SOCIAL SECURITY ADMINISTRATION
DELIVERY
ORDER WITH SOFTMART
GOVERNMENT SERVICES, INC., FOR
MICROSOFT LICENSING AND MAINTENANCE
September
2010
A-06-10-11019
AUDIT REPORT
Mission
By conducting independent and objective audits, evaluations and investigations, we inspire public confidence in the integrity and security of SSA's programs and operations and protect them against fraud, waste and abuse. We provide timely, useful and reliable information and advice to Administration officials, Congress and the public.
Authority
The Inspector General Act created independent audit and investigative units, called the Office of Inspector General (OIG). The mission of the OIG, as spelled out in the Act, is to:
Conduct and supervise independent and objective audits and investigations
relating to agency programs and operations.
Promote economy, effectiveness, and efficiency within the agency.
Prevent and detect fraud, waste, and abuse in agency programs and operations.
Review and make recommendations regarding existing and proposed legislation
and regulations relating to agency programs and operations.
Keep the agency head and the Congress fully and currently informed of problems
in agency programs and operations.
To ensure objectivity, the IG Act empowers the IG with:
Independence to determine what reviews to perform.
Access to all information necessary for the reviews.
Authority to publish findings and recommendations based on the reviews.
Vision
We strive for continual improvement in SSA's programs, operations and management
by proactively seeking new ways to prevent and deter fraud, waste and abuse.
We commit to integrity and excellence by supporting an environment that provides
a valuable public service while encouraging employee development and retention
and fostering diversity and innovation.
MEMORANDUM
Date: September 17, 2010
To: The Commissioner
From: Inspector General
Subject: Delivery Order with Softmart Government Services, Inc., for Microsoft Licensing and Maintenance (A-06-10-11019)
OBJECTIVE
The objectives of our audit were to (1) review the services provided by Softmart Government Services, Inc., (Softmart) under delivery order number 0440-03-52698 and the related costs charged to the Social Security Administration (SSA) for adherence to the negotiated terms and applicable regulations; and (2) ensure the Agency received the goods and services for which it paid.
BACKGROUND
Executive Order 13103, Computer Software Piracy, requires that Federal agencies establish procedures to ensure compliance with established computer software licensing laws and regulations. SSA's Office of Telecommunications and Systems Operations (OTSO) develops guidelines and processes to ensure SSA complies with this Executive Order.
OTSO established a purchasing vehicle to acquire associated software licensing and maintenance/upgrade rights for SSA desktop and laptop personal computers. Components that purchase or consider purchasing computer workstations, including desktops and laptop personal computers, contact OTSO to acquire licensing rights for the Agency's standard commercial-off-the-shelf software suite.
On September 30, 2003, SSA awarded delivery order number 0440-03-52698 to Softmart to purchase Microsoft licenses and maintenance for Microsoft products covered by the Microsoft Enterprise Agreement. The award amount was $87 million with a period of performance from September 30, 2003 to October 22, 2008. SSA established the delivery order against an existing General Services Administration (GSA) contract. As a result of an expected lapse of service between the expiration of the Softmart delivery order and the pending award of a new blanket purchase agreement, the delivery order was extended to December 22, 2008. Because of modifications and the extension of the performance period, the cumulative delivery order award total was increased to approximately $105 million. See Appendix A for more detailed information regarding the scope and methodology for our audit.
RESULTS OF REVIEW
Amounts paid for services provided under the delivery order were in accordance with prices negotiated under the GSA contract, and SSA received the goods and services for which it paid. However, SSA did not adequately document its need for the number of software licenses maintained. The number of software licenses is the primary factor in determining overall maintenance costs.
SSA did not maintain documentation supporting its need for 107,946 licenses and related maintenance support for each Microsoft software product listed in Table 1 below.
Table 1: 107,946 Software Licenses Maintained Under the Contract
Microsoft Office XP Professional
Microsoft Windows Professional
Microsoft Exchange Server Client Access Licenses
Microsoft Systems Management Server Client Access Licenses
Microsoft Windows Client Access Licenses
SSA officials acknowledged the contract file did not contain documentation supporting the need for 107,946 licenses. An SSA official stated the number of licenses maintained under the contract was simply carried forward from the prior contract (awarded to a different contractor). SSA officials stated they believed the need for this number of licenses was documented in the prior contract file. However, we could not confirm this since SSA destroyed the contract file after the required retention period.
The delivery order with Softmart expired on December 22, 2008. On the same day, SSA awarded ASAP Software Express, Inc., a 5-year blanket purchase agreement valued at approximately $130 million to acquire Microsoft software licenses, maintenance, and technical support services. Under the contract with ASAP Software Express, Inc., SSA appeared to have made significant changes to the number of Microsoft software licenses procured. On February 9, 2009, SSA transferred the blanket purchase agreement to Dell Marketing L.P. because Dell Marketing had acquired ASAP Software Express, Inc. We plan to perform a similar audit of the Dell Marketing L.P. contract and will determine whether SSA can support its need for the current number of software licenses.
