oversight

Inspection Memorandum of the Inspection of the U.S. Department of Education's Contractor Employee Security Clearance Procedures (ED/OIG I13D0009). Date Issued: 04/23/2004 PDF (196K) MS Word (109K)

Published by the Department of Education, Office of Inspector General on 2004-04-23.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                            UNITED STATES DEPARTMENT OF EDUCATION
                                           OFFICE OF THE INSPECTOR GENERAL




April 23, 2004


INSPECTION MEMORANDUM

TO:          William Leidinger
             Assistant Secretary
             Office of Management

             Jack Martin
             Chief Financial Officer
             Office of the Chief Financial Officer

FROM:        Cathy H. Lewis
             Assistant Inspector General
             Evaluation, Inspection, and Management Services

SUBJECT: Inspection Memorandum of the Inspection of the U.S. Department of
         Education's Contractor Employee Security Clearance Procedures (ED/OIG
         I13D0009)

This memorandum provides the results of our inspection of the U.S. Department of
Education's (the Department) contractor employee security clearance procedures. Our
inspection focused on five objectives: (1) what procedures does the Office of
Management Security Staff follow to process contractor employee security clearances
and how are those procedures being implemented? (2) what costs are associated with
security clearances for contractors? (3) how long does it take for Security Services to
initiate the clearance process? (4) what monitoring is done to ensure that all contractors
and their staffs have required security clearances and that contractor personnel hired
after a contract begins have appropriate security clearances? and, (5) what training do
contractors receive to ensure they are aware of their responsibilities when dealing with
secured information, equipment and locations?


Executive Summary

The Department’s personnel security programs are under the control of Security
Services in the Office of Management. This office processes security clearance forms
and adjudicates Office of Personnel Management investigation results. To accomplish
its mission, Security Services works with other Department organizations, the Federal


                                400 MARYLAND AVE., SW., WASHINGTON, DC 20202-1510
                                                   www.ed.gov

         Our mission is to ensure equal access to education and to promote educational excellence throughout the Nation.
                                                                                       ED/OIG I13D0009


Protective Service, and other local and federal law enforcement organizations to ensure
the safety and security of the Department’s information, systems, and employees.

The Department policy directive OM: 5-101, Contractor Employee Personnel Security
Screenings was signed into effect on October 21, 2002. This document establishes the
Department’s policy regarding the personnel security screening requirements for all
contractor employees. The policy's supplement, which provides specific guidance for
the Office of Management (OM), Contracts and Purchasing Operations (CPO), and the
Principal Offices to follow, was signed into effect on June 26, 2003. This Supplement
requires that all Principal Offices establish their own procedures for complying with the
policy within 90 days of the date of the Supplement. Plans were due to OM no later than
September 26, 2003. As of December 15, 2003, only two Principal Offices had
forwarded their procedures to OM Security Services.1

As a result of our inspection, we determined that while OM: 5-101 provides general
procedures to be followed in requesting security clearances for contractors, Security
Services does not have its own internal procedures for processing clearances, which
has resulted in some inconsistencies in file organization and hampered the clearance
process. We also determined that the cost to the Department of processing security
clearances for current contractor employees was nearly $3 million, a cost which might
be reduced if Security Services utilized an online request form with edit checks to
reduce the number of incomplete or improperly completed forms. Security Services
does not currently track the status of clearance requests and investigations are not
routinely initiated for all contractors within 14 days as required by federal regulations
and OM policy. Also, Security Services does not routinely conduct monitoring reviews
of pending files to determine whether background investigations are progressing
appropriately and contractor employeess do not receive specific training on their
responsibility for or how to protect the security of Department systems, information and
buildings. We also determined that no part of the Department appears to be routinely
monitoring to determine if only cleared contractor employees are performing contractor
functions. OCFO needs to revise its current guidance to address this omission in its
OCFO: 2-108 directive.

Recommendations

    1. Security Services should establish its own internal procedures for handling and
       processing contractor employee security clearance procedures, including a file
       protocol.

    2. Security Services should modify or replace its current tracking system to enable it
       to verify that offices are meeting the 14-day requirement.

1 The due date for Principal Offices to develop and implement their internal procedures consistent with
OM: 5-101 and the June 26, 2003 policy supplement occurred after our exit interview with Security
Services; however, we encourage Security Services to follow up with each Principal Office that employs
contractors that require a security clearance that has not yet complied with the policy supplement.



