NIH Should Improve Its Management of Contracts for the Acquisition of Information Technology

Date Issued

Monday, June 5, 2023

Submitting OIG

Department of Health & Human Services OIG

Other Participating OIGs

Department of Health & Human Services OIG

Agencies Reviewed/Investigated

Department of Health & Human Services

Components

National Institutes of Health

Report Number

A-18-21-11500

Report Type

Audit

Location

DC,
United States

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 3 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
23-A-18-084.01	No	$0	$0
We recommend that the National Institutes of Health provide additional training and implement oversight controls to ensure that acquisition workforce and program staff adhere to the roles and responsibilities defined in the HHS Policy for Information Technology Procurements - Security And Privacy Language, including that staff must incorporate all applicable information security and privacy requirements, contract language, and clauses into acquisition documents; and complete the Information Security Program Requirements Checklist and Certification properly for all acquisitions involving the procurement of information and IT products and services.
23-A-18-084.02	No	$0	$0
We recommend that the National Institutes of Health provide additional training and implement oversight controls to ensure that contractor performance assessments are completed and uploaded to the Contractor Performance Assessment Reporting System timely.
23-A-18-084.03	No	$0	$0
We recommend that the National Institutes of Health provide additional training and implement oversight controls to ensure that NIH Competition Advocates prepare and submit timely Annual Competition Advocate Reports to HHS in accordance with the requirements of FAR 6.502(b)(2) and the HHS Competition Advocacy Directive.