Could SOX Be Used to Hold Contractors
Gerald H. Lander, Valerie J. Kimball, and Kimberly A. Martyn
FEBRUARY 2008 - Federal government funds are a limited resource
expended to benefit the country in areas such as social issues,
national defense, homeland security, and natural disaster relief.
The U.S. government is the largest consumer of prime contracts.
Over the last five years, spending on federal contracts was the
fastest-growing part of the discretionary budget. Between 2000 and
2005, procurement spending rose 86%, twice as fast as other discretionary
spending, which rose 43%. Indeed, federal contract expenditures
now consume almost 40 cents of every dollar of discretionary spending.
For example, Lockheed Martin and its subsidiaries were awarded over
$19 billion of prime contracts from the Department of Defense in
2005 (see “100 Companies Receiving the Largest Dollar Volume
of Prime Contract Awards – Fiscal 2005,” siadapp.dmdc.osd.mil/procurement/historical_reports/
According to U.S.
Department of Justice (DOJ) statistics reported for the fiscal
year ending September 30, 2005, the United States recouped more
than $1.4 billion dollars in settlements and judgments pursuing
allegations of fraud. For the fiscal year ending September 30,
2006, the government recovered a record total of more than $3.1
billion in settlements and judgments from cases involving claims
of fraud. According to a November 2006 DOJ report, defense procurement
fraud accounted for $609 million in settlement and judgment awards
Procurement fraud squanders limited funds, threatens safety and
national defense, cheats American taxpayers, and harms government
efforts to obtain needed goods and services. What follows is a
discussion of types of procurement fraud and what is being done
to prevent and discover it. In addition, the authors recommend
that section 406 of the Sarbanes-Oxley Act of 2002 (SOX), which
requires all publicly held companies to have a code of ethics
and specifies what that code should contain, be incorporated into
the Government’s Cost Accounting Standards (CAS). These
standards should also be modified and expanded to cover all fully
covered CAS contracts. The databases that track companies banned
from future government contracts should also be expanded to include
individuals, to mitigate the possibility of individuals who are
found personally liable under the proposed CAS (which incorporates
SOX) from participating in future government contracts.
Government Acquisition Methods
The U.S. procurement process begins with requests for acquisition
of goods or services, using three acquisition or bidding process
- Competitive or advertised bidding;
- Competitive proposals or negotiations; and
- Sole source.
At any stage of the procurement process, anyone with the knowledge,
opportunity, and need can take advantage of the contract. The
goal is to purchase the most appropriate and highest-quality goods
or services for the lowest cost.
Competitive or advertised bidding.
The government uses competitive or advertised bidding when it
has exact specifications for the product or service required.
When evaluating bids, the government considers price and other
important factors such as experience and past performance. In
this process, requests for procurement must specify the government’s
requirements clearly, accurately, and completely. No negotiation
occurs between the government and bidders. This method promotes
competition. Fair and honest consideration is implied and given
to all bidders soliciting the government contract. By bidding,
the contractor agrees to all specified conditions.
Legitimate reasons for rejecting a low bid include that the bid
price may be considered unrealistic, the bidder may be deemed
unresponsive (e.g., a poor reputation for the follow-up parts
market), failing to conform to standards, a conflict of interest,
or the appearance of favoritism.
Competitive proposals or negotiations.
This more flexible method of contracting often begins with a government
agency request. In a competitive negotiation, the government has
an idea of what it requires but lacks the resources to establish
specifications and costs. Thus, contractors have a degree of freedom
to develop the procurement proposal and an opportunity to sway
the government to pay higher prices. After an agreement is reached,
a contract is written and signed by both parties.
Sole source. In this method, the government
contacts the contractor it wants to supply the product or service.
The sole source process vests much power with contracting officers,
but its rationale must be justified to the responsible oversight
individual, committee, or government agency, such as Congress
(e.g., by showing that it is the best or only way for the contracting
agency to acquire the goods and services needed). A request for
a proposal to the contractor selected is delivered and is answered
by the contractor, later resolving other issues such as price
and delivery terms. Finally, a contract is written and signed
by both parties.
