Steel Point Solutions, LLC

DOCUMENT FOR PUBLIC RELEASE
The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release.

Steel Point Solutions, LLC, of Calverton, Maryland, protests the award of a contract to Deloitte Consulting, LLP, of Arlington, Virginia, under request for proposals (RFP) No. HM047620R0039, issued by the National Geospatial-Intelligence Agency (NGA) to design, build and operate a corporate automation implementation center.  Steel Point argues that the agency misevaluated proposals and failed to adequately consider whether Deloitte has one or more organizational conflicts of interest that would affect the propriety of awarding a contract to that firm.

We sustain the protest.

BACKGROUND

The RFP contemplates the award of an indefinite-delivery, indefinite-quantity (IDIQ) contract on a best-value tradeoff basis for a 5-year period of performance considering price and several non-price factors.  The non-price factors were past performance, technical/management, and security.  RFP, Section M, Evaluation Factors, at 2-3.  The technical/management factor included four subfactors:  technical approach, program management approach, transition in, and small business participation.  Id.  The RFP advised that the security factor would be evaluated on a pass/fail basis and would not be factored into the best value tradeoff analysis, and that the other two non-price factors in combination were significantly more important than price.  Id. at 1. The past performance factor was slightly more important than the technical/management factor, and the subfactors under the technical factor were listed in descending order of importance.[1]  Id. at 2-3. 

In response to the RFP, the agency received a number of proposals.  The agency evaluated the proposals received and assigned the following ratings to the Steel Point and Deloitte proposals:

	Steel Point	Deloitte
Past Performance	Satisfactory Confidence	Substantial Confidence
Technical/Management Overall	Outstanding	Outstanding
Technical Approach	Outstanding	Outstanding
Management Approach	Good	Good
Transition Approach	Good	Good
Small Business Participation	Good	Good
Security	Pass	Pass
Price	$29,577,259	$16,249,595

 

Agency Report (AR), exh. D.2, Source Selection Decision Document (SSDD), at 2.  On the basis of these evaluation results, the agency made award to Deloitte, concluding that, although Steel Point submitted a superior technical proposal, Deloitte’s superior past performance rating, combined with the price advantage of the firm’s proposal, led the agency to conclude that the Deloitte proposal represented the best value to the government.  After being advised of the agency’s selection decision and requesting and receiving a debriefing, Steel Point filed the instant protest.

 

DISCUSSION

Steel Point raises a number of allegations relating to the agency’s evaluation of proposals, and also alleges that Deloitte has several other contracts with the agency that create an impermissible organizational conflict of interest for Deloitte that should have resulted in the agency concluding that Deloitte was ineligible for award.  We have reviewed all of Steel point’s evaluation arguments and find them either largely to be without merit, or otherwise premature under the circumstances.  We have concerns relating to Steel Point’s organizational conflict of interest allegations.  We discuss our conclusions in detail below.

Organizational Conflicts of Interest (OCIs)

Steel point argues that Deloitte has three other contracts with the agency that create impermissible “impaired objectivity” OCIs when considered in light of the award of the current contract.  The three contracts at issue are various task orders issued under the agency’s EMERALD contracting program where Deloitte acts as a subcontractor, Deloitte’s cybersecurity risk management and assessment contract, and Deloitte’s human resource management contract.  Steel Point maintains that the OCIs created by these three contracts should have resulted in the agency concluding that Deloitte was ineligible for award of the solicited requirement.  We conclude that Deloitte has a potential impaired objectivity OCI with respect to two of the three examples identified by Steel Point, an EMERALD task order and the cybersecurity risk management and assessment contract.  We find no merit to Steel Point’s allegation concerning Deloitte’s human resource management contract because we conclude that the interrelationship between that contract and the awarded contract is too attenuated to create an OCI.  We discuss these conclusions in detail below. 

Contracting officers are required to identify and evaluate potential conflicts of interest as early in the acquisition process as possible.  Federal Acquisition Regulation (FAR) § 9.504.  The FAR provides that an OCI exists when, because of activities or relationships with other persons or organizations, a person or organization is unable or potentially unable to render impartial assistance or advice to the government.  See FAR § 2.101.  Situations that create potential conflicts are further discussed in FAR subpart 9.5 and the decisions of this Office.  Specifically, an “impaired objectivity” OCI is created when a contractor’s judgment and objectivity may be impaired because the contractor’s performance has the potential to affect other interests of the contractor.  FAR §§ 9.505, 9.508; Alion Science & Technology Corporation, B-297022.3, Jan. 9, 2006, 2006 CPD ¶ 2 at 6.

