals such as staying within costs and providing promised capabilities. The assumption is only exceptional performance will hit those targets.

GAO studied 93 contracts worth $51.6 billion, or about a third of spending on such deals between fiscal 1999 and 2003. Based on the sample, Defense spent $8 billion in award fees regardless of whether contractors fell short of, met or exceeded expectations. About half the contracts paid 70 percent of fees for "average, expected, good or satisfactory" performance.

Programs accounting for 46 percent of the incentive dollars in GAO's sample aren't meeting goals, yet contractors have received most of the available incentives. They are the Comanche helicopter, F-22 Raptor fighter, Joint Strike Fighter and the Space-Based Infrared System High satellite network.

Misuse of incentive contracts is at the nexus of two areas GAO identified as high risk-contract management and weapon systems acquisition, Comptroller General David M. Walker told a Senate subcommittee on April 5. "DoD's acquisition, business and contract management practices are contrary to the purpose of performance-based contracting concepts and have resulted and, if not corrected . . . will continue to result in wasting billions," he said.

The Defense Acquisition University will develop an online center about award fees, says a March 29 Defense policy memo. By June 1, the department pledged it will find ways to capture data on fees and identify performance measures for them.

Über ID

Come late October, agencies expect to begin handing employees and contractors new identity smart cards that will be interoperable across government, contain biometric data about users, and permit or deny access to buildings and computers. A 2004 presidential homeland security directive required new IDs. The National Institute of Standards and Technology issued standards for them in February 2005.

But the Government Accountability Office reported in February that agencies are unlikely to meet the Oct. 27 deadline.

NIST and the General Services Administration both must test commercial products before agencies can buy them. That could take months. Products haven't been certified, so costs aren't clear and funding is uncertain. Most agency officials still are scratching their heads over how to prove identities, issue and maintain cards, and protect cardholders' privacy. Here are the standards that agencies must meet.

Protecting Privacy

  1. Assign a senior official to oversee ID privacy.
  2. Assess how systems containing personal information will affect privacy.
  3. Tell employees how their cards will be used and the effects on privacy.
  4. Use security controls developed by NIST.
  5. Make sure technology used in the ID system does not erode privacy protections.

Proving Cardholders' Identities

  1. Conduct background investigations, such as the National Agency Check With Written Inquiries, or have them on record for all cardholders.
  2. Perform an FBI National Criminal History Fingerprint on all employees and contractors slated to receive cards.
  3. Require ID applicants to appear once in person before giving them cards.
  4. Demand two original forms of identification documents from the Office of Management and Budget list.
  5. Make sure no one person can issue a card without another's approval.

Issuing Cards

  1. Follow rules for photographs and data and make sure background investigations come up clean.
  2. Verify that the person receiving a card is the same one approved for it.
  3. Issue cards created only by approved providers and accredited ID systems.

NEXT STORY: Letters