The double-edged sword of oversight

Is increased oversight a burden, or an opportunity to stand apart from the crowd?

We've been reporting for some time now that government contractors and subcontractors are coming under increased scrutiny. Previously, small business subcontractors were somewhat immune from harm, but this immunity is rapidly being whittled away. The Washington Post has noticed this phenomenon:

"The days of 'No one is checking,' are over. For too long, there was inadequate oversight." --Daniel Gordon, an administrator at the White House Office of Federal Procurement Policy

Washington Technology is reporting the same thing this week.

This increased focus on procurement regulations might have some contractors and subcontractors quaking in their boots. Oversight tends to send business owners into a panic, because it often means increased costs in a world of razor thin profit margins. No one wants to risk being debarred or suspended, or have payments withheld, especially when federal contracting can provide a crucial stream of profitable business in many industries.

But the costs need not be prohibitive, and this negative can be turned into a strong positive for contractors and subcontractors. Increased oversight is bad news for those who don't follow government regulations, but good news to those who know and observe the rules!

There are great benefits to proving competence with federal procurement regulations. A contractor who can say they have a procurement regulations management system in place is going to be much more attractive to contracting officers than those who don't. Competence is a crucial factor among contracting officers when evaluating the competition--you can place yourself above your competitors by showing that this new focus on oversight doesn't burden or scare you because you have already taken steps to ensure compliance.

FARSmarterBids.com offers the most extensive library of federal procurement regulations in one place. Not only that, but regulations can be managed: contractors and subcontractors can store key regulations in their own virtual filing cabinets for easy, repeated access, meaning they can save valuable time and energy, preserving their profit margins. Many contractors use what they learn from the service to supplement the knowledge they receive from attorneys and consultants, thus shaving hundreds to thousands off these professionals' fees. All of this is offered for a low monthly or quarterly fee--as low as $55 per month.

Of course, just knowing the federal procurement playbook in general confers benefits of its own. This knowledge helps you compete because you have a better grasp of the regulatory costs and can use that knowledge to decide on what contracts to bid.

Subcontractors, too, can use this knowledge to better compete for work. Any smart businessperson will tell you how crucial it is to know your customer--and that includes being familiar with their regulatory landscape. Subcontractors who understand what the primes are up against--including payment withholding and evaluating supply chain risk--are attractive competitors. Often, subcontractors must comply with regulations when completing work for a prime contractor--those who work within the scope of those regulations are going to find themselves better positioned for repeat work.

Also, subcontractors can better insulate themselves from lawsuits and disputes if prime contractors face penalties levied by federal contract managers or agency heads if they know their regulations. This means potentially averting costly, even business-killing litigation in the unfortunate event a prime contractor tries shifting the blame to a subcontractor in such a situation. The knowledge contained within FARSmarterBids provides a cost-effective "keep off the grass" sign to prime contractors who might try an underhanded technique to keep the heat off themselves.

We find that, far from being a costly burden, compliance with federal procurement regulations can be turned into a net positive. At very little cost, prime contractors and subcontractors can market themselves as the most capable, competent, efficient organizations with which to do business. Instead of groaning at the thought of increased oversight, companies can relish the thought of beating out the competition by playing the government's game.

Your Supply Chain at Risk: A Secret Blacklist for Government Contractors? Part 2

While Congress dithers about tax rates, a crucial piece of legislation, the National Defense Authorization Act of 2011, is still not resolved. This legislation may allow government officials to secretly blacklist contractors, with no notice, and no public accountability.

We examined some of the potentially alarming implications of Section 815 of this Act last week, and continue our analysis here.

Section 815 of the 2011 NDAA defines a supply chain risk as:

(4) The term ‘supply chain risk’ means the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a covered system or a covered item of supply so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of the system or item.

An "adversary" is not defined by this legislation, and there is no reference to an accepted definition in the U.S. Code. An obvious example would be an al Qaida terrorist. No one wants such a person working for a government contractor or subcontractor.