Broadly speaking, we have recognized that an “impaired objectivity” OCI may exist in two possible situations, namely, where a firm may be called upon to evaluate the work it has performed under another contract, or where a firm is called upon to perform analysis and make recommendations regarding products manufactured by it or by a competitor.  L-3 Services, Inc., B‑400134.11, B‑400134.12, Sept. 3, 2009, 2009 CPD ¶ 171 at 13-14.  The pertinent inquiry with respect to the latter concern is whether a firm is in a position to make judgments or recommendations that would have the effect of directly influencing its own well-being.  Id. at 14; see also Alion Science & Technology Corporation, supra  (protest sustained where awardee would be required to perform analysis and make recommendations regarding products that might be manufactured by it or by a competitor). 

  The Currently Solicited Requirement

By way of background, the current RFP contemplates the award of an IDIQ contract to design, build, and operate a corporate automation implementation center (CAIC).  The purpose of the CAIC is to provide the agency a full spectrum of process improvement and automation services relating to streamlining the agency’s systems and services supporting what the agency refers to as its “corporate applications.” These corporate applications include the agency’s capabilities relating to financial management, human capital, corporate administration, contracting, logistics, facilities, security, records and information management, asset management and other support activities.  RFP, Performance Work Statement (PWS), at 3.  The services being solicited are summarized in the PWS as follows:

The Contractor will provide business process assessment and design process review, design, recommendation, deployment [o]f an RPA [robotic process automation] solution or project management if non-RPA solution, training, implementation and life-cycle maintenance among the core services required to stand-up the CAIC.  The Contractor will recommend optimal Robotic Process Automation (RPA) and Business Process Improvement (BPI)/Business Process Management (BPM) capabilities, and once accepted by the Government, implement and deliver those capabilities.  Where RPA is determined to be the best approach by the contractor and concurrence is received by the Government, the Contractor shall acquire and maintain any software licenses required to provide automation as a managed services

Id.  In effect, the contractor is required to analyze the agency’s business processes and recommend solutions for improving or streamlining those processes.  Thereafter, the contractor is responsible for implementing those recommendations, either through providing a “robotic process automation” (RPA) solution, or by providing a project management services solution.

In those instances where the contractor provides an RPA solution, the contractor is responsible for recommending and acquiring the necessary RPA tools, performing pre-configuration assessments of the recommended RPA tools, performing any necessary design and configuration of the recommended RPA tools, perform user acceptance testing of the recommended tools, provide user training to operate the recommended RPA tools, deploy or implement the RPA solution, and operate and maintain the recommended RPA solution.  RFP PWS at 4-5.  As part of this overall effort, the contractor is responsible for managing any necessary software licenses and ensuring that the recommended RPA tools are capable of being issued an authority to operate (ATO) in a top secret/compartmented information classified environment.

  The EMERALD Task Order

The record shows that Deloitte is a subcontractor under several task orders that have been issued under the agency’s EMERALD contracting program.  Steel Point initially identified three task orders in its supplemental protest, but when it filed its comments responding to the agency report relating to the EMERALD task orders, Steel Point focused on just one of those, task order 24.  We confine our discussion to task order 24.

Under task order 24, the contractor provides financial management, total lifecycle acquisition management, and strategic business management support services to the agency’s Information Technology Portfolio and Resources Integration Division (the TCF division).  The statement of work for task order 24 describes the activities of the TCF division as follows:

TCF supports the Chief Information Officer (CIO) and IT Services Directorate (CIO-T) in managing the Planning, Programming, Budgeting, and Execution (PPBE) lifecycle for the IT portfolio.  The mission of TCF is to maximize the value of the IT investment portfolio in support of NGA mission requirements.

AR, exh. G.1.k, Task Order 24 Statement of Work, at 4.  The contractor’s work under the task order includes providing the following services:  support to the agency’s CIO to formulate a strategic information technology (IT) enterprise investment strategy for the CIO; developing and supporting the agency’s IT strategic planning guidance and portfolio prioritization efforts; providing support in developing IT investment decision-making business cases in support of the agency’s “program build” investment and divestment decisions; and providing support and analysis of the agency’s IT investment decisions to cognizant governance boards.  Id. at 4-5.