                                                    2
                                                                         ED/OIG I13D0009




   3. To expedite this aspect of the clearance process, Security Services should
      develop an automated security form with an edit check that will ensure the form
      is fully completed by the requesting office. Security Services may want to
      consider reviewing existing systems within other agencies such as the U.S.
      Department of Energy's Integrated Safeguards and Security System
      (www.issm.doe.gov/). This system was designed, in part, to decrease the time
      and money needed to process security clearances.

   4. Security Services should publish and implement internal procedures for
      monitoring pending contractor employee security clearance files and include the
      capability for tracking the status of pending clearances into its modified or new
      tracking system.

   5. The CPO Director should ensure that OCFO: 2-108 directive is revised to specify
      the need to provide routine monitoring of contractor employees and provide
      guidance to the Contracting Officer Representatives (CORs) or other program
      officials on how best to ensure that only appropriately cleared contractor
      employees are used to fill the security-sensitive positions on a contract.

   6. The CPO Director should work with training providers and the Principal Offices to
      develop a training module for CORs and other program officials concentrating on
      the security responsibilities of contractor employees.

Background

Security Services in the Office of Management (OM/SS) oversees The Department’s
personnel security programs, including processing security clearance forms and
adjudicating Office of Personnel Management (OPM) investigation results. OM/SS
works with other Department Principal Offices, the Federal Protective Service, and other
local and Federal law enforcement organizations to ensure the safety and security of
the Department’s information, systems, and employees.

Until October 2002, Security Services relied upon Handbook 11, Personnel Security-
Suitability Program, dated November 3, 1992 for processing contractor employee
security clearances. In 2000, Security Services and the Personnel Security Working
Group recognized the need to have policies and procedures specifically for contractor
employees and began working on a policy. This collaboration resulted in OM: 5-101
Policy, Contractor Employee Personnel Security Screenings

For our inspection, we selected offices based upon the amount of contract dollars and
whether the office had contractor employees that required clearances. Based upon
these criteria, we identified OIG, OCIO, IES, and FSA for inclusion in our study.

Objective 1: What procedures does the Office of Management Security Services
staff follow to process contractor employee security clearances and how are



                                           3
                                                                                       ED/OIG I13D0009


these procedures being implemented?

Security Services has not established its own internal procedures for processing
contractor employee security clearances, which has resulted in some minor
inconsistencies in file organization.

OM: 5-101 provides general guidance to each Principal Office about processing security
clearances for contractor employees; however, Security Services has not yet
established its own internal procedures for processing security clearance requests.

Absent internal processing procedures, Security Services does not have a standardized
file format, which contributes to delays in processing requests. In the 15 files we
reviewed, there were inconsistencies in all files in documenting action dates and in
overall file organization. Security Services staff expressed the need for internal policies
and procedures to help them consistently review contractor employee files. These tools
should prove helpful to staff to perform routine monitoring reviews in preparing files for
the clearance examination.

Objective 2: What are the costs associated with gaining security clearances for
contractors?

Based on the estimates of time provided by Department personnel and the 2003
averaged hourly rate for responsible staff, the Department’s expense for the 8,343
current2, active and pending contractor employees was about $2,777,541.3

To obtain as complete an estimate on the cost of contractor security clearances, we
included the following possible factors: (1) the estimated time Department employees
use to process the clearance forms; (2) the cost of their time based on an average
salary amount with benefits; (3) the time and cost associated with the adjudication
process; (4) OPM’s charge to process the background checks for current and pending
contractor employee clearances; and (5) the individual steps involved in the clearance
process. A detailed discussion of how cost was determined is attached in the Appendix
to this report.

While the Department needs to ensure that contractor employees are properly cleared
before working with the Department information or systems, given the cost of the
clearance process, only those contractor employees who will actually perform the work

2
  Security Services provided the lists of active and pending contractors on June 25, 2003. We did not
independently verify the accuracy or completeness of this list but did use it to develop an estimate of
costs associated with processing contractor security clearances.
3 As the Department moves forward with the One-ED strategic investment process, we note that the cost
of security clearances is not currently being taken into account in the business case cost models.
According to the President’s Management Agenda, "[T]o compare the cost of in-house performance to
private sector performance, detailed estimates of the full cost of government performance to the taxpayer
have to be calculated." These costs need to be included in any cost assessment prepared by bidders
(where the staff who would work on the contract would need clearances).