But what about a mischievous person? Someone who slips in a line of code as a joke or calling card? How about a careless programmer? A quick jaunt around StackOverflow.com can yield plenty of examples of funny comments, little "features," and all manner of bugs that made it into programs because programmers were coding for three days straight on only eight hours' sleep and gallons of coffee. If a little joke affects the performance of a "covered system," will the whole company be debarred?

What about a bug? The section mentions "maliciousness," but it also says "and otherwise subvert"--meaning that maliciousness may not be a criteria for deciding whether a programmer's actions fall under the definition of subversion. All code has bugs; the open-ended language of this legislation makes it ambiguous whether those bugs could be fixed with a patch or bankrupt the contractor.

This bill basically puts a premium on prime contractors to closely monitor the actions of all their employees as well as the employees of their subcontractors. While a terrorist might not have the patience to infiltrate a major prime contractor, build up years of trust, and then quietly place malicious code into crucial systems, contractors will still face devastating outcomes if an employee goes rogue.

No prime contractor is going to have the ability to examine every line of code in every program supplied by a subcontractor for bugs, pranks, or malicious code. The cost of doing so is prohibitive. This doesn't even cover the intellectual property issues that might come into play; subcontractors may have trade secrets to protect in their code that they do not want a larger company to co-opt. Subcontractors may find that the increased scrutiny or intellectual property risks are not worth it, and are, in effect, self-selected out of government contracting. And, of course, the cost of whatever "qualification requirements" could be prohibitive to smaller businesses, leading to either more self-selection out of contracting or the de facto debarment that the American Small Business League warns about.

It is important to remember that we already have measures in place to effectively debar contractors who deal with foreign terrorists or whose practices might weaken the supply chain. In addition to the measures identified in the Federal Acquisition Regulations and supplements, the Excluded Parties List provides a means of achieving the goal of excluding potentially terrorist-linked firms without the secrecy and potential abuse at the hands of a consolidated few heads of agencies.

Even if Section 815 of this Act does not survive the legislative process to become law, a seed has been planted. The notion of withholding payments from contractors with "inadequate" business systems started in a proposed DFARS, and subsequently appeared in a modified form in Section 841 of the 2011 NDAA. Another version of Section 815 may crop up in the Federal Acquisition Regulations.

Not only that, but these legislative and regulatory moves point to a larger trend: federal government officials are increasingly seeking to monitor prime contractor and subcontractor work, with potentially crippling consequences if they don't like what they see. Subcontractors are coming under increasing scrutiny; they are taking unnecessary risk if they do not have an effective means to manage the information in the Federal Acquisition Regulations. Meanwhile, prime contractors are forced to become increasingly risk-averse and only deal with companies they can trust to follow regulations while they, themselves, grapple with managing the regulations that apply to them.

Your Supply Chain at Risk: A Secret Blacklist for Government Contractors? Part 1

The American Small Business League recently released a statement that Section 815 of Senate bill 3454, the National Defense Authorization Act of 2011, "may allow senior Department of Defense (DoD) officials to secretly 'blacklist' government contractors at their discretion and without notice to the contractor or accountability to the public."

This is, of course, the same bill that contains provisions for withholding payment from contractors whose business systems are deemed inadequate. The bill follows proposed changes to the DFARS that would withhold payments up to 100% for "inadequate" business systems, including purchasing systems, which in turn includes subcontracting.

That federal government officials want more and more control over the contracting and subcontracting process is nothing new. Section 815, which covers risk to the supply chain, poses additional challenges for contractors and subcontractors.

At first glance, Section 815 seems to apply only to technology vendors and their suppliers, and it seems to be intended to block terrorists and hackers from maliciously manipulating mission-critical hardware and software. It appears to be a well-intended provision for ensuring that crucial tech vendors--and the military groups who depend on them--can't be shut down by a weak link in the supply chain. Who would be against that?

But the devil is in the details. A more thorough reading reveals some very open-ended wording that could lead to the section being used to justify draconian measures taken arbitrarily against contractors and subcontractors, leaving them with no recourse to restore their businesses and good names.