Competitive Versus Noncompetitive Bidding
Detractors claim that the government increasingly uses unfavorable
contracts and avoids the proven benefits of competitive bidding
for negotiated deals that tend to cost more. Noncompetitive awards
increased by 115% from 2000 to 2005, rising from $67.5 billion
to $145 billion (U.S. Representative Henry Waxman, “Dollars,
Not Sense,” House Government Reform Committee, www.democrats.reform.house.gov/Documents/
20060620140127-02294.pdf, 2006, p. 15). Many different categories
of noncompetitive contracts exist. Of the $145 billion in noncompetitive
contracts awarded in 2005, $97.8 billion were no-bid contracts,
a 110% increase from 2000; $63.4 billion was awarded under the
rationale that only one contractor could supply the needed goods
or services. The other $34.4 billion in no-bid contract dollars
was awarded under such exceptions as emergency circumstances ($8.7
billion) and where a statute authorizes or requires restricted
competition ($2.9 billion) (Waxman 2006). Much of this increase
is related to the rebuilding of Iraq and the recovery from Hurricane
Katrina. Federal acquisition law provides exemptions from competitive
sourcing requirements under certain circumstances, such as emergencies,
or if there is only one source for the required service. Still,
the use of these types of contracts has increased from 33% of
federal contract dollars in 2000 to 38% in 2005 (Waxman 2006).
In response to growing procurement spending, on July 28, 2006,
U.S. Representative Leonard Boswell introduced the Competitiveness
in Contracting Act to limit noncompetitive awards of federal contracts
in response to major disasters and emergencies. The House overwhelmingly
passed the bill, renamed the Accountability in Contracting Act,
on March 15, 2007. The legislation limits the awards of no-bid
contracts for emergencies to one year. The bill passed the Senate
with an amendment (S.680) and, as of press time, had been sent
back to the House.
Government Contract Fraud
Upon awarding a contract, potential fraud exists in areas such
as product substitution, cost mischarging, defective pricing,
progress payment fraud, and antitrust violations.
Defective pricing. This practice arises
from intentionally using old or inaccurate cost data to inflate
costs. Under the Truth in Negotiations Act, contractors must submit
cost or pricing data prior to negotiations, and certify that the
data are accurate, complete, and current as of the close of negotiations.
Submitting defective (inaccurate, incomplete, or noncurrent) data
entitles the government to a price reduction under a contract
clause included whenever certified cost or pricing data are required.
Existing defective pricing data does not indicate fraudulent behavior,
and recovery under the contract clause is not based on fraudulent
intent. This clause makes contractors liable for the overpayment
along with simple interest computed from the date of overpayment
to the date the government is repaid [at the applicable underpayment
rate effective for each quarter prescribed by the Secretary of
the Treasury under 26 USC 6621(a)(2)], and for a penalty equal
to the amount of the overpayment, if the contractor or subcontractor
knowingly submitted defective data.
Significant fraud indicators in defective pricing cases include:
- Falsifications or alterations of supporting data;
- Failure to update cost or pricing data when past activity
indicates price decreases;
- Failure to completely disclose data known to responsible
- Distortion of overhead accounts or base line information
by transferring charges or accounts that have a material impact
on government contracts;
- Protracted delay in release of data to the government to
preclude possible price reductions;
- Repeated denials by responsible contractor employees of the
existence of historical records that are subsequently found;
- Submitting fictitious documents;
- Failing to disclose internal documents on vendor discounts;
- Nondisclosure of actual costs for follow-up contracts. (See
U.S. Army Logistics Management College, “Procurement Fraud,”
ALM-31-6082c, 2006, www.almc.army.mil/ledd/8a-f17/Adobe/Fraud.pdf.)
Progress payments fraud. Payments made
to contractors based on costs incurred or on a percentage or phase
of completion can result in progress payment fraud. Because the
government relies heavily on the contractor’s integrity,
progress payments are not always audited beforehand. Such fraud
cases usually involve erroneous labor charges for work not yet
performed, charges for materials not purchased, or false documentation
of the phase of completion. This fraud is perpetrated to receive
more money in a cost-type contract, but could also be committed
to influence future contract awards (e.g., as when contracts are
awarded in phases, with funds dependent upon completion of prior
Organizations That Detect and Prevent Fraud
National Procurement Fraud Task Force.
Deputy Attorney General Paul J. McNulty announced on October 10,
2006, the establishment of a new national procurement fraud initiative
by the Justice Department’s Criminal Division (www.usdoj.gov/criminal/npftf/pr/press_
releases/2006/oct/10-10-06procfraudannounce.pdf). The task
force’s charge is to detect, prevent, and prosecute procurement
fraud resulting from increased contracting activity for national
security and other government programs.