                                                    4
                                                                                       ED/OIG I13D0009


(and have access to the Department’s systems) should be put through the clearance
process, rather than all contractor employees on a team. Security Services has issued
guidance to the Principal Offices, however the decision is up to the Principal Office on
which contractor employees to submit for clearance. Because individual CORs are in
the best position to know which contractor employees need clearance, we suggest that
CFO work with the CORs and the Principal Offices to determine the best way to reduce
costs without compromising security concerns.

Objective 3: How long does it take for Security Services to initiate the security
clearance process?

Contractor employee clearance forms should be forwarded to Security Services within
14 days of employment, however, requests are frequently not processed this quickly
and Security Services does not currently track the time it takes for clearance request
forms to reach them.

Under 5 CFR 731.106(c) and OM: 5-101, section III.5, contractor employee clearance
request forms4 are supposed to be forwarded to Security Services for investigation
within 14 days of the contractor employee being placed into position. Currently,
Security Services does not track the amount of time that elapses between when a
contractor employee begins working on a project to the time the clearance forms
actually reach Security Services.5 Without the ability to track such information,
contractor employees may be allowed to work for some time before Security Services
initiates an investigation.

According to Security Services staff, for every 55 requests for security action they
receive, 8 to 10, on average (18 percent), have to be returned to the Principal Office for
correction of omitted forms, data or dates. None of those returned for correction are
tracked to determine whether the 14-day requirement is being exceeded. To ascertain
if compliance with the 14-day timeframe is being met, we reviewed the sampled
contractor employee files and identified the time elapsed between the date the
contractor employee signed the security clearance request forms and the time the
Principal Office signed a Request for Security Action. Of the 15 files, seven did not
meet the 14-day timeframe. 6

Security Services recognizes the need to track the time it takes Principal Offices to
submit the contractor employee investigation forms. The office is considering modifying
its current tracking system to include this information and to developing monitoring
procedures. Security Services also recognizes that it would benefit greatly from an
automated (on-line) security form with an automatic edit function. A system like this
4
 Standard Form (SF) 85 is used for all low risk positions. SF 86 is used for moderate and high-risk
positions.
5 None of the primary offices included in our sample track this information either.
6 In its internal examination, Department CIO Contractor Security Clearance Study (June 2003), OCIO
reported that 124 out of 538 contractor employees (23 percent) did not have their preliminary clearance
forms initiated within the 14-day requirement.



                                                    5
                                                                          ED/OIG I13D0009


would automatically and immediately flag any missing information or improperly
completed forms.

Before Security Services makes a decision on revising its current system or developing
its own on-line form, we suggest they review tracking systems used by other agencies
such as the U.S. Department of Energy's Integrated Safeguards and Security System
(www.issm.doe.gov/). This system was designed, in part, to decrease the time and
money needed to process security clearances.

Objective 4: What type of monitoring is being conducted to ensure all contractor
staff have required security clearances and that contractor personnel hired after a
contract begins have appropriate security clearances?

Security Services does not routinely review pending files to determine whether or not
the appropriate level of background investigations are occurring in a reasonable amount
of time.

Currently, Security Services does not regularly monitor the status of pending clearance
requests to track whether investigations are progressing and if follow-up with OPM is
needed. This creates the potential for unsuitable (uncleared) contractor employees to
work on security-sensitive projects. During our review of 15 contractor employee files,
we identified one that had been in "pending" status, awaiting OPM's investigation
results, for over a year. The request for security action was dated May 7, 2002, and as
of our review on July 3, 2003, the file remained pending. The file did not contain any
notes or other indications of any Security Service reviews during the pending period.
Because this contractor employee applied for clearance before OM:5-101 was
instituted, Security Services was not required to conduct the pre-screening of the
contractor employee. This contractor employee was allowed to work in a high-risk
position with computer systems for over a year without clearance.

We brought this file to the immediate attention of Security Services staff, who explained
that their current tracking system does not show the length of time a file is in pending
status. Staff also explained that they do not have internal procedures for monitoring
files. We discussed the possibility of programming the current tracking system to
include a query and report to show the age of the pending files and Security Services
agreed that the system could be programmed to produce such a report.

