Fast Track: DPAS

networking

DeCastro, president and CEO of Wildflower International in Santa Fe, N.M., submitted the bid for the order but lost based solely on her company's inability to meet the delivery requirements. The deal went to a competitor—ST Net Apptis, a joint venture between ST Net Inc. and Apptis—that bid a higher price but claimed it could fulfill the order on time.

ST Net Apptis' unique ability to fill the order was because it had a DPAS, a special designation that gives equipment purchases critical to national security priority over other manufacturing and distribution orders. The only problem is the DPAS was unauthorized.

"We don't mind losing, of course; it happens all the time. We would just like to lose fairly," deCastro says.

Those involved in this order say the incident raises concerns over the administration of the DPAS program and reveals how easily federal contracting can be manipulated.

id
unit-1659132512259
type
Sponsored post

Uncovering the Fake Pass
Wildflower wasn't the only company to bid on the DHS order. Eleven contractors were eligible under FirstSource, a five-year, $3 billion government purchasing vehicle designed specifically for small IT businesses. U.S. Customs and Immigration released the request for quotes on March 15, seeking to purchase a laundry list of advanced IT hardware, including 10 customized parts for the Cisco Security Monitoring, Analysis and Response System (CS-MARS). The order specified tight delivery times, with some parts due overnight, and others—including the customized Cisco parts—in less than a week.

Distribution giant Ingram Micro, the only disty that stocked the CS-MARS part, had only two in its inventory. The rest would have to be custom-built, which could take weeks.

"I consulted with Cisco; the normal delivery time frame for this [stock keeping unit, or SKU], would be 10 to 14 days, since Cisco would have to build the units," says Bob Laclede, vice president and general manager of Ingram's government and education business. "We agreed that, unless the order was rated DPAS, we would advise our resellers not to list the March 21 delivery date."

DPAS, or the Defense Priorities and Allocations System, automatically elevated the order to the top of Cisco's manufacturing priorities. While the presence of a DPAS rating doesn't guarantee fulfillment by a particular date, it does expedite the process.

Wildflower's deCastro and other bidders requested a DPAS, but they were turned down by DHS because the order didn't meet the national security criteria.

"The only two components within DHS [that] may assign a DPAS rating are the United States Coast Guard, in support of national defense-related programs, and Federal Emergency Management Agency, in support of emergency preparedness activities," explains DHS spokesperson Larry Orluskie. "The delivery date provided within [this] RFQ was due to a short turnaround time required for this particular order. FirstSource contractors were notified during the Post-Award Conference that some of the procurement actions would have short lead times."

DHS awarded the order to ST Net Apptis, a joint venture between ST Net, a certified small business, and Apptis, a $700 million government solution provider and integrator. While the bid was higher than competitors', the firm claimed it could meet the delivery requirements. ST Net Apptis says those claims came after assurances from its distributor, Comstor, and Cisco.

"We had informed the customer initially that we could not meet the delivery time line, and then the account representative at Cisco said he was working with his headquarters and could meet the deadline," says Mitzi Rivoire, Apptis' vice president of partner alliances. "We then [communicated that] back [to the customer], got the order and placed it through the channels as a standard order."

ST Net Apptis' winning bid set off a chain reaction among the competitors, who almost immediately sought answers from Ingram as to how Comstor could deliver the CS-MARS parts by a deadline that Ingram said was impossible to meet.

Laclede checked Cisco's manufacturing system. That's when he discovered that the order, placed by Apptis via Comstor, had a DPAS rating. "That was the huge surprise," Laclede says. "DHS had not used the DPAS rating, so I knew the data was erroneous."

Inappropriately applying a DPAS rating to equipment orders is significant. In this case, it may have influenced the delivery date and, effectively, the award of a contract and violated the Defense Procurement Act, which carries heavy penalties, including fines up to $50,000 and three years in prison.

Next: A Simple Clerical Error A Simple Clerical Error
How the DPAS rating got on the Apptis order remains a mystery. None of the parties involved have an explanation and chalk it up to a clerical error. "I can't say how it got on Cisco's order, but I can [say] that the order [we placed] did not have a DPAS rating," Apptis' Rivoire says. "We can't even see the order; only Cisco and Comstor can. Not being able to control what a manufacturer or distributor does, I don't want something [like this to] give us a black eye."

SEQUENCE OF EVENTS
Thursday, March 15
Request for quotes sent under FirstSource from Department of Homeland Security to qualified contractors. The order doesn't qualify for a DPAS rating. Seven contractors ssubmitted bids.
Friday, March 16
DHS awards the order to ST Net Apptis. Delivery for equipment set for March 21.
Saturday, March 17
Order first appears in Cisco's manufacturing system, placed by Apptis, via distributor Comstor to Cisco Systems, with a DPAS rating.
Monday, March 19
Ingram Micro's Bob Laclede informs Cisco's Dawn Duross of the erroneous code on the order, which remains in the Cisco order system with a DPAS rating until March 22.
Friday, March 23
Apptis order canceled in Cisco's manufacturing system. Apptis and Comstor resubmit the equipment order without a DPAS rating. Delivery date is reset to sometime in mid-April.