In short, under task order 24, the contractor provides support to the agency’s TCF division in connection with its decision-making relating to the agency’s IT investment and divestment decisions, and its budget prioritization decisions.

Steel Point argues that Deloitte has an impaired objectivity OCI arising from its performance of both the CAIC contract and task order 24 because, under the CAIC contract it sells IT products to the agency, while under task order 24, Deloitte provides the agency with support in connection with its IT investment and divestment decisions.

As discussed above, under the CAIC contract, Deloitte is required to recommend, design, deploy, monitor and maintain RPA solutions for the agency.  These RPA solutions are IT products that the agency will purchase from Deloitte.  Under task order 24, Deloitte provides support to the agency in its IT investment and divestment decisions.

The record shows that the contracting officer considered whether Deloitte had an OCI in connection with all three of the task orders identified by Steel Point.  AR, exh. G.1, CAIC OCI Investigation and Analysis Memorandum for Record, at 8-10.  Of relevance here, the contracting officer considered whether performance of task order 24 and the CAIC contract would give rise to an impaired objectivity OCI on the part of Deloitte.  The contracting officer concluded that the prime contractor had presented a broad OCI mitigation strategy under task order 24 that would require it to implement a firewall in the event that Deloitte was faced with an OCI situation, id. at 9, but the record does not include any evidence showing that such a firewall had, in fact, been implemented. 

The contracting officer also concluded, without elaboration, that Deloitte would not be evaluating its work under the CAIC contract in connection with performing task order 24, and also that it would not be evaluating its work under task order 24 in performing the CAIC contract.  AR, exh. G.1, CAIC OCI Investigation and Analysis Memorandum for Record, at 9.  On the basis of that finding, the contracting officer concluded that Deloitte did not have an impaired objectivity OCI. 

However, there is nothing in the record to show that the contracting officer ever considered whether Deloitte’s performance under task order 24 presented the second type of impaired objectivity OCI, namely, a situation where Deloitte would be required to perform analysis and make recommendations regarding products that might be manufactured or sold by it to the agency.  As noted, the CAIC contract requires Deloitte to recommend, design, deploy, monitor and maintain RPA solutions for the agency.  These solutions amount to IT products to be sold by Deloitte to the agency.  Under task order 24, Deloitte is required to assist the agency’s TCF division in making strategic decisions about whether or not to invest in particular IT products to be used by the agency.  The record therefore establishes that Deloitte is in a position to recommend the purchase of IT products that it sells to the agency. 

This presents what amounts to a textbook example of a situation where Deloitte is in a position to make judgments or recommendations that would have the effect of directly influencing its own well-being.  L-3 Services, Inc., supra. At 14.This arrangement puts Deloitte directly in the position of being able to advocate on its own behalf for future spending on the products to be sold under the CAIC contract.  Given that the contracting officer never considered this aspect of impaired objectivity OCIs in concluding that Deloitte did not have an OCI, we find that the agency failed to give adequate consideration to the question.  This is especially true given that there is no evidence that the prime contractor has implemented a firewall under task order 24.

  The Cybersecurity Risk Management and Assessment (CRMA) Contract

Under its CRMA contract, Deloitte supports the agency’s chief information security office (CISO).  Among its responsibilities under the CRMA contract, Deloitte facilitates the review and approval of all agency information systems and more, specifically, it is responsible for facilitating the ATO issuance process and conducting a variety of security assessments of agency information systems on behalf of the CISO.  AR, exh. B.2.f, OCI Disclosure and Analysis Form, Deloitte’s CAIC proposal, at 1.  Deloitte recognized that performance under both the CRMA contract and the current CAIC contract presented a potential OCI because it could be in the position of having to review any request for the granting of an ATO for products (such as RPAs) furnished under the CAIC contract as part of its responsibilities under the CRMA contract.  Id.  Deloitte did not submit a mitigation plan with its proposal for the CAIC contract to address the potential OCI that may arise in connection with Deloitte’s performance of both contracts.  Instead, Deloitte included only the “sample” mitigation plan that was provided to offerors with the solicitation.  Compare AR, exh. A.1.f, RFP OCI Disclosure and Analysis Form, at 3-5 with AR, exh. B.2.f, OCI Disclosure and Analysis Form, Deloitte’s CAIC Proposal, at 3-5.