The task force is expected to reinforce the government’s
efforts against procurement fraud and to increase criminal enforcement,
focusing on defective pricing, product substitution, misuse of
classified and procurement-sensitive information, false claims,
grant frauds, labor mischarging, accounting fraud, foreign military
sales fraud, ethics and conflict-of-interest violations, and public
Inspector General and SIGIR. The Inspector
General Act of 1978 established the Inspector General as the primary
advisor to the Secretary of Defense for issues related to prevention
of fraud and abuse in the Department of Defense (DOD). Congress
also instituted the Special Inspector General for Iraq Reconstruction
(SIGIR) to oversee the $18.4 billion reconstruction fund. As a
result, the Department of Defense Inspector General has limited
its audit role in order to prevent duplication of efforts due
to the oversight provided by the SIGIR, the DOD audit community,
and the Government Accountability Office (GAO).
Defense Contract Audit Agency. Established
in 1965, the Defense Contract Audit Agency (DCAA; www.dcaa.mil)
centralized audit functions for the various branches of the military.
The DCAA performs standardized contract audits for the DOD and
certain other government agencies, along with accounting and financial
advisory services related to procurement contracts. DCAA audit
services include pre- and post-award contract audits and contractor
internal control systems audits. DCAA auditors also provide negotiation
assistance in the form of procurement liaison services and fact-finding
analysis of contractor information after audits.
In conformity with Government Auditing Standards, DCAA auditors
are not responsible for proving fraud. “DCAA’s mission
is to perform contract audits of commercial companies, and not
to perform investigations,” said a Pentagon official explaining
the audit agency (Neil King Jr., “Pentagon Auditor Requests
Probe of Halliburton,” Wall Street Journal, Jan.
15, 2004). When auditors suspect unlawful activity, they “make
a referral … to the appropriate investigative organization.”
Still, the DOD Inspector General’s 1993 Handbook on
Fraud Indicators for Contract Auditors says that auditors
should design audit steps to reasonably assure detection of irregularities
and illegal acts, and report fraud indicators to investigators,
but cannot automatically conclude that an indication of fraud
means that fraud exists. Indeed, as with all audits, professional
skepticism is necessary.
In fiscal year 2006, the DCAA audited $121.1 billion of incurred
costs on contracts and forward pricing proposals of $182.3 billion.
U.S. taxpayers saved a net $2.3 billion due to audit findings.
Thus, the return on investment in the DCAA was approximately 520%.
Laws Designed to Prevent Fraud
Procurement Integrity Act. Private
consultants, many of them former governmental employees, often
assist in the procurement process. These consultants serve as
liaisons between government officials and contractors. The government
strictly regulates contractor re-employment after a contractor
leaves a governmental position. Government employees must take
annual ethical training regarding this issue and are encouraged
to contact the government’s human resource department before
accepting a position with a contractor, in order to avoid the
appearance of a conflict of interest. Failure to comply with the
government’s ethical guidelines can result in blacklisting
and criminal charges.
The Procurement Integrity Act of 1988 (as amended), which provides
the basis for these guidelines, focuses on contractor and government-official
inappropriate contacts. It expressly addresses offers of employment,
disclosure of information, and compensation of former officials.
Remedies to punish violators include criminal prosecution, civil
suits, and administrative ramifications. The Act specifies that
government employees with access to contractor bid, proposal,
or source-selection information may not, except as provided by
law, disclose that information prior to the awarding of a contract.
Moreover, no one may knowingly obtain this type of information
before an award, regardless of the proposed contract’s dollar
amount. A government employee participating personally and substantially
in procurement must report any offer for non-federal employment
made by a contractor. The employee can either reject the offer
of employment or exclude himself from further participation in
the procurement process.
False Claims Act Qui Tam Actions.
The False Claims Act, passed during the Civil War, punishes military
contractors who cheat the government. In 1986, an effort led by
U.S. Senator Chuck Grassley strengthened the law to encourage
the use of qui tam (abbreviated from the Latin “He
who sues for the king sues for himself”) actions, where
citizens are authorized to bring, as “private Attorneys
General,” lawsuits on behalf of the government. Under the
new provisions, whistleblowers can file cases against government
contractors who commit fraud. Violations of federal law can result
in false claims under the act (see Shawn Zeller, “Face-Off
Over Fraud,” Government Executive, July 15, 2005).
The whistleblower begins the qui tam process by retaining a private
attorney who investigates the whistleblower’s allegations
and, if appropriate, files the lawsuit acting on the government’s
behalf alleging violations of the False Claims Act. Qui tam
suits are filed secretly so the defendant and others do not learn
of the lawsuit. The DOJ is served a copy of the complaint, plus
a written disclosure statement detailing the alleged fraud, to
provide the government with an opportunity to investigate the
allegations (see T.A. Lewis, “The False Claims Act and Its
‘Qui Tam’ Provision—a Primer,” The
Government Accountants Journal, Winter 2000, p. 36-44).