CONCLUSION AND RECOMMENDATION
Amounts paid for services provided under the delivery order were in accordance with negotiated prices, and SSA received the services for which it paid. However, the contract file did not include support for SSA's need for five specific Microsoft software licenses maintained as part of the delivery order. More than 80 percent of the maintenance expenditures made under this delivery order were related to these five Microsoft products.
Therefore, we recommend that SSA document its computation of the number of software licenses maintained and retain this documentation in the contract file.
AGENCY COMMENTS AND OIG RESPONSE
SSA agreed in principle with our recommendation. SSA's comments are included in Appendix B. SSA emphasized, and we agree, that its disposal of prior contract file documentation after its required retention period was appropriate. However, instead of developing a process to identify the number of software licenses actually needed to meet current mission requirements, SSA stated it based the $100+ million acquisitions on software requirements formulated prior to the 1996 UNISYS contract. Since SSA did not create documentation to substantiate formulation of current software requirements, and no longer retained documentation to substantiate its pre-1996 software requirements, we could not assess the validity of SSA's requirements formulation.
Patrick P. O'Carroll, Jr.
Appendices
APPENDIX A - Scope and Methodology
APPENDIX B - Agency Comments
APPENDIX C - OIG Contacts and Staff Acknowledgments
Appendix A
Scope and Methodology
To accomplish our objectives, we:
Reviewed the contract between the Social Security Administration (SSA) and Softmart Government Services, Inc.
Reviewed the applicable sections of the Federal Acquisition Regulation.
Interviewed the Contracting Officer in the Office of Acquisition and Grants, the Contracting Officer Technical Representative in the Division of Resource Management and Acquisition, staff in the Office of Finance, and staff in the Office of the Chief Information Officer.
Obtained a list from the Office of Finance identifying 26 invoices totaling
$104,775,091 paid under this contract for services received. We reviewed the
five largest invoice dollar amounts and the three lowest invoice dollar amounts.
The total amount of the eight selected invoices was $61,656,879, which represented
approximately 59 percent of the total amount paid under the contract. We reviewed
these invoices to ensure (1) SSA paid amounts approved in the contract; (2)
invoices were approved before payment; (3) SSA paid invoices timely in accordance
with the terms of the contract; and (4) invoice amounts were recorded correctly.
We determined that the data used for this audit were sufficiently reliable to meet our audit objectives. We performed our audit between September 2009 and April 2010 in Baltimore, Maryland, and Dallas, Texas. The principal entity audited was the Division of Resource Management and Acquisition under the Office of the Deputy Commissioner for Systems. We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.
Appendix B
Agency Comments
SOCIAL SECURITY
MEMORANDUM
Date: August 31, 2010
To: Patrick P. O'Carroll, Jr.
Inspector General
From: James A. Winn /s/
Executive Counselor
to the Commissioner
Subject: Office of the Inspector General (OIG) Draft Report, "Delivery Order with Softmart Government Services, Inc., for Microsoft Licensing and Maintenance" (A-06-10-11019)--INFORMATION
Thank you for the opportunity to review the draft report. Attached is our response
to the report's recommendation.
Please let me know if we can be of further assistance. Please direct staff inquiries to Rebecca Tothero, Acting Director, Audit Management and Liaison Staff at (410) 966-6975.
COMMENTS ON THE OFFICE OF THE INSPECTOR GENERAL (OIG) DRAFT REPORT, "DELIVERY ORDER WITH SOFTMART GOVERNMENT SERVICES, INC., FOR MICROSOFT LICENSING AND MAINTENANCE" -- A-06-10-11019
We offer the following in response to your recommendation.
Recommendation
We recommend that SSA document its computation of the number of software licenses maintained and retain this documentation in the contract file.
Response:
We agree in principle, but in this case, we followed all retention rules in disposing of information in the contract file. We did not dispose of the information inappropriately.
The purpose of your audit was to review a contract with Softmart Government Services, Inc. We awarded the contract in 2003 and it extended through December 2008. Regarding that contract, you state in the report:
SSA officials acknowledged the contract file did not contain documentation supporting the need for 107,946 licenses."
While we may not have provided the level of documentation you deemed appropriate, we did have considerable documentation to exhibit the sound reasoning behind our decisions. We provided your auditors with that documentation in the form of a System Procurement Request (SPR).
In 1996, we issued a contract to UNISYS and purchased thousands of copies of Microsoft software. At that time, we assessed our needs and documented our reasons for the number of licenses we required. We used our UNISYS experience as the primary basis for ordering continuing maintenance and software upgrades from Softmart. As you note in your report, "SSA officials stated that they believed the need for this number of licenses was documented in the prior contract file." That "prior contract file" was for UNISYS, and we disposed of the file after the retention period required by the Federal Acquisition Regulation.
On June 6, 2003, our Chief Information Officer (CIO) submitted a formal SPR for an "Enterprise License Agreement for Microsoft Proprietary Software" (attached). In the SPR, the CIO provided detailed information concerning our requirements. The cover memorandum of the SPR stated that:
SSA currently has an Enterprise Licensing Agreement with UNISYS Corporation for maintenance of Microsoft products that support SSA's workstation and LAN environment."
