By Kristen Soles of CohnReznick
Published January 9, 2023
Since March of 2020, the world has changed drastically, including how companies operate, how they manage employees, and how they approach strategy and business plans for Government customers. We offer a five-point inspection for Government Contractors to consider to remain successful in the changing landscape of the 2023 fiscal year. These five points cover the lifecycle of a government award and will give contractors critical things to keep in mind as they continually redefine their approach to how they serve their customer.
What programs do I want to pursue? (Steering Wheel)
Organizations pursuing government contracts should first consider their bid and proposal strategies. There are many instances where companies will attempt to bid on several opportunities at one time in hopes of winning that “one big award” which changes the future of their business. With that, as a company grows, so does the business plan. The company’s strategic plan should mirror its business plan, and both should be routinely monitored and updated to reflect the most up-to-date business strategy plans. Government contractors should consider asking themselves:
· How achievable is our capture strategy?
· What is the competitive landscape?
· Are we pursuing contracts that will help further our business objectives?
· Have we assessed risk and appropriately priced it into our proposals?
· What is our value proposition and what differentiates us from our competition?
· What contract types are we equipped to perform on?
To provide context to these questions, government contractors can obtain the following information:
· Spending history in various agencies
· Government program data
· Customer buying history
· Independent Government Cost estimate data
By obtaining these data, a Government Contractor can start to solidify the overall pricing strategy for now and into the future.
Other considerations in the contracting lifecycle are commercial item determinations (CID) and preparing for graduation out of Small Business Designations (SBD). Government Contractors should think through strategic ways to leverage commercial item determinations. By using the CID method, it allows the Government Contractor to lessen the administrative burdens related to the monitoring and managing of pricing and cost. Another consideration would be for Government Contractors who are on the cusp of growing out of SBD. SBD graduates should begin planning for what the removal of that designation means for them. What are the implications in the ability to win new awards? How do I plan for the future? These types of questions are generally considered and discussed during the business planning phase to inform future growth and opportunity identification.
What types of requirements will apply? (Owner’s Manual)
Compliance with cost regulation is arguably one of the most important areas for consideration for all Government Contractors. Government Contractors should be prepared in several key areas including, Cost Accounting Practices, Provisional Bill / Forward Pricing Rates, Incurred Cost Submission (ICS) Readiness, and other considerations.
Cost Accounting Practices. At fiscal/calendar year-end, this is a great opportunity to assess the actual indirect rate structure, and accounting policy and procedures to help ensure alignment with applicable criteria such as Federal Acquisition Regulations (FAR), Defense Federal Acquisition Regulation Supplement (DFARS), Cost Accounting Standards (CAS), Uniform Guidance (2 CFR 200), and other required criteria. The questions that should be asked in this instance would be:
· Is the company cost structure scalable for future growth?
· Is the company recovering all costs that are allowable or leaving allowable cost on the table?
· Are my actual processes in line with my written policies and procedures?
· Are there any weaknesses or deficiencies in the contractor’s internal control matrix?
Provisional Bill / Forward Pricing Rates. Establish Provisional Billing Rates to approximate the contractor’s final year-end rates, as adjusted for any unallowable costs. These rates are used for interim purposes until settlement is reached on the final indirect rates for the Contractor’s fiscal year. December is a great time to finalize the overall company budget and move these figures into a provisional rate proposal and submit to the government. Another area to consider as part of your budgeting and estimating procedures is to update the forward pricing rates which are long-term projected cost rates used to price multi-year contracts. The company will want to evaluate both the near- and long-term business strategy to understand what is needed to remain competitive and understand that growth comes with additional challenges. Also, this will allow the assessment of headcount and what is needed to meet the scope of work in the future to reach certain revenue targets.
Incurred Cost Submission. Government Contractors should begin to prepare elements of their incurred cost submissions, prior to year-end when the clause at FAR 52.216-7 Allowable Cost and Payment is present for Cost-Reimbursement Contracts. This allows for significant lead time for necessary reviews and internal adequacy determinations to take place, prior to the annual deadline. A final verification will need to be done once the accounting books and records have been closed and finalized with no additional adjustments needed.
Other considerations. Subsequently, Government Contractors should begin to evaluate or further develop areas that may now become applicable to the Contractor due to the SBD graduation or revised strategy business plans to go after certain contracts with cost compliance provisions. Contractors will need to start considering areas, such as:
· CAS triggers (i.e., no longer exempt from CAS due to SBD graduation)
· Requirements for Disclosure Statements of Cost Accounting Practices (as applicable)
· Other regulatory reporting requirements, such as SCA, 2 CFR 200
· Subcontract Monitoring: Government Contractors, who have requirements to do so in their contracts, should have adequate subcontractor monitoring policies and procedures to reduce the subcontract monitoring risk
What types of business systems and processes will I need? (Engine)
The government views contractor business systems as vital in the delivery of accurate data for monitoring and enforcement. Government Contractors are subject to business system requirements when the applicable CFR 252.242-7005 clauses are present in contracts and are otherwise not subject to any Cost Accounting Standards (CAS) exemptions.