The DOJ proceeds to investigate the allegations and may decide
to work with the whistleblower’s attorney. If the DOJ declines
to proceed, the whistleblower and the attorney can still move
forward. A contractor found guilty of making false claims for
federal funds is liable for three times the government’s
loss, plus a civil penalty of $5,500 to $11,000 for each false
claim (“Justice Department Recovers $1.4 Billion in Fraud
and False Claims in Fiscal Year 2005; More Than $15 Billion Since
1986,” DOJ press release, Nov. 7, 2005).
If the contractor settles, or is found to have made false claims,
the award is shared with the whistleblower. For example, government
participation in a qui tam action results in the whistleblower
receiving 15% to 25% of any settlement or judgment attributable
to the fraud. On the other hand, lack of government participation
increases the whistleblower’s share by as much as 30%. The
DOJ reported that whistleblowers were awarded $166 million for
fiscal year 2005.
According to Kimberly Palmer (“Downfall,” Government
Executive, July 1, 2006), “Almost half of fraud investigations
in federal agencies are instigated by a tip from someone who notices
something isn’t quite right.” The increase in False
Claims Act lawsuits may relate to increased incentives for whistleblowers
to come forward since the 1986 legislation. Indeed, the number
of cases filed under the law jumped from 60 in 1988 to more than
400 in 2004. According to Zeller, “Awards rose from less
than $1 million in 1988 to more than $1 billion in 2003, with
some cases now yielding judgments in the hundreds of millions”
(“Face-Off over Fraud,” Government Executive,
July 2005). Nevertheless, federal government employees are limited
in their ability to act as whistleblowers. According to Lewis
(2000), “The courts generally reason that federal employees
should not personally benefit for simply doing what they are required
and paid to do—which is to report fraud.”
As reported by the DOJ in November 2005: “Of the $1.4 billion
in settlements and judgments received in 2005, $1.1 billion relates
to suits initiated by whistleblowers under the False Claims Act’s
qui tam provisions.” In 2006, the DOJ reported
that of the $3.1 billion recovered by the government for fraud,
$1.3 billion was from suits brought by whistleblowers under the
provision. Oracle, which agreed to pay $498.5 million for false
pricing information provided by PeopleSoft to obtain a government
contract, made the largest payment under the False Claims Act;
the whistleblower receives a $17,730,000 reward.
Sarbanes-Oxley Act of 2002. SOX has
dramatically affected overall awareness and management of internal
controls in public corporations. Responsibility for accurate financial
reporting has landed squarely on senior management, including
CEOs and CFOs who now face the potential for personal criminal
SOX section 406 directed the SEC to issue rules requiring public
entities to disclose whether they have adopted a code of ethics
(business code of conduct or employee code of conduct) that applies
to the organization’s key officers. The SEC adopted final
rules implementing section 406 in January 2003.
The final rules (see “Disclosure Required by Sections 406
and 407 of the Sarbanes-Oxley Act of 2002,” June 24, 2003;
define “code of ethics” as written standards that
are reasonably designed to deter wrongdoing and to promote:
- Honest and ethical conduct, including the ethical handling
of actual or apparent conflicts of interest between personal
and professional relationships;
- Full, fair, accurate, timely, and understandable disclosure
in reports and documents that a company files with the SEC and
in other company communications;
- Compliance with applicable governmental laws, rules, and regulations;
- The prompt internal reporting of any violations of the code
of ethics to an appropriate person or persons identified in
the code of ethics; and
- Accountability for adherence to the code of ethics.
To comply with the SEC’s requirements for implementation
of SOX section 406, the registrant must do the following:
- File with the SEC, as an exhibit to its annual report, a
copy of its code of ethics that applies to the registrant’s
principal executive officer, principal financial officer, principal
accounting officer or controller, or persons performing similar
- Post the text of such code of ethics on its website and disclose,
in its annual report, its location; or
- Provide instructions in its annual report how any person
may request, without charge, a copy of such code of ethics.
Companies not complying with the SEC guidelines would be subject
to the same procedures and due process under the SEC Enforcement
Division and the Office of Compliance Inspections and Examinations
as in any other Act.
Although SOX does not mandate business ethics training or the
adoption of codes of ethics or conduct, it requires that the company
disclose whether it has adopted a code per the above definition.
If the company has not adopted such a code, it must disclose why.