Section 815 starts by giving the head of "an agency" (which agencies are allowed this power is not specified) to establish qualification requirements for the reduction of supply chain risk, and restrict competition to companies who can meet those requirements. Apparently irrespective of these qualification requirements, the agency head can establish supply chain risk as a major criteria for evaluation of a bid. This begs the question of whether Section 815 could be construed as giving agency heads the ability to exclude non-tech contractors and subcontractors.

The statute does not cover what happens when different agencies establish different qualification requirements. How can a small business keep up with these requirements on top of all the Federal Acquisition Regulations, even if it has an effective FAR management system? These requirements are only available upon request--so contractors must know to request them and contracting officers must be knowledgeable enough to deliver them.

The section goes on to outline how a company that either cannot meet qualification requirements or has been deemed to pose a "supply chain risk" can be restricted from competition either as a contractor or subcontractor. It then states that a determination against a company must be in writing but does not have to be disclosed via Federal Register, that it is at the sole discretion of the agency head or senior procurement executive, and is not subject to review by either a GAO protest or the Federal court.

It doesn't take a contracting expert or attorney to point out the obvious potential for abuse by agency leaders. There are no apparent checks and balances to this system. On top of this, there is another problem that the bill doesn't even address--how the actions of one agency head affects another. Can the head of one agency blacklist a contractor who does business with multiple agencies and therefore cause other agencies to terminate contracts and blacklist the contractor as well? If the answer is yes, then what happens when one agency head blacklists someone another agency head needs to provide crucial systems? And what about contractors who are caught in the middle of inter-agency power struggles?

This is only part of the problem with this pending legislation. We'll examine some of the implications for prime contractors as well as smaller subcontractors next week.

New Regulations Needed for Government IT Contracting

It's generally known that government IT projects are some of the riskiest projects out there. They are often enormous projects, with complicated specifications and requirements. At the same time, the nation has a greater need for efficient systems than ever before. Civilian and military agencies have a lot to manage, with projects ranging from defense systems for battlefield wireless networks to systems that support the recent changes in health care.

"Cloud computing" is one hot area of research and development, and a new GSA contract will have 11 different vendors providing cloud computing and storage to a number of different government agencies. Such interagency cooperation may require new ways of defining contracts, especially for projects that require delivering a wide array of services, from storage to software licensing. This is in keeping with President Obama's creation of a new task force on interagency contracting cooperation.

Meanwhile, government contracting specialists and industry analysists are experiencing a shift in perspective. Our current contracting models simply don't work for IT projects. Software cannot be produced the same way as, say, the F-22 Raptor, or a new levee for New Orleans. Our enemies and our project requirements are constantly evolving; massive contracts with set requirements are an anathema to our ability to respond.

On top of this, massive IT projects lend themselves to poor contracting procedure, a subject we've covered in our article series "Contracting Principles the DoD Forgot," about the DoD's withholding contractor payments due to poor contract management. When you combine this new penchant among legislators and members of the Executive branch to hold back payments, with little recourse and devastating consequences for small businesses, the implications are enormous. If we do not change how IT contracts are developed and written, it will be a wonder if we have any IT vendors willing to assume the risk of contracting with the federal government at all.

Two recent articles discuss some remedies: "Bite-size procurements can minimize big-time problems" at Federal Computer Week, and "Gov't IT Contracting Reform Needed" at PCWorld. Both suggest a smaller, bite-sized, incremental approach.

What this means for federal procurement regulations is up in the air right now, but it's clear that federal acquisition regulations would need to change to better accommodate this incremental approach. Contractors need to be familiar with the FAR now, but IT vendors in particular need to keep an eye on the regulations for the foreseeable future as the President's Interagency Task Force keeps working.

Government Contractors: Know Your Regs, or Else?

We wanted to give a shout-out to Mike Anderson over at Tech Biz Blog for noticing the same thing we have: contracting regulations matter more now than ever before. This is true not only for the big guys, but small businesses and everyone who subcontracts. No one--prime contractor, subcontractor, or federal agency--is going to want to risk working with your company unless you have a good handle on the FARS.

Implications of the GTSI Suspension: FARS Management

Jonathan S. Aronie over at GovernmentContractsLawBlog.com pointed out some interesting implications of the recent GTSI suspension.

