By Jeffery A. White, C.P.M.
President and CEO, J.A. White & Associates, Inc.
Vice Chair of ISM FASMG
jawhite@jawhite.com
803.407.1399 x101

Introduction

Every aspect of business carries some degree of risk—one of your key
responsibilities as a subcontract management professional is managing these risks to avoid situations that might jeopardize a firm’s operations. Risks can be anticipated and controlled

in areas such as financial, legal, quality, and performance. It is difficult to pick up a newspaper today and not read about the financial and ethical scandals that have plagued many major corporations. Clearly, the focus of those headlines is on the conduct and behaviors of Chief Executive Officers, Chief Financial Officers, and members of the Board of Directors. But what if you were to pick up tomorrow’s newspaper and discover that your Subcontract Management Department has been accused of misappropriations of funds, violation of laws, and operating under poor business practices? As shocking as it sounds, this could be happening within your organization today, right under your nose!

Opportunity

As competition among U.S. Government prime contractors becomes
increasingly fierce, each contractor must adopt strategies that can set itself apart from the pack. What better way of doing this then to obtain your top customer’s approval of your subcontract management and subcontracting processes and practices?

A multi-national, U.S. based high-technology firm employed a number of procurement professionals in its subcontract management and purchasing function. As a major U.S. Government defense contractor, the firm is obligated to operate a subcontract management and purchasing function that complies with all aspects of the Federal Acquisition Regulations (FAR) and its various supplements. The ultimate measure of its compliance with the FAR is the process of obtaining a subcontract management and purchasing function that is compliant with the requirements of the Contractor’s Purchasing System Review (CPSR). The objective of a CPSR is to evaluate the efficiency and effectiveness with which the contractor spends Government funds and complies with Government policy when subcontracting. The CPSR provides the administrative contracting officer (ACO) a basis for granting, withholding, or withdrawing approval of the contractor's subcontract management and purchasing systems. It is interesting to note that many subcontract management professionals fail to realize that, as contractors, we are entrusted with spending public funds when subcontracting.

As stated in FAR Part 44.302, if a contractor's sales to the Government (excluding competitively awarded firm-fixed-price and competitively awarded fixed-price with economic price adjustment contracts and sales of commercial items pursuant to Part 12) are expected to exceed $25 million during the next 12 months, the ACO is required to perform a review or risk assessment to determine if a CPSR is needed. In the calculations of these sales, a contractor shall include those represented by prime contracts, subcontracts under Government prime contracts, and modifications.

While conducting a CPSR, the CPSR analysts focus on identifying possible signs of a weak-subcontracting system. These signs include:

The Government defines “Risk” in terms of CPSR, as the Government’s financial, quality and delivery exposure posed by contractor’s operations. Ultimately, the determination of relative risk to the Government is made by the ACO. In order to determine the degree of risk associated with a particular contractor’s operations, the ACO will typically conduct a risk assessment.[i] The FAR states that ACO’s shall determine the need for a CPSR based on, but not limited to, the past performance of the contractor, and the volume, complexity and dollar value of subcontracts. Typically, the first step in conducting a risk assessment is to collect certain risk-related data pertaining to the contractor. Normally, it is the CPSR team captain’s responsibility to assist the ACO by actually conducting the risk assessment and providing recommendations to the ACO relative to the need for a CPSR. The following factors have a significant impact on the risk that contractors' purchasing systems pose to the Government: [ii]

· Previous CPSR recommendations and habitually repeated recommendations made to the contractor

· Government contract mix managed by the prime contractor: cost-type vs. time and material vs. firm fixed-price

· Education, training, and experience of the contractor's purchasing and subcontracting personnel

If a contractor has recently met the requirements for a CPSR, there will be no approval status history. These contactors tend to portray a riskier compliance picture. For those contractors that have approval/disapproval history, a clearer vision of risk can be seen. The ACO will ask: Does the contractor have a history of having an approved purchasing system or does its history show a record of inconsistency relative to approved and disapproved? Certainly, a contractor with a history of a repeatedly approved purchasing system poses a smaller risk to the Government than the contractor with a history of approval being withheld.

For contractors whose purchasing systems have been previously subject to review, the number of initial recommendations and repeat recommendations, when viewed as over time, gives an indication as to the trend the contractor is experiencing with its purchasing system. The Government will decide to perform a CPSR based on whether previous recommendations were major recommendations (high risk) or minor ones (low risk). Major recommendations are those that indicate a potential violation of public laws, illustrate serious system weaknesses, or display problems associated with high dollar processes. Obviously, a pattern of major recommendations is an indication of high risk. Minor recommendations that are not repeat recommendations may not pose much of a risk at all. Minor recommendations are those that indicate weaknesses of a regulatory or administrative nature.