Here's how authorized DPAS orders are supposed to work: The contracting agency assigns a DPAS rating to an order and provides supporting documentation. The solution provider then places the order with a disty, which is supposed to require receipt of the DPAS authorization. The distributor then places the order with the vendor, which typically only sees DPAS checked off in its automated procurement system.

Comstor confirms that Apptis didn't place the order with a DPAS rating but can't explain how the order was forwarded to Cisco with the expedited code. Comstor says that it has to follow strict guidelines when dealing with orders from all government customers, and that those processes were followed in this case.

"The order that came from Apptis did not have a DPAS rating," says Anthony Daley, executive vice president of the Americas for Westcon Group, the parent company of Comstor. When asked how the DPAS rating found its way on the order, he said only that "ultimately, the transaction was not completed with a DPAS order."

Once Laclede discovered the erroneous DPAS rating, he informed Cisco. The networking vendor investigated, and eventually the order was canceled. Comstor and Apptis later resubmitted the order through normal channels.

"It appears the DPAS rating was a mistake," says Dawn Duross, Cisco's director of federal channels. "The designation was placed initially on the order, but discovered and canceled by the partner in less than two business days. The partner then placed a new order and the product was shipped. No equipment was shipped with a DPAS rating."

Next: Error Corrected, Nothing Changed Error Corrected, Nothing Changed
Claims that the DPAS rating was an error has done little to dispel suspicions that the order was an effort to bump up the delivery date to meet the contract requirement. Similarly, the fact that the order was canceled and re-entered, and the equipment shipped without a DPAS rating, doesn't change the belief by some that the DHS award decision was based on deceptive bidding.

DHS' Orluskie encourages contractors with information about any incidents of manipulated contract awards to file a protest with the contract officer or, in this case, provide a report to the Department of Commerce's Bureau of Industry and Security, which oversees the DPAS program.

Regardless of what happened when the order was placed with Cisco, one fact is certain: The DHS did not receive its equipment by the date specified or promised; the last delivery didn't arrive until April. Given that the winning bid wasn't the lowest submitted, the government overpaid for no apparent reason.

"They were pleased with what they did get on time," Rivoire says, adding that the first shipment was still in the warehouse untouched when the other gear finally did arrive the following month. "It's my understanding that wasn't really an issue."

Most of the parties involved say they have never seen something like this happen before—including the DPAS office, which couldn't provide any statistics relating to the number of Defense Production Act violations. "I've been at Cisco 10 years, and this is the first time I've heard of something like this happening," Duross says. "It's a bizarre situation."

While distributors typically require proof of documentation from solution providers claiming a DPAS rating on an order, manufacturers often don't verify the information upon receipt of an order. Rather, the disty denotes a DPAS rating, and the system automatically elevates that order to the top of the queue. As Laclede says, it's part of the trust established between vendor and distributor.

But obvious cracks exist in that process. "You would think there would be a system of checks and balances in place to make sure [something like this doesn't occur]," DHS' Orluskie says.

Beyond innocent ordering mistakes, issues can arise when the trust between vendor and distributor is abused. With little transparency in the process, a distributor could theoretically manipulate an order to win the business—either on its own or through collaboration with the knowledge of the solution provider, the manufacturer or both. That risk may be magnified by the fact that different individuals handle orders on behalf of their clients, often with financial incentives to drive business to their own accounts.

"If there's an opportunity to put a DPAS rating on an order, and if someone is not really well-versed in what that actually means, the thought could be, 'Oh, I can get it faster,'" says Ray Bjorklund, senior vice president and chief knowledge officer at FedSources, a market intelligence firm in McLean, Va. "I could see that happening."

Unfortunately, such violations would be very difficult to track, and no one is saying this is what happened with the ST Net Apptis order. Laclede is confident that had he not looked for it, the DPAS rating on this order would likely have gone unnoticed.

"We need DPAS to work when there's something government really needs; otherwise, the process gets cluttered," Laclede says. Ingram fulfills dozens of DPAS orders a month.

For solution providers that bid federal contracts, failures in the system translate not only to inefficiencies in government but also to wasted effort and lost revenue.

At Wildflower, for example, two of the company's 25 employees devoted two days to developing and following up on the DHS proposal, only to see a competitor win the order under questionable circumstances.

"I'm sure it's not the first time [this has happened]; it just never came to light before," deCastro says. "I would bet there's more to be exposed. [But] only when people walk in and start flipping badges around is the truth going to come out."