There are increased penalties for corporations and personal liabilities
for individuals held accountable for violating the requirements
of SOX section 406 and the implementation guidelines in paragraph
229.406, regardless of whether a company has a formal code. Many
penalties have doubled or tripled under the United States Sentencing
Commission’s “Increased Penalties Under the Sarbanes-Oxley
Act of 2002” (January 2003). Of particular interest is required
compliance with applicable governmental laws, rules, and regulations—especially
important for companies that contract to perform government work.
The authors recommend incorporating SOX section 406 for incorporation
into the Cost Accounting Standards (CAS) 419 for Government Contracts.
This written standard would apply to all fully covered CAS contracts
to make privately held companies and their subsidiaries subject
to SOX. At present, any subsidiary not publicly held avoids compliance
with SOX and the related penalties for failure to follow ethical
standards. Thus, incorporating SOX into CAS mandates the SOX ethics
requirement for CAS-covered contracts.
Furthermore, the authors recommend using CAS 419 to incorporate
SOX-associated standards and penalties, such as:
- Honest and ethical conduct, including the ethical handling
of actual or apparent conflicts of interest;
- Full, fair, accurate, timely, and understandable company
disclosures in government reports and other company public communications;
- Compliance with applicable governmental laws, rules, and
- Prompt internal reporting of any violations of the code of
ethics to appropriate persons identified in the code of ethics;
- Accountability for adherence to the code of ethics. Perhaps
the United States Sentencing Commission’s guidelines should
be applied. However, if a contractor appropriately handles transgressing
employees and institutes or modifies internal controls so that
the transgression is unlikely to reoccur, the contractor might
be allowed to continue contract performance and be eligible
for future government contracts. If the contractor doesn’t
follow the policies, then the CAS penalties would apply, in
addition to the contractor potentially becoming ineligible for
- Social responsibility (a corporate atmosphere conducive to
moral decision making such as the reasonable-person view versus
profiteering/price gauging), government contracting in times
of crisis and emergency such as war, national disasters, and
CAS 419 should be required for all contracts subject to full
CAS. (CAS applicability depends on the type and size of the contract.
That guidance can be found within CFR 9903.201-1 and CFR 9903.201-2.)
The Next Steps
The attention given to the detection and prevention of fraud
is justifiable because spending on federal contracts has increased
by 86% over the last five years. The increase in recovery in settlements
and judgments from cases involving fraud against the government
provides incentive for both the government and civilians.
Increasing financial penalties with the qui tam provision
under the False Claims Act helps to mitigate fraud losses; however,
fines are not enough. Taxpayers have a right to expect long-term
incarceration for contractors found guilty of procurement fraud
in order to discourage others from defrauding the government.
The penalties must be severe to discourage those tempted by opportunity.
Before the 1980s, all cases brought under the False Claims Act
were prosecuted as criminal, not civil, cases. But research in
the early 1980s revealed that criminal prosecution did little
to stop procurement fraud. The DOJ was also limited in the number
of cases it could litigate, due to the high cost of federal prosecution,
so most fraudulent contractors got off the hook. However, the
recent formation of the National Procurement Fraud Task Force
and its plans to increase criminal enforcement, along with the
strengthening of the False Claims Act, increase the risk of prosecution.
Most important, companies that receive government contracts should
be socially responsible and conduct themselves in the highest
ethical manner. To limit government procurement fraud and increase
the responsibility of all companies, public and private, engaged
in government contracts, the authors propose that CAS 419 incorporate
the standards and penalties associated with SOX section 406. This
would require companies to abide by a code of conduct or ethics,
and entail monitoring by government audit agencies for compliance.
A company’s code of conduct or ethics would be reviewed
for appropriateness, and any violations would be reported. Databases
established to track companies banned from future government contracts
could be expanded to include individuals, to prevent violators
from simply closing one business and starting another.
Increased spending on government contracts magnifies the potential
for procurement fraud. Taxpayers deserve that the funding for
fraud detection agencies be expanded, and the number of qualified
auditors be increased, in proportion to procurement spending.
here to view Sidebar.
Gerald H. Lander, DBA, CPA, CCEA, CFE, is
the Gregory, Sharer and Stuart Term Professor in Forensic Accounting
in the College of Business of the University of South Florida,
St. Petersburg, Fla.
Valerie J. Kimball, MBA, is an auditor at the
Defense Contract Audit Agency.
Kimberly A. Martyn received an MBA from the University
of South Florida in December 2007. The authors appreciate the
useful comments from Alan Reinstein, George Husband Professor
of Accounting, Wayne State University.
The views contained herein do not purport to reflect the
position of the U.S. Department of Defense or the Defense Contract