GAO: Defense contractors are complying with ethics rules

Nearly all large Defense Department contractors had a code of business ethics and conduct in place, even before a new Federal Acquisition Regulation rule mandating such a program was finalized in December 2008, the Government Accountability Office reported this week.

In September 2008, the watchdog conducted a Web-based survey of 57 Pentagon contractors that received more than $500 million in Defense contracts in fiscal 2006. Of those firms, 55 reported having some kind of business code of ethics that included many of the practices and standards now called for in the FAR.

For example, 51 firms require ethics training for employees and managers working on Defense contracts. Meanwhile, 55 companies have ongoing ethics awareness and compliance programs, the survey found. And 54 contractors have a policy for employees to report wrongdoing anonymously or confidentially.

"Having contractors implement internal control systems increases the likelihood that their ethics and compliance programs are generally effective in preventing, detecting and addressing contract-related fraud, waste and abuse," the report stated.

Under the new FAR rule issued in December, companies must establish internal control systems to facilitate the timely disclosure of improper conduct and cooperate fully with government agencies responsible for audit, investigation and corrective actions.

All but five of the companies GAO surveyed have an office or individual who is responsible for implementing the ethics program; conducting regular internal reviews or audits to test the program; and maintaining a code that provides examples of disciplinary consequences, such as counseling or termination, for violations.

GAO conducted the survey before the FAR rules was finalized in December. While investigators reviewed contractors' policies for consistency with the rule that would come later, they did not test the systems for effectiveness.

Under the FAR rule, contractor executives must disclose information to the federal agency's inspector general as soon as there is "credible evidence" that the company or one of its employees has violated contracting regulations related to fraud, bribery, conflicts of interest, false claims or gratuity. Previously, such disclosures were voluntary.

Contractors who knowingly fail to divulge violations and overpayments in a timely manner are subject to debarment and suspension.

It appears, however, that some Defense contractors might have beaten the government to the punch on disclosure of wrongdoing. GAO found that before the FAR rule was finalized, 34 firms already had a policy for voluntary disclosure of contract-related violations and misconduct to Defense.

"Today's report validates the dedicated work that DII companies have done to put robust ethics programs in place, even before required to do so by the federal government," said Richard J. Bednar, coordinator of the Defense Industry Initiative on Business Ethics and Conduct, a group of professional ethics officers from the defense industry.

Contractors' reaction to the FAR rule was mixed, according to the survey. Some contractors reported that the rule helps build employee trust and confidence and reduces risk and liability.

Others, however, noted that the rule's vague language "may tie up government resources in meaningless legal trivia." Some firms pointed out that disclosing an overpayment on a government contract could create operational difficulties because contracts are subject to reconciliation processes that are audited and adjusted over time.

In some instances, GAO fears that the new FAR rule actually could produce less disclosure to the government.

The rule exempts contractors with ethics programs that include their own hot lines from displaying a Defense poster with a phone number for reporting waste. In fiscal 2008, the Defense hot line received nearly 14,000 calls resulting in 2,000 cases referred to the government for investigation.

While the majority of the surveyed contractors have such a mechanism in place for employees to disclose problems, GAO fears that workers still might not be comfortable reporting directly to their firm unless they were guaranteed federal protection against retaliation.

"If more contractors opt not to display DoD's hot line posters, there is a risk that defense contractor employees will be unaware and not avail themselves of DoD's hot line," the report noted. "The DoD hot line poster's absence from contractor work sites could also jeopardize use of whistleblower protections for contractor employees put in place by DoD in response to legislation separate from the development of the FAR's contractor ethics program requirements."

GAO recommended that the Defense inspector general review the consequences of the rule and determine if further changes to the regulation were necessary. The department agreed with the recommendation.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.