New audit reveals OPM's weak oversight of background check reviews

Thursday - 6/12/2014, 2:02pm EDT

A new audit of the Office of Personnel Management's handling of security-clearance background investigations urges the agency to "strengthen" its oversight of contractors who review case files.

The OPM Inspector General investigation revealed shortcomings in the steps taken by OPM and its contractors to make sure background investigations undergo quality reviews.

The review pointed to a lack of oversight on OPM's part in making sure contractors actually review cases and said some of the companies that employ case reviewers failed to keep track of records showing the contractors had undergone proper training.

OPM's handling of background investigations has been under scrutiny for much of the past year. Beginning last summer, it was revealed the same company, USIS, performed investigations of both National Security Agency contractor Edward Snowden and Navy Yard shooter Aaron Alexis.

Later, the Justice Department joined a False Claims Act suit against the company, which is the largest private provider of background checks, accusing it of signing off on at least 665,000 investigations over a 4 1/2 year period that had never been properly vetted. DOJ's complaint, however, is unrelated to the investigations of either Snowden or Alexis.

'Abnormal' caseload went undetected

The IG's report, which covered background investigations conducted and completed between October 2012 and the end of August 2013, uncovered two instances where USIS employees, responsible for conducting quality reviews of cases before sending them to OPM, had signed off on an abnormally high number of cases.

For example, one USIS reviewer completed 15,152 case reviews in a single month, "with most of these occurring within minutes of each other on multiple days," the report stated.

While OPM's Federal Investigative Services, which oversees the process, was able to identify and take action against one of the employees, the other employee's abnormal caseload went undetected, according to the IG report.

The IG's investigation was able to conclude that in some instances, contractor companies — including CACI and Keypoint Government Solutions, in addition to USIS — had not completed initial, first-line quality reviews but had collected payment for incomplete work anyway.

In a selected sample of 328 cases, the IG reported that 17 reports-of-investigation, or ROIs, had not been properly reviewed: three from USIS, four from CACI and 10 from KeyPoint Government Solutions.

"As a result of no reviews occurring on these ROIs prior to submission to OPM, the contractors have not complied with contract requirements and have been paid for work that was not reviewed," the report stated. "In addition, the lack of reviews can lead to inadequate work being performed and background investigation cases being potentially compromised."

In a response to the IG report, director of the Federal Investigative Services Merton Miller said OPM has asked the contractors to update their quality-control plans. Meanwhile, each company's program director has to certify to OPM on a monthly basis that the first-line reviews are taking place. FIS has also created a new inspection team to monitor contractor compliance.

OPM: Investigations weren't 'compromised'

However, there's disagreement between OPM and the IG's office over the extent to which the companies' failure to perform the first level of quality reviews put the background-investigation process at risk.

The first level of review undertaken by the contractor is only part of OPM's quality-assurance process, Miller emphasized in his comments. All cases are also re-checked by final quality reviewers at OPM.

"Therefore, the effect of the contractors' lack of reviews does not lead to background investigations being potentially compromised," Miller said.

But the IG's office maintained that for the broader quality-assurance process to be effective, all parts of it must work as designed, auditors said in the report. "Since the fieldwork contractors' review is a part of the overall ... process and it is not working as designed, there is a potential risk that a background investigation could be compromised."

Since February, final quality reviews have been performed solely by OPM. Prior to that, though, USIS also performed some final reviews under a support-services contract with the agency. Shortly after DOJ's complaint against USIS became public, OPM announced it was ending USIS' role in performing final reviews.

In fact, since only federal employees now conduct final quality reviews, Miller said OPM is now considering whether to stop requiring contractors to conduct first-line reviews entirely. In his comments on the IG report, Miller said FIS is conducting an assessment of the costs and benefits of the separate contractor quality review process.