We determined during our inspection that there is apparently no routine monitoring done
to ensure that contractor employees working in the Department have appropriate
clearances to do the work they are assigned. Security Services views such monitoring
as outside of their scope of responsibility. OCFO has responsibility for monitoring
contractors once the initial clearance has commenced; however, neither its current
directive, OCFO:2-108 Contract Monitoring for Program Officials, or the June 24, 2003,
supplement to this directive specify the need for program officials, i.e., CORs and
program managers, to monitor active contractor employees for appropriate clearances.




                                            6
                                                                          ED/OIG I13D0009


None of the four Principal Offices we sampled consistently conduct routine monitoring of
contractor employees to ensure that only cleared contractor employees are accessing
Department information, systems, and buildings. One Principal Office Systems Security
Officer performs site visits, but does not routinely monitor to determine if only cleared
contractor employees are the ones performing the contracted functions. Some of the
contracts currently in place have as many as 200 or more cleared contractor employees
working at any given time. Without some routine monitoring, it is impossible to
adequately ensure that only cleared personnel are accessing Department information,
systems, and buildings. To address this omission, the CPO Director should ensure that
OCFO: 2-108 directive is revised to specify the need to provide routine monitoring of
contractor employees, as well as to provide guidance to the CORs or other program
officials on how to ensure that only appropriately cleared contractor employees are
fulfilling the security-sensitive positions on contracts.

Objective 5: What training do contractors receive to ensure they are aware of
their responsibilities when dealing with secured information, equipment and
locations?

Contractor employees completing work on Department contracts do not receive specific
training on how they should access Department systems, information or buildings and
their responsibilities for ensuring their security.

We reviewed the COR training manuals provided by Houseman and Associates and the
Department. We also interviewed CORs concerning the training that they received.
Neither the training manuals nor the classroom training content provided guidance on
how the CORs or other responsible persons should make the contractor employees
aware of their responsibilities. Some contractor employees have their own internal
"rules of behavior" that they give to their employees. However, Department employees
do not review this information to determine whether or not it fulfills Department needs
for ensuring security. If contractor employees do not know the expectation of the
Department for handling information and accessing systems and buildings, the
Department is vulnerable to unauthorized access and usage of its information, systems,
and buildings.

Conclusion

Security Services must ensure that contractor employees who have access to
Department information, systems and buildings have appropriate security clearance.
Security Services could enhance its ability to perform this function by establishing its
own internal procedures for processing requests, and modifying its tracking system so
that it can track the status of requests for clearance and to ensure that background
investigations are progressing appropriately. Costs of the current process might be
reduced by the introduction of an online clearance request form that could minimize
internal processing errors and further information on how to determine exactly which
contractors require clearance. Also, the training provided for contractor employeess
needs to be improved to include training on their responsibilities for protecting the



                                            7
                                                                            ED/OIG I13D0009


security of Department systems, information and buildings. Finally, steps need to be
taken to clearly vest responsibility for ensuring that only appropriately cleared contractor
employees are fulfilling security-sensitive positions on Department contracts.

                         Objectives, Scope, and Methodology

Because of the signature dates on the policy and its supplement, we did not perform a
compliance review. Rather, we inspected current procedures in place and have
focused on areas either not covered by the supplement or on making suggestions for
OM Security Services and the Principal Offices to use when implementing the
supplement. The specific objectives for our inspection were to:

       1. Identify and analyze applicable laws, regulations, procedures, and directives
          pertaining to personnel security clearances for contractor employees and their
          staffs. We will also determine how these procedures are implemented.

          We focused on:
          • Security levels;
          • Adjudication processes;
          • Reinvestigation for past security clearances; and
          • Training of CORs to increase awareness of security procedures for
            contractor employees.

       2. Identify the costs incurred for security clearances of contractor employees.
          We will also determine if contractor employees pay a premium to expedite
          their clearances.

       3. Determine the time needed to process the different security clearance levels
          for contractor employees.

       4. Identify the types of monitoring conducted to ensure that all contractor
          employees and their staffs have the required security clearances. We will
          also determine if the monitoring is completed as needed at both headquarters
          and regional levels.