There are six different business systems that Government Contractors may need to understand as they become applicable to them. Below is a description of the six different types of business systems:
· Accounting
· Earned Value Management (EVM)
· Estimating
· Material Management Accounting
· Property
· Purchasing
Business systems, and the compliance therein, extend beyond just a physical software “system”. The “system” includes several areas:
· Policies and Procedures: Well-documented policies and procedures are imperative to the success of a compliant business system. Government Contractors should ask themselves: “Do the current policies and procedures cover the requisite level of details that is expected from Government Auditors?”
· Training: Generally, training should be performed on an annual basis and should be based, and/or targeted, on the individual’s roles and responsibilities (R&Rs) within the organization.
· Files and Documentation: The files, and the process to review the files, is part of the artifact capture within the business system. The files should demonstrate
i. Compliance with current policies and procedures; and
ii. The knowledge and capability of personnel who are performing tasks applicable to their role and responsibilities
· Internal Reviews: Finally, Contractors are expected to perform self-assessments to ensure compliance with their own policies and procedures, and that files and/or documentation support are accurate, complete, and following policy.
So, keeping up with these standards, regardless of the actual requirement, strongly benefit the Contractor. Contractors should be ready for the assessments and start planning now. In order to prepare for 2023, Contactors can begin now by:
· Reviewing policies and procedures, and ensuring they are updated, accurate, and complete with current practices
· Implementing effective training based on individuals’ R&R’s within the organization
· Performing mock audits (i.e., accounting, purchasing, estimating, floor check, etc.), documenting the outcome, preparing recommendations for improvement against the related business system criteria, and implementing those improvements immediately
How should I secure my data? (Safety Systems)
One of the increasingly hot topics in Government Contracting moving into 2023 is cyber assessments and regulations. The most notable regulation being the Cybersecurity Maturity Model Certification (CMMC). In 2019, the Department of Defense announced the creation of the CMMC. The establishment of CMMC was intended to transition from a model where organizations self-attested on their compliance with NIST SP-800-171 set of cybersecurity controls to a model involving more active audit and oversight. However, there are other regulations applicable to Federal awards that require cyber oversight and preparation such as NIST’s Federal Information Processing Standards. Government Contractors should be on high alert with the ever-changing criteria and what applies to their organizations. We recommend as the first step in this assessment process to review applicable frameworks to understand the mechanics to comply with the level of maturity desired.
Secondly, Government Contactors should then begin to prepare for the oversight obligations (i.e. CMMC), by taking the following actions:
· Confirm that IT policies, standards, and procedures are up-to-date and meet the CMMC requirements
· Confirm that their System Security Plan (SSP) is up-to-date and documents all 110 controls
· Confirm that all assets are known and categorized correctly either as:
o Controlled Unclassified Information (CUI) Assets
o Security Protection Assets
o Contractor Risk Managed Assets
o Specialized Assets
o Conduct a self-assessment and calculate their risk score using the Supplier Performance Risk System (SPRS) scoring mechanism
· Remediate any issues by implementing compliant with regulation practices
· Deploy technical solutions where needed
By reviewing applicable frameworks, and completing these verifications before mandatory clauses are incorporated, the company will be set up for not only compliance, but also success in safeguarding the data and information within the organization.
Will I be audited? (Safety Inspections/Crash Test)
Contractors should conduct a thorough review of contracts to identify applicable audit requirements and clauses. This will allow Contractors to understand the oversight which will be applied to their contracts and allow them to best prepare for the types of audits and reviews they are likely to experience. Should they be audited, following the inspection points noted above will help Government Contractors be better prepared and help result in limited to no issues noted by the auditors.
For example, in business systems, Government Contractors should be prepared that the system criteria outlined in the DFARS are often used as a standard for government audits of contractor business systems even if the DFARS does not expressly apply. Given the DOD’s work to establish guidelines for systems accuracy and integrity, many agencies consider the DFARS criteria a reasonable standard; therefore, Government Contractors should consider these standards to help ensure acceptance and regularly verify compliance even if they are not contracting with the DOD.
Conclusion
While the Government Contracting landscape has changed due to the pandemic and recent economic changes, it has also remained a stable and lucrative industry with large and stable business opportunities for those contractors willing to maintain the systems required for performance. Now that we are coming out on the other side of the global pandemic, this is the perfect opportunity for Government Contractors to perform their “Five Point Inspection” and prepare their business for:
· Growth and strategy changes
· Updating their policies and procedures to match their growth and strategy changes
· Prepare themselves for new and exciting contract vehicles, regulations, and changes in the Government Contracting arena
It is never too early to get started, and it's always a good idea to stay ahead of the curve to prepare your business for great success!
Kristen Soles, CPA, Partner - Managing Partner, Advisory - Global Consulting Solutions and Government Contracting Industry Leader
As the leader of both the CohnReznick Global Consulting Solutions practice and Government Contracting Industry, Kristen Soles provides industry-specific risk management, operational, and strategic consulting services to CohnReznick clients. In this role, she leads a large, integrated team of advisory and government contracting professionals in delivering services that include cybersecurity and data privacy, CFO advisory, enterprise technology solutions, compliance, and government audits. Soles can be reached at Kristen.Soles@CohnReznick.com or 703.744.6700.