The CPSR team’s risk assessment data will inform the ACO as to how long a contractor has been in the CPSR program and how frequently it has been subjected to CPSR’s. When analyzed in and of itself, this information is not particularly useful. However, when coupled with other data, such as the contractor’s approval status, it can be very powerful information. In addition, experience teaches us that the longer the time spans between CPSRs, the greater the risk that the contractor’s purchasing system may have deteriorated. What other reviews have been made of the contractor’s various systems? The results of a purchasing systems review conducted by Defense Contract Audit Agency (DCAA), for example, can provide additional insight to the risk assessment.

Government contract mix managed by contractor: cost-type vs. time and material vs. firm fixed-price

Typically, cost type contracts place the greatest risk financially on the Government. A CPSR can help to identify cost reduction factors cost reimbursement contracts and subcontracts.

Contractors with large percentages of costs in direct material purchases, such as manufacturers, will have high material overhead as well. In these situations, it is the goal of the CPSR team to review the contractor’s cost savings initiatives. Any savings derived from conducting CPSR’s could have a proportionately high return for the government.

Contractors marketing commercial products tend to be influenced by the competitive marketplace towards cost effectiveness and efficiency. This may not apply, however, for contractors in sole source situations and when the Government is a relatively minor part of their total sales. In these situations, CPSR’s can assists in the identification of potential cost savings within the contractor’s subcontracting processes.

In addition to auditing costs, the DCAA also audits many of the contractors systems, such as the material management and accounting systems (MMAS), the accounting system, and the estimating system. DCAA audit reports on such systems may indicate that they impact the purchasing system negatively or positively. The results of these audits assist the CPSR team in determining contractor risks from an enterprise prospective.

Input from the contracting officer and other members of the contract administration team

From a Government prospective, the primary source of information about a contractor is the ACO. The ACO is responsible for coordinating the efforts of all members of the field contract administration team and should be fully cognizant of the strengths and weaknesses of the contractor. All members of the ACO's team have important information that may affect a risk assessment. These team members can assist in addressing the following issues:

· Does the contractor have a delinquency problem? If so, is it related to the purchasing system? Delays in processing material requisitions may delay the issuance of purchase orders and subcontracts. Delays in obtaining quotations from prospective suppliers may delay the issuance of purchase orders and cause delivery delinquencies. Delays in receiving requisitions from end-users can result in inadequate procurement lead-time.

· Does the contractor have a problem with meeting quality requirements of its Government contracts? If so, is it related to the purchasing system? Perhaps the quality requirements are not properly described in the purchase order to the supplier.

· Does the contractor use an effective supplier quality and delivery rating system? If so, is it being utilized to make best value sourcing decisions?

· Does the contractor have a problem with its property control system? If so, does it relate to the purchasing system? For example, the Government contract may require the purchase of special tooling/special test equipment (ST/STE) that becomes the property of the Government. Does the contractor’s purchase order issued to its supplier make this clear, especially when the ST/STE will be in the possession of the supplier during the period of performance? .

· Does the contractor have a problem with other systems that impact the purchasing system? If so, are there any deficiencies that are due to, or cause, deficiencies in the purchasing system?

Education, training, and experience of the contractor's purchasing and subcontracting personnel

This element is self-explanatory. The more capable staffs pose a smaller risk than the inexperienced, untrained staff. Also, note whether or not the contractor's purchasing personnel have experience in Government contracting.

Some contractors perform self-assessments and internal audits of their purchasing activity. A contractor who has an effective and aggressive self-assessment and/or internal auditing program will lessen the risk to the Government because the contractor is policing its own activities. Is the contractor participating in the Contractor Risk Assessment Guide (CRAG) or some other pro-active risk assessment reviews? Often the contractor will share the results of its internal audit programs with the Government. The Contractor’s data /results must be validated.

Is the contractor a sole source provider in its industry or is it one of many? Generally, a sole source contractor poses the overall highest degree of risk to the Government. The theory is that competition will drive the contractor to be more cost conscious in order to improve its share of the market. What is the contractor's position in its industry? Is it a leader? Is it well established in its industry or a newcomer? Industry leaders and well-established contractors generally pose a lesser risk than others do, however if it is a mature industry, well-established firms may not be protected financially from quick changes in market conditions.

