recommended reading

Payments to Contractor Questioned During Overhaul

Africa Studio/

Goverment contracts with a major vendor building drew scrutiny in the past, a 2007 audit shows.

In 2011, the Centers for Medicare and Medicaid Services awarded Canada-based CGI a $94 million contract to construct the public face of the Obamacare insurance marketplace. According to BusinessWeek, that contract has reached a value of roughly $277 million. The website hosting the marketplace,, has been barely functional at best since it launched on Oct. 1.

Six years ago, CGI’s compensation for work on another CMS website raised eyebrows.  The company received $2.6 million in "questionable payments" for a revamp of and an existing claims appeals system to handle prescription drug benefits. CMS may have violated its own rules in some payments to CGI, and at least four of the company's invoices contained suspicious charges, according to a government audit.

The fees, found among a $25.7 million sampling of bills, were questionable because they were potentially improper, unsubstantiated or wasteful, the audit said. Examiners identified questionable payments to CGI and about 15 other contractors implementing the 2003 Medicare Prescription Drug, Improvement, and Modernization Act.

In one situation, CMS paid CGI at least $953,000 for independent research and development, even though Health and Human Services regulations prohibited funding that type of work.

CGI also double billed $95,000 worth of equipment, the Government Accountability Office reported. CGI issued CMS a credit for the duplicate payment after GAO officials informed the contractor of the error. 

In total, GAO tallied $90 million worth of questionable checks disbursed among the various contractors between January 2004 and December 2006. 

In another case, CGI billed CMS about $420,000, or about 60 percent, more for subcontractor work than the firm actually paid.  CGI officials said they notified CMS beforehand about plans "to bill subcontractor labor hours under their own labor rates (rather than actual cost) in their contract proposals, which were accepted by CMS,” according to the audit.

Separately, the contractor once charged $31,000 more for labor rates than allowed. CGI officials told auditors they planned to issue a credit for the overpayment.

GAO officials, in 2007, determined that, “given CMS’s poor control environment and the fact that our work was not designed to identify all questionable payments made by CMS or to estimate their extent, other questionable payments may have been made.”

CMS officials disputed the auditors’ overall accounting. "We disagree with GAO's conclusion that $90 million in questionable payments were made to contractors,” then acting CMS Administrator Kerry Weems wrote in a November 2007 letter responding to a draft report. "CMS has not performed incurred cost audits of the contracts in question nor made a final determination as to the amount of payments owed to the contractors," he noted.

CGI officials told Nextgov in 2009 that CMS was aware of all project activities at all times, and reviewed, approved and paid all invoices; and the company's billings were 100 percent consistent with its contract and federal policies.

This week, lawmakers are expected to hammer CMS Administrator Marilyn Tavenner and HHS Secretary Kathleen Sebelius over the deficient when they testify in hearings for the first time since the system’s launch.

In yet another snag on Sunday, a network failure at a different contractor, Verizon’s Terremark division, crashed the whole site, according to the Associated Press.

(Image via Africa Studio/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.