       5. Determine how ED officials ensure that contractor personnel hired after the
          contract begins receive appropriate security clearances before working on the
          project.

       6. Identify and document the training that contractor employees receive to
          ensure they are aware of their responsibilities when dealing with secured
          information, equipment, and locations.

To focus our fieldwork, we randomly selected six Principal Offices using November
2002 contract dollars as a basis to stratify. We selected OIG, OCR, OCIO, OVAE, IES,
and FSA. Because OVAE and OCR do not currently have contractor employees that


                                             8
                                                                          ED/OIG I13D0009


require clearances, our inspection focused on the procedures followed within OIG,
OCIO, IES, and FSA. We also reviewed applicable procedures in OM/SS.

We began our primary fieldwork March 24 and concluded it on July 25, 2003. Our work
included reviews of applicable laws and regulations, contractor employee files,
interviews with OM/SS, responsible Principal Office, CPO personnel, and observations
of systems used and physical location of files. We also used the current list of active
and pending contractor employee security clearances for contractor employees as
provided by OM/SS.

Our inspection was performed in accordance with the 1993 President's Council on
Integrity and Efficiency Quality Standards for Inspections appropriate to the scope of the
inspection described above.

Department Response

The Office of Management responded to recommendations 1-4.

Recommendations

1.    Security Services should establish its own internal procedures for handling
      and processing contractor employee security clearance procedures,
      including a file protocol.

      On November 1, 2002, all OM SS Personnel Security Staff received a copy of the
      Standard Operating Procedures (SOP) for preliminary screenings of contractors
      assigned to high risk IT level positions. Internal procedures are currently being
      developed to address all facets of the contractor employee personnel security
      screening process.

      OIG Response: We find that the comments are responsive to the finding and
      should address the problem when the internal security procedures are developed
      and implemented. No change has been made to the finding or recommendation.

2.    Security Services should modify or replace its current tracking system to
      enable it to verify that offices are meeting the 14-day requirement.

      OM SS is working to update the Security Tracking System. The services of an
      In-House Consultant have been requested to help OM SS develop a new
      tracking system to better serve their needs. The system will help OM SS ensure
      that paperwork is submitted within 14 days of notification that a new contractor
      has started at the Department. However, OM SS does not know when a new
      contractor is assigned or reassigned except when they require an ID card to
      enter a particular departmental facility, or unless a COR submits a security forms
      package for the individual, or OM SS is otherwise notified by a PO.




                                            9
                                                                       ED/OIG I13D0009


     The ID system is programmed for the ID to expire in 14 days if OM SS does not
     receive a security forms package. Each individual is given a memorandum when
     they are issued an ID card regarding the need to complete and submit their forms
     within 14 days, and the consequences if they fail to do so; their ID card will be
     deactivated.

     OIG Response: We find that the comments are responsive to the finding and
     should address the problem when the Security Tracking System is updated and a
     new tracking system is developed and implemented. No change has been made
     to the finding or recommendation.

3.   To expedite this aspect of the clearance process, Security Services should
     develop an automated security form with an edit check that will ensure the
     form is fully completed by the requesting office. Security Services may
     want to consider reviewing existing systems within other agencies such as
     the U.S. Department of Energy’s Integrated Safeguards and Security
     System (www.issm.doe.gov/). This system was designed, in part, to
     decrease the time and money needed to process security clearances.

     The Assistant Secretary for Management recently executed an inter-agency
     agreement with the Office of Personnel Management (OPM) to implement the e-
     QIP (Electronic Questionnaires for Investigations Processing) system at the
     Department of Education. Initially, applicants, employees and contractors will be
     able to complete the SF 86 – Questionnaire for National Security Positions form
     on-line. However, in the near future OPM will be adding the SF 85P –
     Questionnaire for Public Trust Positions, and the SF 85 – Questionnaire for
     Nonsensitive Positions to the system. The e-QIP system will ensure that
     individuals complete the forms properly before they are submitted to the
     Department for processing.

     OIG Response: We find that the comments are responsive to the finding and
     should address the problem when the Electronic Questionnaires for
     Investigations Processing (e-QIP) system is fully functional in the department
     and can process the SF 86 – Questionnaire for National Security Positions, the
     SF 85P – Questionnaire for Public Trust Positions, and the SF 85 –
     Questionnaire for Non-sensitive Positions forms are on-line. No change has been
     made to the finding or recommendation.