He astutely points out some possible consequences:

"Prime contractors reassessing their current relationships with small businesses. (And small businesses doing the same.)

Greater contracting officer focus on the SBA’s rules, and greater scrutiny of proposals in set-aside procurements.

SBA OIG audits of large and small teammates on set-aside contracts, like SEWP or FirstSource."

A greater focus on the rules. Audits. Sound familiar? Anyone who has been following contracting news knows that the Obama Administration has placed a greater focus on oversight and regulations. But what is a contractor to do about it?

Small businesses that find themselves under greater scrutiny by prime contractors should take a look at how they manage the FARS. Proving competence with the FARS is a good way for contractors to keep each other comfortable with the arrangement. Would you do business with someone who doesn't keep track of the terms of the contracts you make with them? Someone who ignores applicable regulations--which may in turn get you suspended, or get you negative ratings in the FAPIIS system, or may cause the DoD to withhold payments? Someone who would make you look less trustworthy to the greater contracting community?

Yet the FARS and their supplements are a monstrosity. How can a small business compete? It's increasingly apparent that in order to stay competitive, a FARS management system is crucial. It's not enough to print out regulations, stuff them into a folder and never look at them again. It's not enough to keep them in overflowing email inboxes. Competitive contractors of all sizes face the need to prove regulatory competence, the same way ISO-certified companies must.

Mr. Aronie also points out in his post:

"When push comes to shove, you may not get the expected mileage from a defense based upon the oral advice of a contracting officer."

Contractors shouldn't take the word of others; they need to be responsible for this information themselves. Competitive contractors must show that they have the regulations at their fingertips, and that applicable regulations are revisited frequently to ensure compliance. ISO certified companies often attest to the increased business brought by their certifications; we believe the same will be true of contractors who can show good FARS management.

Free FARS management subscription

If you're interested in a FARS management system with comprehensive scope and easy ways to save links and annotations to the FARS, check out the FARSmarterBids subscription service. We now offer a free 1-month trial to help you evaluate our software, to see how it can help save you time and money, and avoid contracting risks.

Contractor GTSI suspended; who is next?

As we reported earlier on our Twitter feed, the SBA has suspended GTSI from government work based on allegations of contracting fraud. According to a Washington Post article:

"There is evidence that GTSI's prime contractors had little to no involvement in the performance of contracts, in direct contravention of all applicable laws and regulations regarding the award of small business contracts," an SBA official wrote in a letter to GTSI's chief executive, Scott W. Friedlander. "The evidence shows that GTSI was an active participant in a scheme that resulted in contracts set-aside for small businesses being awarded to ineligible contractors."

The article goes on to say it's the first time in decades that such an action has been taken.

This comes as no surprise to government contracting newshounds. This administration has stated many times that stopping contracting fraud, waste, and abuse is a priority. President Obama's memorandum back in March challenges federal agencies to ferret out companies that don't follow contracting rules.

Contracting and subcontracting, including small business contracting, have become increasingly important targets in Congress; as we reported earlier, the new Small Business Jobs and Credit Act aims to enforce subcontracting plans. Congress is looking at agencies like the Department of Homeland Security to ensure proper management and oversight of contracts. And Congress may yet pass a version of the DoD's payment withholding plan in the National Defense Authorization Act 2011 for contractors who don't follow the rules.

If a large contractor like GTSI can be taken to task under this increased oversight, it is likely that other contractors will as well. Furthermore, knowledge of the Federal Acquisition Regulations is increasingly at a premium; even the smallest subcontractors could stand to lose business if they are not followed. No prime contractor will want to assume the risk of being suspended because of a failure to follow regulations along the supply line. Contracting officers will be on the lookout for companies that can demonstrate good management of the applicable regulations. An effective FARS management system reduces the regulatory burden and ensures compliance, which in turn protects against suspension.

It will be interesting to see what other companies may be suspended by the SBA; if what is alleged against GTSI is true, it is possible there are many other "GTSIs" out there that could be suspended. Time will tell, but in the meantime, contractors and subcontractors should take a close look at their FARS management and ask themselves if they can prove their competence in this era of increased oversight.