The record shows that the agency initially did not perform any contemporaneous review of potential OCIs before awarding the CAIC contract to Deloitte; instead, the contracting officer elected to investigate the matter after Steel Point filed its OCI protest allegations.  AR, exh. G.1, CAIC OCI Investigation and Analysis Memorandum for Record.  With respect to the CRMA contract, the contracting officer recognized that performance of the two contracts together could present an impaired objectivity OCI, but concluded that Deloitte could recuse itself from performing under the CRMA contract in those instances where it may be called on to review its work under the CAIC contract.  Id. at 4-5.  In reaching this conclusion, the contracting officer relied on language found in a portion of a 2018 proposal submitted by Deloitte in response to the CRMA solicitation.  AR, exh. G.1.d, Deloitte’s Proposed CMRA OCI Mitigation Plan.  The contracting officer also noted that the CRMA contract term was scheduled to end in July 2021, but that because the agency was still competing the follow-on contract for the CRMA requirement, there was the possibility that the two contracts could overlap for some interval.  AR, exh. G.1, CAIC OCI Investigation and Analysis Memorandum for Record, at 5-6.

We have several concerns.  First, the CRMA mitigation document reviewed by the contracting officer is a document that Deloitte submitted in connection with its proposal for the CRMA contract.  AR, exh. G.1.d, Deloitte’s Proposed CMRA OCI Mitigation Plan.  There is no evidence in the record to show whether that mitigation plan ultimately was included in the CRMA contract awarded to Deloitte.  In addition, there is no evidence to show that Deloitte made a separate, specific commitment under the CRMA contract to recuse itself from reviewing any activities that may be performed under the CAIC contract.

Second, the portion of Deloitte’s proposal that included the mitigation language relied on by the contracting officer is vague, and also contains a separate commitment on the part of Deloitte not to pursue other contracting opportunities--such as the CAIC contract‑‑involving NGA systems development activities.  The document provides:

Deloitte maintains an avoidance posture with respect to impaired objectivity; recusal of the Deloitte Team from evaluations of Deloitte Team performance on other NGA contracts; Deloitte will not pursue nor accept a prime contractor or subcontractor position that could create impaired objectivity on an NGA system development contract.

AR, exh. G.1.d, Deloitte’s Proposed CMRA OCI Mitigation Plan at 3 (emphasis supplied).  In effect, Deloitte represented that it has a two-pronged approach to avoiding impaired objectivity OCIs:  (1) recusal from reviewing Deloitte performance on other contracts; and (2) avoidance of contracting opportunities that could create an OCI. 

Deloitte’s pursuit of the CAIC contract is inconsistent with the representation in its CRMA proposal not to pursue such contractual opportunities.  Given this failure, along with the absence of an OCI mitigation plan in Deloitte’s CAIC proposal, there is no basis in the current record for our Office to conclude that Deloitte has committed, or will commit, to recusing its team from reviewing under the CRMA contract products or services it provides under the CAIC contract.

Third, the agency effectively has conceded that Deloitte has an impaired objectivity OCI stemming from the interrelationship between the CRMA and CAIC contracts, but also notes that the CRMA contract has a limited remaining duration.  While that conclusion appears correct from the record, nonetheless, there will be an interval of time when Deloitte would be responsible for performing both contracts simultaneously, and as discussed above, there simply is no mechanism in place to mitigate the OCI identified by the agency.  In addition, there is no information in the record showing that Deloitte is not also pursuing the follow-on requirement for the CRMA contract.  Should Deloitte succeed in being awarded any follow-on contract, all of the concerns present here would continue to exist.  In sum, we conclude that Deloitte has an impaired objectivity OCI stemming from the fact that it has been awarded both the CRMA and CAIC contracts, and there is nothing in the record to show that this OCI has been mitigated.

In summary, the record reflects potential impaired objectivity OCIs arising from Deloitte’s performance of the two contracts discussed above, together with the CAIC contract.  The record reflects that, while the agency gave some consideration to certain aspects of these potential OCIs, there are remaining concerns that were simply never considered or addressed by the agency in its analysis of the situation.  We therefore sustain this aspect of Steel Point’s protest.

