Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Month: May 2021

Don’t be caught non-compliant

With each new year comes a new set of sub and prime contract goals each non-small business contractor and government agency must adhere to. Agencies achieve their goals by awarding prime contracts to small businesses. Non-small business contractors who compete for contracts worth $750,000 or more ($1.5 million for construction contracts) are required to submit a small business subcontracting plan. The plan must include how a contractor will attract small businesses and ensure that those businesses actually have an opportunity to subcontract (FAR 19.702). The plan must show separate dollar and percentage goals for small businesses, those services/supplies to be subcontracted, and an explanation of how small business contracts will be secured. (JDSupra April 23, 2020)

To keep contracts in check, the federal government may intermittently audit contractors. The audits verify small business subcontracting plan s are being fulfilled. The Small Business Administration (SBA) is the lead for the evaluations, the SBA may delegate this authority to other federal agencies. Department of Defense contracts are generally evaluated by the Defense Contract Management Agency (DCMA). (ibid)

Compliance reviews are random and any contractor with a subcontracting plan can be selected for review. The government considers the following factors during compliance reviews:

  • Number and size of the contractor’s government contracts
  • Date of last compliance review
  • Most recent compliance review results
  • Importance/sensitivity of the project
  • Reporting compliance in the electronic subcontracting reporting system (ibid)

The following may be reviewed during an audit:

  • Contract files/correspondence related to the contract
  • IT systems
  • Documentation on subcontracting methods and procedures (ibid)

Once the audit is complete, a contractor can expect to receive a report on non-compliant items found and a rating based on the review. A rating can range from unsatisfactory to outstanding. No further action is necessary if a contractor receives an outstanding rating. When the rating is below satisfactory, the contractor must create a corrective action plan (CAP) within 30 days, explaining the steps they will take to become compliant. (ibid)

It is a good idea for contractors to have the required documents on hand, should they receive notice of an upcoming audit. They may include the following:

  • Small business certification paperwork
  • Subcontracting program policies
  • Any prior compliance reviews
  • Organizational charts
  • Policy letters from the company CEO verifying subcontracting program
  • Historical subcontracting reports
  • Listing of any small business conferences or trade shows attended
  • Documentation of success stories – showing contracts awarded
  • A letter identifying small business liaison officer (ibid)

Companies that are well prepared for audits and have a subcontracting plan in place will undoubtedly move through a review smoothly and quickly.

Do you have all of your ducks in a row for a possible upcoming audit? Give us a call.

 

Three DoD DFARS will soon become permanent rules

According to a recent statement by Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, three Defense Federal Acquisition Regulation Supplements (DFARS) for the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) will soon be permanent rules. (MeriTalk April 15, 2021)

The CMMC program enforces cybersecurity standards in the Defense Industrial Base (DIB) supply chain. The certification requirements will be part of all DoD contract requirements by 2026. (ibid)

The soon-to-be-permanent rules are:

  • DFARS Provision 252.204.7019 requires contractors to complete self-assessments and upload them into the DoD’s Supplier Risk Performance System (SPRS)
  • DFARS Clause 252.204.7020 takes place upon contract completion, allows DoD access to systems, facility, and personnel if DoD assesses the necessity due to risk
  • DFARS Clause 252.204.7012 requires all contractors to maintain adequate security of defense information that is “processed, stored or transmitted” on their network (ibid)

According to Arrington, 300,000 contractors need to get CMMC certified within the next five years. She said, “we have thought carefully about this, and making cybersecurity foundational to acquisition wasn’t something that we just thought “Let’s do it one time.” It has to be an enduring capability.” (ibid)

Questions concerning CMMC certification? Give us a call.

 

CPARS is getting a refresh

For over a decade, the Office of Federal Procurement Policy (OFPP) has encouraged government agencies to increase their research and evaluation of contractor performance on contracts, with little effect. (Federal News Network April 12, 2021)

The general consensus is that the current Contractor Performance Assessment Reporting Systems (CPARS) is broken. Contractors and Contracting Officers feel it inaccurately rates performances while also being burdensome. For the past two years, Mike Smith, a former DHS director of strategic sourcing and now an executive vice president at GovConRx, has led an effort to rebuild CPARS. His goal, “make sure it results in good information and the information is more strategic and tactically used.” (ibid)

What are some of the problems with CPARS? Many contracting officers rate contractor performances as satisfactory because it takes too much of their time to verify exceptional or outstanding performance and too much time trying to explain why a rating might be below average or poor. (ibid)

DHS is looking to solve this problem through a pilot application of artificial intelligence (AI). DHS recently awarded contracts to five companies to demonstrate their ability to build production-ready software. User groups will view demos using software-as-a-service (SaaS). The user groups are, The departments of Commerce, Energy, Interior, Veterans Affairs, and Health and Human Services as well as GSA, NASA, the Air Force, and the U.S. Agency for International Development. The agencies gave the 5 companies in the pilot, 50,000 anonymous procurement records, to assist in training the AI. The goal is to decide which technologies will move to phase 3 in June with an actual launch in January 2022. (ibid)

GSA has some barriers to overcome too. Contracting officers must see the value in vendors providing self-assessments on certain projects. GSA senior procurement executive Jeff Koses sent a memo in February recommending the use of vendor self-assessments s one step in the overall CPARS process. The memo is a permission slip, of sorts, for contracting officers to begin asking for self-assessments as one part of the CPARS process. This should alleviate some of the burden on contracting officers.(ibid)

Mike Smith, a former DHS director of strategic sourcing and current executive vice president at GovConRX said, “you wouldn’t believe how many contracting officers refuse to take input from industry because they think they aren’t allowed to. As a contracting officer, I’d rather have a back and forth at least by midyear, if not before, so we can adjust course and have a common understanding at the end of the performance period and there are no surprises about ratings and the basis of that rating.” Most agree that good contractors will jump at the opportunity to do a self-assessment because they will finally be able to have input into the process. (ibid)

CPARS should also help small businesses. When contracting officers see the small business has done larger jobs and done them well, through a relevancy search and high CPARS, they are a lot more likely to award them a contract. This in turn helps the contracting officer make better-informed decisions through the use of data. (ibid)

Questions concerning self-assessments and the intricacies involved? Give us a call.