Reorganizations, mergers, and divestitures can have an impact on a contractor's purchasing performance. Changes resulting from these activities can be expected but are not necessarily predictable. Purchasing personnel, policies, and procedures will most likely change. New personnel may be brought into the procurement organization. Experienced people may be moved out or moved around. Sometimes morale can be affected in a positive or negative manner.

These statistics are readily apparent. However, the impact of this kind of change is not so apparent. It all depends on how the contractor responds to a radical change in sales. Radical increases in sales may overwhelm the contractor's purchasing personnel if they cannot respond to the increased purchasing and subcontracting activity in a timely manner. On the other hand, a radical decrease in sales may cause the contractor to make layoffs that could affect purchasing.

The CPSR teams do not use an established scoring system when performing the initial risk assessment. The evaluation of the collected data depends on the CPSR team captain’s judgment as well as that of the ACO’s.

The firm’s Manager of Subcontracts was contacted by its cognizant Defense Contract Management Agency (DCMA) and informed that her organization would be subjected to a two week CPSR within the next nine months. It had been almost five years since the firm had undergone such intense scrutiny of its operations. Because of this time span, several potential problems and considerations surfaced, such as:

Furthermore, the firm was in the midst of undergoing various compliance reviews from many other U.S. Government audit agencies. This put a drain on the firm’s vital resources. The Manager of Subcontract was truly concerned about the fate of her organization. Why was the manager so concerned about the upcoming CPSR?

The contractor’s senior management welcomed the opportunity to host a CPSR. They viewed the CPSR as an opportunity for their largest customer to review and benchmark their purchasing and subcontracts function against stringent Government requirements. However, they were well aware of the many negative consequences that are possible as a result of failing a CPSR. The primary, and arguably the most important consequence from an organization’s marketing or “bottom-line” prospective, is the negative customer perception of the organization. In the U.S. Government procurement world, many large firms routinely subcontract up to 90% of the work effort under a prime contract. The U.S. Government relies heavily upon these firms’ ability to manage and control subcontractors. This is based on the fact that there is typically no legal privity of contract between the U.S. Government and subcontractors, as illustrated below:

Since there is typically no legal privity of contract between the U.S. Government and subcontractors, the prime contract establishes processes by which the U.S. Government can control and manage subcontractors. Some of these processes include but in no way are limited to: Advance notification and prior consent to subcontract, small business subcontracting plans, mandatory prime contract flowdowns, the Truth in Negotiations Act (TINA), and FAR Part 44’s CPSR process. The U.S. Government’s remedy for a prime contractor’s failure to pass a CPSR is the withholding or withdrawal of that firm’s subcontracting system. This would result in a prime contractor’s inability to issue a subcontract without first seeking the written consent or approval of a U.S. Government Contracting Officer. This additional approval causes:

In addition to these problems, a failed CPSR can have devastating effects on the future of the firm.

The first step in the process is to develop a sound corrective action plan as well as a compliance matrix. A corrective action plan will include many elements such as: Initial risk assessment in order to determine the organization’s current state; An assessment of current and future resources and staffing required to implement the compliance plan as well as to accomplish the day-to-day tasks required of the subcontracting organization; An assessment of current policies, procedures, practices, and standards, and; An assessment of internal tools, forms, and job aids.

Typically, the firm would have relied upon its internal audit staff to conduct a review of the subcontracting function in order to determine its strengths and weaknesses. However, the firm realized that its internal audit staff does not use the same set of metrics as the U.S. Government CPSR analysts. In addition, internal audit staffers tend to have Accounting or Financial related education and experience, but not CPSR-compliant subcontract management experience. After careful examination of its internal resources, the firm made a strategic decision to seek the assistance of a management-consulting firm that specializes in corporate compliance and risk management for Government prime contractors.

The Manager of Subcontracts and the management-consulting firm jointly utilized the following approach to the project:

As a direct result of this joint effort, the firm was able to not only obtain a CPSR-Compliant subcontracting system, but it also experienced other benefits such as:

· Realize cost savings and reductions in cycle times in the processing of Government “Red Tape” due to unnecessary process based on out dated regulations.

Currently, the contractor’s business philosophy on subcontract management is that it is a vital aspect of the firm’s overall corporate compliance and risk management program. The contractor utilizes the CPSR audit plan as the cornerstone of subcontract risk management program.

[i] FAR 44.302

[ii] CPSR Training Guide – 1998

This article appeared in “Contract Management” Magazine, August 2004

Subcontract Management’s Role in Corporate Compliance – A Case Study in Risk Management

Introduction

Opportunity