In the body of the SPR itself, we referenced the original UNISYS contract (Contract# 600-96-26459 - originally negotiated and signed in 1996) and explained that a new contract (ultimately with Softmart) would provide continuing maintenance support for the same Microsoft products covered by UNISYS. We also provide detailed information concerning our requirements for additional licenses (e.g., "procurement of 6,144 new operating systems and associated products" to support a workstation replacement project) and explained further how a new licensing agreement would consolidate several existing contracts for similar products into a single contract.
We believe the SPR provides adequate evidence for you to conclude that we acted properly in all aspects when administering the Softmart contract. You state that:
Amounts paid for services provided under the delivery order were in accordance with negotiated prices, and SSA received the services for which it paid."
The Microsoft products you cite are integral to our business processes, and virtually every person doing SSA work uses them daily. We based our decisions concerning quantities on the fact that we need support for every one of the workstations in our inventory. This includes workstations for all SSA and DDS employees, and contractors - more than 85 thousand persons. We have a person-to-workstation ratio that exceeds one-to-one, primarily because of field offices where we have front-end interviewing workstations in addition to personal workstations. Considering this, it is evident that the quantities cited in the Softmart contract are in line with what one would expect.
We believe that your finding relates more to a lack of documentation for the 14-year-old UNISYS contract, rather than any uncertainties about whether we ordered proper quantities more recently. Nevertheless, we understand that we must continue to assess accurately our needs for software licenses. Although it may have been helpful to you to have retained the UNISYS documentation as further support for the Softmart contract, we disposed of the documentation appropriately and in accordance with retention policies.
You state that you will be performing an audit for a similar contract we negotiated in 2009 with Dell Marketing. You started that audit recently, and we have provided documentation to support our 2009 estimates. This is further evidence that we are complying with documentation standards. We trust you will discuss this in your future report.
One other note: In addition to the up-front work that we do for these contracts, we also maintain strict controls when actually issuing software licenses. As offices have specific requirements, they make formal requests through the Division of Resource Management and Acquisition web site, a site we maintain specifically to track and issue licenses. We also use the information to support the payments we make to vendors.
Appendix C
OIG Contacts and Staff Acknowledgments
OIG Contacts
Ron Gunia, Director, Dallas Audit Division
Jason Arrington, Audit Manager
Acknowledgments
In addition to those named above:
Lela Mitchell, Senior Auditor
For additional copies of this report, please visit our Website at www.socialsecurity.gov/oig or contact the Office of the Inspector General's Public Affairs Staff Assistant at (410) 965-4518. Refer to Common Identification Number A-06-10-11019.
Overview of the Office of the Inspector General
The Office of the Inspector General (OIG) is comprised of an Office of Audit
(OA), Office of Investigations (OI), Office of the Counsel to the Inspector
General (OCIG), Office of External Relations (OER), and Office of Technology
and Resource Management (OTRM). To ensure compliance with policies and procedures,
internal controls, and professional standards, the OIG also has a comprehensive
Professional Responsibility and Quality Assurance program.
Office of Audit
OA conducts financial and performance audits of the Social Security Administration's
(SSA) programs and operations and makes recommendations to ensure program objectives
are achieved effectively and efficiently. Financial audits assess whether SSA's
financial statements fairly present SSA's financial position, results of operations,
and cash flow. Performance audits review the economy, efficiency, and effectiveness
of SSA's programs and operations. OA also conducts short-term management reviews
and program evaluations on issues of concern to SSA, Congress, and the general
public.
Office of Investigations
OI conducts investigations related to fraud, waste, abuse, and mismanagement
in SSA programs and operations. This includes wrongdoing by applicants, beneficiaries,
contractors, third parties, or SSA employees performing their official duties.
This office serves as liaison to the Department of Justice on all matters relating
to the investigation of SSA programs and personnel. OI also conducts joint investigations
with other Federal, State, and local law enforcement agencies.
Office of the Counsel to the Inspector General
OCIG provides independent legal advice and counsel to the IG on various matters,
including statutes, regulations, legislation, and policy directives. OCIG also
advises the IG on investigative procedures and techniques, as well as on legal
implications and conclusions to be drawn from audit and investigative material.
Also, OCIG administers the Civil Monetary Penalty program.
Office of External Relations
OER manages OIG's external and public affairs programs, and serves as the principal
advisor on news releases and in providing information to the various news reporting
services. OER develops OIG's media and public information policies, directs
OIG's external and public affairs programs, and serves as the primary contact
for those seeking information about OIG. OER prepares OIG publications, speeches,
and presentations to internal and external organizations, and responds to Congressional
correspondence.
Office of Technology and Resource Management
OTRM supports OIG by providing information management and systems security.
OTRM also coordinates OIG's budget, procurement, telecommunications, facilities,
and human resources. In addition, OTRM is the focal point for OIG's strategic
planning function, and the development and monitoring of performance measures.
In addition, OTRM receives and assigns for action allegations of criminal and
administrative violations of Social Security laws, identifies fugitives receiving
benefit payments from SSA, and provides technological assistance to investigations.