When designing contracts for one of the most complex technical projects ever undertaken by the federal government—say, Obamacare's federal health insurance exchange system—you might expect that the agency in charge of the contract would take some basic precautionary steps, like, for example, reviewing the quality of prior work performed by contractors being awarded deals with tens of millions of dollars, or examining a large number of potential contractors, or designing a risk-management plan, or including clauses that limit taxpayer limit liability for possible cost overruns.
Perhaps there would be some exceptions, but if so, you would probably assume that the agency would be able to justify those exceptions in detail.
You might expect this because it's common sense, or because some of it is required by federal contracting guidelines.
But if that's what you expected, you were bound to be disappointed. A new report from the Inspector General (IG) for the Department of Health and Human Services (HHS) reveals that contract managers at the Centers for Medicare and Medicaid Services (CMS) failed to take basic measures to ensure that contracts for HealthCare.gov went to reliable firms, didn't draw up required risk mitigation plans, and agreed to multiple contracts that left taxpayers to pay for any cost overruns incurred by the work.
The HHS IG is both thorough and damning. Investigators looked at 60 different CMS contracts for the online health insurance portal as well as surrounding documentation. The IG also conducted interviews with "high level HHS and CMS staff" about how they planned the contracting process—or what little planning there was, anyway.
According to the report, CMS did "not conduct thorough past performance reviews of potential contractors," including CGI Federal, the main contractor for the essential components of the federal exchange.
That's right: The feds didn't look investigate the prior work performance of a contractor hired to do key work on a high-profile initiative with a contract that was (initially) pegged at $58 million.
That failure was compounded by the inexplicable decision to award five of the six "key contracts" for the project on a "cost-reimbursement" basis, which means that the federal government assumed all risk for cost overruns.
I say that it's "inexplicable" because officials at CMS didn't bother to explain it, even though the agency is required to do so. Federal regulations require that cost-reimbursement contracts include detailed documentation explaining the rationale for choosing that contract type. But according to the IG report, "contract files did not always contain specific and comprehensive rationales for why CMS selected this contract type." The CGI contract specifically "did not detail why it was in the Government's best interest to select a contract type under which it assumed the risk for cost increases," but instead offered "general statements" indicating that "costs could not be defined accurately due to uncertainties with the required work."
So CGI was being awarded a giant pile of taxpayer money to perform work on a project where the scope of the work was uncertain and so were the costs, and the feds in charge didn't bother to check out CGI's user reviews or to insulate taxpayers from the risk that it might end up spending far more than initially estimated.
For all practical purposes, the federal government gave CGI a blank check.
With no incentive to control costs—indeed, with an incentive to bill the feds for overruns—CGI blew up the bill accordingly. The $58 million contract ballooned into a $207 million mess—remember, the exchange crashed on launch, and a few months later a new contractor was brought in to complete it. Overall, the cost of those six key contracts nearly doubled from the time they were awarded, growing from $464 million to $824 million, according to the IG report.
The were other management foul-ups involved as well: No lead integrator was put in place to manage the entire process. Federal guidelines requiring risk-mitigation and acquisition strategies to be drawn up weren't followed, leaving CMS "without a comprehensive roadmap" when awarding project contracts. The agency relied on a procurement process that favored firms with existing CMS contracts (CGI, for example, already worked on existing Medicare information systems); for 20 of the 60 contracts the IG examined, CMS solicited a proposal from just one firm.
CMS doesn't offer much in the way of explanations for any of its mismanagement, just the excuse that they were pressed for time. No surprise there: Obamacare's exchange implementation was a rush job, mostly for political reasons, and the rush contributed to the sloppiness of the work.
The IG's report ends with a series of recommendations that amount to a declaration that CMS shouldn't have done things the way that it did. That's for sure. A better takeaway, however, might be that the federal government shouldn't be put in charge of managing these sorts of projects in the first place.