Special audit shows risk for fraud in some Harford contracts

A special audit involving Harford County contracting procedures found instances where the county relied too much on non-competitive bid service contracts and, as a result, left itself open for possible fraud, misappropriation of county assets and the likelihood it paid more for the services than necessary.

The audit performed by the accounting firm SB & Company of Cockeysville specifically targeted information procurement technology contracts, the majority of which were requested by the Division of Information and Communication Technology, whose director, Justus Eapen, was fired last month by Harford County Executive David Craig, a few weeks before the audit's final report was turned over to Craig and members of the Harford County Council.

Craig has declined to discuss the firing of Eapen, citing personnel confidentiality; however, several well placed sources in the county government said the contracting concerns were at best a contributing factor to his dismissal, which also involved other issues.

A management letter discussing the auditor's findings and recommending corrections was released to Craig on Feb. 3. It has not been discussed publicly. The Aegis obtained a copy of the letter and a document entitled, "Report of Independent Public Accountants on Applying Agreed Upon Procedures – For the Period Ended Sept. 30, 2011," through a freedom of information request.

Only one vendor is cited by name in either document, a Bel Air consultant who provided social media services to the Office of the Chief of Staff, headed by Aaron Tomarchio.

A third document produced by the auditor, an undated agenda for a meeting with Craig and the council, cites specific concerns about an open-ended contract with a Virginia company that provided a variety of IT services to Information and Communication Technology. At least one person who attended the meeting in question said it took place between Christmas and New Year's.

Though the auditors concluded the county's information technology department has made risky contracting decisions, county officials said this week they are confident the procurement department is addressing those issues.

Concerns raised last year

The genesis for the special audit began as SB completed its regular audit of the county's operations for the 2010-11 fiscal year last September. Though that audit was clean, the auditor noted in its most recent management letter that "we noted a certain matter involving a certain internal control and operational matters..."

In going over the annual report at the Dec. 13, 2011 county council legislative session, the auditors said they had concerns with some procurement policies, especially the large number of sole-source contracts in the procurement department.

The subsequent special audit confirmed 19 of a statistically-sampled 21 contracts reviewed for IT services were "piggy-backed" and one was competitively bid. Contracts and vendor disbursements between the dates of July 1, 2009 and Sept. 30, 2011 were reviewed.

Auditors were unable to find the procurement method for one other contract, with Tobias J. Musser of MNS Group in Bel Air, to provide media and communication services via Twitter and Facebook. A copy of the Musser contract, obtained by The Aegis, shows it was executed on behalf of the Office of the Chief of Staff and was for an amount "not to exceed $49,800 per year."

Musser did not return requests for comment earlier this week.

Out of a sample of 15 vendors the auditors looked at, 11 vendor contracts were "piggy-backed" and four did not have contracts, according to the agreed-upon procedures document.

Emergency purchases in non-emergency situations

A Feb. 3 management letter states that piggy-back procedures for service-related contracts "are used typically for emergency circumstances whereby there is not time to prepare a fully competitive request for proposal process."

"Therefore, we typically see these procurement methods for service related contracts to be the exception," the auditors wrote.

The letter also noted that while the rate for service is set, the underlying effort to complete the task is not set, so "the County may end up paying more for an item than was originally expected."

"Additionally, the use of these types of procurements increases the risk of misappropriation of County assets and resources," the auditors wrote.

The undated agenda for the meeting between the auditors and county officials expressed some concerns with specific issues, including "a significant amount of contracts with the company ESI, which subcontracted a significant portion of the work to Hexaware."

County financial records showed Enterprise Solutions Inc., in Vienna, Va., was paid $580,770.92 for "other professional services" between July 1, 2009, and December 31, 2011.

Specific purchase orders cite "computers, software accessories" for such uses as "application and database consolidation and data migration," "automate budget process," "ITIL workflow consolidation study" and "identify the best practice for IT service support based on ITIL framework."

One purchase order dated Aug. 22, 2010 was for $347,172.40 for data processing, computer, programming and software services "TRIS re-engineering project." It included a project manager, 720 hours, a business manager, 800 hours, a programmer/analyst, 800 hours, and a business financial analyst, 2,520 hours.

Piggy-back contracts cited, defended

"The contracts with ESI were developed from a federal GSA contract schedule that is used by many state and local governments," county spokesman Bob Thomas wrote in an e-mail Tuesday.

"The rates for the services of all of the classifications of persons working on the contract are set by the federal schedule. The scope of services was adjusted in an attempt to bring the county off of some of our old mainframe systems that provide complicated and tedious work processes and were no longer supported by the original hardware and/or software vendors," Thomas wrote.

"It was becoming increasingly difficult to program the old systems to accomplish the new applications required. Although the time to complete the analysis and programming may have been adjusted, the rates paid for the services were no more than the contract rates that any government using the GSA schedule would have paid," he wrote.

Michael Lee of ESI, the contact person listed on the purchase order, did not respond to requests for comment.

Government reaction

Neither county administration officials nor members of the county council said they consider the special audit findings especially damning.

Thomas, with the county executive's office, said the procurement office is making some adjustments but "piggy back" contracts will continue to be used.

"We appreciate the results of the independent audit performed by SB & Company. We found the audit to be a useful tool as we review and revise our practices," he wrote in an e-mail Tuesday. "We also acknowledge that the audit found no indication of malfeasance nor criminal activity within the Office of Information Technology. 

"Harford County will continue to use 'piggy back' contracts as does the state and other counties for cost saving purposes," Thomas continued. "However we will use such contract judiciously in the future".

Council President Billy Boniface said Tuesday he had not seen the final report, but had spoken with the county executive and auditors about it.

"There weren't any real significant findings other than what has been presented," Boniface said. "It wasn't any big enlightening report that came out."

Boniface agreed the procurement department plans to get an employee more educated in IT, noting contract issues are always more prominent in that field.

"It always tends to be more IT because they are more service-related," he said. "There is more opportunity for fraud."

"I think you are going to see some significant changes coming down the pike in how the procurement process operates," he said. "I think it's going to be for the better. It's going to help clean up some of the procurement process which has potential for fraud there."

Boniface also said he expects more vigilance in county government in general.

"Now we have a county auditor in place," he said. "It's going to make us do a better job...We will keep an eye on things, especially the board of estimates."

Councilman Jim McMahan agreed the main issue is the challenge of understanding the service contracts in IT.

"We need someone in procurement well-versed in IT services," he said.

Copyright © 2018, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad