How did Cover Oregon blow through more than $120 million and end up with a completely non-functional website? One year ago, when Oregon officials raised questions about the project and the contracts going to Oracle, Oregon Health Authority CIO told other state officials in a Cover Oregon meeting that the Secretary of State’s office had conducted an audit of the contracts, and found no problem. A year later, no one can find any evidence of that audit, which adds yet another dimension to the allegations of fraud involving Carolyn Lawson and Cover Oregon. KATU continues its in-depth investigation of the scandal:

The report goes on to say the issue was resolved, citing an audit by the Secretary of State’s office that “found everything in order.”

But the KATU On Your Side Investigators have learned that that audit – the only piece of evidence used to dismiss major accountability problems surrounding a contract that eventually grew to $119 million – doesn’t exist.

That audit was particularly important because the state’s contract with Oracle lacked the safeguards government’s usually put in place to ensure transparency. ….

The KATU Investigators contacted the Secretary of State’s office to ask for a copy of the audit.

Three different people responded, none of whom had a record of it, and finally it was suggested the Department of Administrative Service might know more.

DAS didn’t know of such an audit either, and referred KATU to the Legislative Fiscal Office.

The LFO didn’t know anything about it, referring KATU back to the Secretary of State’s office.

“I checked with our managers and there is no audit that would substantiate the statement that ‘a SOS audit found everything in order,’” Secretary of State auditor Gary Blackmer wrote to KATU News. “We have not conducted any audits of procurement or accounting practices related to the DHS/OHA Oracle contract.”

The video gives a pretty good overview, but you’ll want to read the full article as well. The QA group Maximus did its own audit, which found exactly the opposite of what Lawson told the rest of the team in that meeting. The problem was that the contracts essentially amounted to “blank checks” because the Cover Oregon team had little documentation about what Oracle was being contracted to produce, and what was provided (Statements of Work, or SOWs) were entirely inadequate. In addition, Maximus found that Oracle used the funds to perform work “outside the scope of the HIX-IT project” — or in other words, it used Cover Oregon money to do other work.

It’s not as if this problem was unnoticed. In that February 2013 meeting, the other Cover Oregon players clearly had concerns about this issue. Lawson put them off by making her claim about the SoS audit, but not everyone was buying it. It also raises the question — again — of what Governor John Kitzhaber knew about the failures of this project and when he knew it. Lawson ended up in tears during the meeting, according to KATU, and at least one of the attendees presumably had a reporting relationship to Kitzhaber (interim state CIO Julie Pearson). It’s difficult to believe that concerns of that depth and at that level eight months before the rollout deadline wouldn’t have reached Kitzhaber’s desk at that time, let alone down the line when the project was clearly derailing.

Don’t be surprised to see fraud investigations at a couple of levels resulting from this scandal.