The General Services Administration (GSA) faces a number of challenges for FY2019, including improving procurement metrics reporting through the Federal Acquisition Service (FAS), and in the area of agency cybersecurity, according to the GSA Office of Inspector General (OIG) semiannual report to Congress issued today.
Based on OIG audits, investigations, and inspections from October 2018 to March 2019, the report found that FAS – which aims to leverage Federal buying power to acquire products and services in a cost-effective manner – faces challenges in reporting contract modification metrics.
For instance, in October 2018 OIG examined FAS’s FASt Lane Program that aims to streamline its process for awarding and modifying GSA’s Multiple Award Schedule 70 for contracts in IT equipment, software, and services. The program’s goal was to award new contracts within 30 to 45 days, and modifications within 24 to 48 hours.
Although OIG found FASt Lane met its goal in awarding contracts in the target timeframe, FAS couldn’t determine if it was achieving its contract modifications goal within 24 to 48 hours.
“Instead, FAS retroactively designated modifications as FASt Lane only if they were processed in [two] days or less,” the report said. “Consequently, its reported program results were unreliable and could not be substantiated.”
OIG also addressed FAS’s Technology Transformation Services director about the Federal Risk Authorization Management Program (FedRAMP) Program management office (PMO), adding that FedRAMP’s mission, goal, and objectives structure were inadequate for assisting the government in cloud services adoption.
“The mission statement does not provide a clear direction for the FedRAMP PMO; objective statements are missing key attributes; and the alignment of the mission, goals, and objective statements makes it difficult to determine whether the FedRAMP PMO is meeting its mission in an effective manner,” OIG said.
OIG recommended that GSA implement the procedures necessary both to determine its contract modification goal timeframes and to create an effective FedRAMP mission structure. GSA concurred with the recommendations.
Cybersecurity insufficiencies were also prominent in the report’s list of challenges for GSA. A 2018 Federal Information Security Modernization Act (FISMA) audit, for instance, found that “while GSA has implemented a security program it was ineffective to identify eight control deficiencies in three of five FISMA metric functions.”
The independent accounting organization that conducted the 2018 audit will review and follow up on its 2018 findings for FY2019 as well, the OIG said.