4.   Security Services should publish and implement internal procedures for
     monitoring pending contractor employee security clearance files and
     include the capability for tracking the status of pending clearances into its
     modified or new tracking system.

     OM SS has requested the services of the in-house consultants. They need to
     review the current system and help OM SS develop a new system. This new
     system will be designed to alert OM SS when cases are clearly delinquent.



                                         10
                                                                         ED/OIG I13D0009




       To date, four Principal Office’s (PO) have submitted their implementing
       procedures to OM SS, as required by the “Contractor Employee Personnel
       Security Screenings” policy (OM: 5-101). Those POs who have complied are:
       OELA, OCR, OM, and OPE. OM SS will contact the Executive Officers of the
       remaining POs to determine the status of their implementing procedures.

       OIG Response: We find that the comments are responsive to the finding and
       should address the problem when a new tracking system is developed and
       implemented. No change has been made to the finding or recommendation.

The Office of the Chief Financial Officer (OCFO) and Contracting and Purchasing Office
(CPO) responded to recommendations 5-6.

5.   The CPO Director should ensure that OCFO: 2-108 directive is revised to
     specify the need to provide routine monitoring of contractor employees and
     provide guidance to the Contracting Officer's Representative (CORs) or other
     program officials on how best to ensure that only appropriately cleared
     contractor employees are used to fill the security-sensitive positions on a
     contract.

     OCFO/CPO Response: CPO concurs with your recommendation that specific
     guidance is needed. CPO will modify the contracting monitoring directive to
     address this issue.

     OIG Response: We find that the comments are responsive to the finding and should
     address the problem when the directive is revised and implemented. No change
     has been made to the finding or recommendation.

6.   The CPO Director should work with training providers and the Principal
     Offices to develop a training module for CORs and other program officials
     concentrating on the security responsibilities of contractor employees.

     OCFO/CPO Response: CPO will examine current course offerings for COR
     certification to determine where the inclusion of security responsibilities of
     contractor employees is most appropriate. CPO will also work with the Office of
     Management to explore methods on providing information to contractors of their
     responsibilities when accessing departmental systems, facilities, and secured
     information.

     OIG Response: We find that the comments are responsive to the finding and should
     address the problem when the training for CORs and other program officials is
     modified to include the security responsibilities of contractor employees. No change
     has been made to the finding or recommendation.




                                           11
                                                                          ED/OIG I13D0009


    Other comments from the Office of Management

    The OIG’s suggestion in the Executive Summary that POs might want to consider
    submitting only those contractors who will have system access for clearance
    contradicts a June 30, 2003 “OIG Investigative Program Advisory Report (IPAR)
    Contracted Mailroom Services of Vistronix, Inc.”, wherein OIG recommended that
    “all mailroom positions be designated at least Moderate Rick (MR) positions”. Most
    mailroom positions do not require system access. Furthermore, OM: 5-101
    requirements are not limited to contractor employees who will have system access.
    OIG Response: This point is well taken. The June 30, 2003 “OIG Investigative
    Program Advisory Report (IPAR) Contracted Mailroom Services of Vistronix, Inc.”
    includes important recommendations that we did not intend to contradict. We have
    therefore deleted from the executive summary the cost saving suggestion to submit
    for clearance only those contractors who have access to the department’s systems.

Administrative Matters

This inspection was performed in accordance with the President’s Council on Integrity
and Efficiency (PCIE) Quality Standards for Inspections (1993).

We appreciate the cooperation given to us during the inspection. If you have any
questions or wish to discuss the contents of this report, please call Deb Schweikert,
Director, Evaluation and Inspection Division at 202-205-5569. Please refer to the
control number in all correspondence relating to this report.




                                           12
                                                                                           ED/OIG I13D0009


                                         Appendix
                         The Cost of Contractor Security Clearances

    (1) To determine the approximate time associated with processing the clearance forms,
        we interviewed responsible staff. We learned that none of the Principal Office staff
        interviewed directly track the amount of time they expend, but were able to provide
        estimates. All of those interviewed explained it took them approximately 15
        minutes, review each form for accuracy and approximately 5 minutes to forward
        each form to the next level. FSA uses an internal database to capture information
        on FSA's contractor employees. This extra step adds an additional 15 minutes to
        the FSA processing time. The approximate times to process an individual contractor
        employee are as follows:

           •   115 minutes to process properly completed clearance forms.