Evaluation Issues

In addition to its OCI allegations, Steel Point raises a number of challenges to the agency’s evaluation of proposals.  As an initial matter, we note that Steel Point raised a number of allegations in its initial protest that it abandoned once the agency filed its report in response to those challenges.[2] 

Additionally, Steel Point argued for the first time in its comments that the agency improperly downgraded its past performance based on consideration of the past performance examples of its teaming partners; according to Steel Point, it was improper to have downgraded its past performance based on consideration of past performance examples it was not required to submit with its proposal.  Since Steel Point knew about the agency’s evaluation of the past performance examples of its teaming partners based on information provided to it at its debriefing, this allegation--advanced for the first time in its comments--is untimely because it was not filed within 10 days of Steel Point’s debriefing.  4 C.F.R. § 21.2(a)(2). 

We have reviewed Steel Point’s remaining allegations and find no merit to any of its challenges to the agency’s evaluation.  We note that, in reviewing protests challenging an agency’s evaluation of proposals or quotations, our Office does not independently evaluate proposals or quotations; rather, we review the record to determine whether the agency’s evaluation was reasonable and consistent with the terms of the solicitation and applicable statutes and regulations.  PMSI, LLC d/b/a Optum Workers' Compensation Services of Florida, B-417237.2 et al., Jan. 29, 2020, 2020 CPD ¶ 63 at 6.  We discuss one of Steel Point’s evaluation allegations for illustrative purposes. 

Steel Point argues that Deloitte’s proposal should have been rejected because it was not based on a fixed price for all requirements.  According to Steel Point, this violated the RFP’s requirement that proposed pricing be submitted on an “all or none” basis.  In support of this allegation, Steel Point maintains that Deloitte improperly placed upper limits on the parameters of [deleted], and stated that requirements for [deleted] that exceeded those parameters would have a direct impact on price.  Steel Point argues that this should have resulted in rejection of the Deloitte proposal because it amounts to a limitation on its obligation to perform the contract. 

In response to this allegation, the agency points out that all offerors--including Steel Point--included some limitations in their price proposals.  In particular, the agency notes that Steel Point conditioned its fixed prices based on a limitation regarding the number of [deleted] to be provided under the contract, even though the RFP required that the contractor include--without limitation--the cost of all [deleted] in its fixed price.

The protester does not deny the existence of the limitation in its proposal, but argues instead that this limitation was not a condition of its responsibility to perform the contract.  In contrast, Steel Point argues that the limitation included in the Deloitte proposal was a limitation on its responsibility to perform the contract.

We find no merit to this allegation.  The RFP instructed offerors to include a list of all key ground rules and assumptions that could have a significant impact on proposed price, and to describe how each ground rule or assumption impacted price.  RFP, amend. No 0001, Revised Section L, Instructions to Offerors, at 21.  Consistent with this instruction, both Deloitte and Steel Point included a list of ground rules and assumptions in their respective proposals.  AR, exh. B.1.r, Steel Point Price Proposal, at 1-7; exh. B.2.r, Deloitte Price Proposal, at Appendix 5-A1-5-A3. 

As correctly noted by the agency, both offerors included assumptions that would impact their fixed prices, and neither proposal was rejected based on these assumptions.  Following the logic of Steel Point’s allegation, the agency should have rejected both proposals for failing to propose prices on an “all or none” basis; the agency’s failure to reject both proposals was unobjectionable in light of the solicitation’s instructions to offerors. 

In any case, there is no basis to materially distinguish between the assumptions included in the Deloitte proposal compared to those included in the Steel Point proposal.  Neither offeror conditioned their obligation to perform the contract based on their stated assumptions, but both offerors conditioned their fixed prices based on their stated assumptions.  We therefore have no basis to object to the agency’s evaluation of the price proposals for the reasons advanced by Steel Point, and accordingly deny this aspect of its protest, along with Steel Point’s remaining challenges to the agency’s evaluation of proposals.

RECOMMENDATION

We sustain Steel Point’s protest allegations relating to the potential OCIs discussed in detail above.  We recommend that the agency reconsider the extent of Deloitte’s potential OCIs, determine whether those OCIs can be mitigated, and decide whether it is appropriate to make award to Deloitte based on that reconsideration.  Finally, we recommend that Steel Point be reimbursed the costs associated with filing and pursuing its protest, including reasonable attorneys’ fees.  Steel Point should submit its certified claim for such costs, detailing the time spent and the costs incurred, directly to the agency within 60 days of receiving this decision.

The protest is sustained.

Thomas H. Armstrong
General Counsel