           •   160 minutes at a minimum to process forms that are not properly completed.
               (This time frame can vary greatly dependent upon the inaccuracies in the
               forms.)

           •   130 minutes for FSA to process clearance forms that are properly
               completed. (FSA has an additional step that the other Primary Offices we
               reviewed did not.)

           •   175 minutes for FSA to process clearance forms that are not properly
               completed.

(2) To determine the cost, we identified the pay grade levels of responsible staff and
    averaged their hourly salary. Based on the 2003 OPM pay table and applying a
    27.1 percent increase to cover benefits, the average hourly salary is $39.19 or
    $.6532 per minute.7 We used the approximate times identified in paragraph (1) and
    developed the following estimated costs to process forms for an individual
    contractor employee:

           •   $75.12 to cover salaries and benefits of the staff members processing
               properly completed forms.

           •   $104.51 to cover salaries and benefits of the staff members processing
               improperly completed forms.

           •   $84.92 to cover salaries and benefits of the FSA staff members processing
               properly completed forms.



7
 The pay grades range from GS-11 to GS-14. We used the hourly rates for the Washington, DC metropolitan area
as specified in the 2003 pay tables provided by OPM. We used the 27.1 percent rate used by OIG in FY 2003 to
cover benefits.


                                                     13
                                                                                                  ED/OIG I13D0009


          •   $114.31 to cover salaries and benefits of the FSA staff members processing
              improperly completed forms.

(3) To determine the time and cost associated with the adjudication process, we
    interviewed the OM Security Services Security Officer who explained that it is
    difficult to estimate the time involved. In reviewing the OPM investigation results,
    OM Security Services adjudicating staff may have to conduct its own investigation
    of issues that OPM identified. Staff may have to request additional information from
    the individual, from OPM, or another source. This additional investigation adds time
    and expense to the adjudication process. However, if the OPM investigation results
    do not have additional issues, the adjudication process can take as few as 45
    minutes. For the purpose of providing an indication of the minimum cost associated
    with the adjudication process, we will use 45 minutes and apply the minute rate of
    $.6532. Therefore, the adjudication process for each contractor employee without
    issues costs approximately $29.39. When we provided this information to OM
    Security Services, the Special Assistant to the Assistant Secretary of OM made the
    observation that it costs more for handling and processing the forms than it takes
    for the actual adjudication process.

(4) The OPM charges from $75 to about $3,000 for the different types of background
    investigations.8 As of June 25, 2003, the Department had 9,214 contractor
    employees9 with either current or pending security clearances. Of this total, 871
    had current background checks with OPM and did not require additional ones, so
    the costs we developed relate to the remaining 8,343. Therefore, $29.39 for the
    adjudication plus $75.12 equals $104.51 estimated minimum processing costs.
    Multiplying this amount times the total number of current and pending contractor
    employees requiring security clearances brings this portion of the clearance
    processing to about $871,927. Adding this amount to the estimated cost of OPM
    investigations ($1,905,614) brings The Department’s expense for processing 8,343
    contractor employee security clearances to approximately $2,777,541.




8
  The costs for the different types of background checks are National Agency Check, National Agency Check with
Inquiries, and Single Agency Check= $75; National Agency Check with Inquiries and Credit = $100; National
Agency Check with Law and Credit = $148; Access National Agency Check and Inquiries = $163.50; Periodic
Reinvestigation = $415; Periodic Reinvestigation and Residence Coverage = $1,050; Periodic Reinvestigation for
Single Scope Background Investigation = $1,640; Minimum Background Check = $405; Limited Background
Investigation = $2,136.67; Background Investigation = $2,627.67; Single Scope Background Investigation = $2,910;
and Upgrade Limited Background Investigation from a Minimum Background Investigation completed = $1,732.
9
  OM/SS provided the lists of active and pending contractors on June 25, 2003. This list included contractor
employees who were hired as early as 1992 through June 25, 2003. We did not independently verify the accuracy or
completeness of this list but did use it to develop an estimate of costs associated with processing contractor security
clearances.


                                                          14