Your Supply Chain at Risk: A Secret Blacklist for Government Contractors? Part 2

While Congress dithers about tax rates, a crucial piece of legislation, the National Defense Authorization Act of 2011, is still not resolved. This legislation may allow government officials to secretly blacklist contractors, with no notice, and no public accountability.

We examined some of the potentially alarming implications of Section 815 of this Act last week, and continue our analysis here.

Section 815 of the 2011 NDAA defines a supply chain risk as:

(4) The term ‘supply chain risk’ means the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a covered system or a covered item of supply so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of the system or item.

An "adversary" is not defined by this legislation, and there is no reference to an accepted definition in the U.S. Code. An obvious example would be an al Qaida terrorist. No one wants such a person working for a government contractor or subcontractor.

But what about a mischievous person? Someone who slips in a line of code as a joke or calling card? How about a careless programmer? A quick jaunt around StackOverflow.com can yield plenty of examples of funny comments, little "features," and all manner of bugs that made it into programs because programmers were coding for three days straight on only eight hours' sleep and gallons of coffee. If a little joke affects the performance of a "covered system," will the whole company be debarred?

What about a bug? The section mentions "maliciousness," but it also says "and otherwise subvert"--meaning that maliciousness may not be a criteria for deciding whether a programmer's actions fall under the definition of subversion. All code has bugs; the open-ended language of this legislation makes it ambiguous whether those bugs could be fixed with a patch or bankrupt the contractor.

This bill basically puts a premium on prime contractors to closely monitor the actions of all their employees as well as the employees of their subcontractors. While a terrorist might not have the patience to infiltrate a major prime contractor, build up years of trust, and then quietly place malicious code into crucial systems, contractors will still face devastating outcomes if an employee goes rogue.

No prime contractor is going to have the ability to examine every line of code in every program supplied by a subcontractor for bugs, pranks, or malicious code. The cost of doing so is prohibitive. This doesn't even cover the intellectual property issues that might come into play; subcontractors may have trade secrets to protect in their code that they do not want a larger company to co-opt. Subcontractors may find that the increased scrutiny or intellectual property risks are not worth it, and are, in effect, self-selected out of government contracting. And, of course, the cost of whatever "qualification requirements" could be prohibitive to smaller businesses, leading to either more self-selection out of contracting or the de facto debarment that the American Small Business League warns about.

It is important to remember that we already have measures in place to effectively debar contractors who deal with foreign terrorists or whose practices might weaken the supply chain. In addition to the measures identified in the Federal Acquisition Regulations and supplements, the Excluded Parties List provides a means of achieving the goal of excluding potentially terrorist-linked firms without the secrecy and potential abuse at the hands of a consolidated few heads of agencies.

Even if Section 815 of this Act does not survive the legislative process to become law, a seed has been planted. The notion of withholding payments from contractors with "inadequate" business systems started in a proposed DFARS, and subsequently appeared in a modified form in Section 841 of the 2011 NDAA. Another version of Section 815 may crop up in the Federal Acquisition Regulations.

Not only that, but these legislative and regulatory moves point to a larger trend: federal government officials are increasingly seeking to monitor prime contractor and subcontractor work, with potentially crippling consequences if they don't like what they see. Subcontractors are coming under increasing scrutiny; they are taking unnecessary risk if they do not have an effective means to manage the information in the Federal Acquisition Regulations. Meanwhile, prime contractors are forced to become increasingly risk-averse and only deal with companies they can trust to follow regulations while they, themselves, grapple with managing the regulations that apply to them.

Government Contractors: Know Your Regs, or Else?

We wanted to give a shout-out to Mike Anderson over at Tech Biz Blog for noticing the same thing we have: contracting regulations matter more now than ever before. This is true not only for the big guys, but small businesses and everyone who subcontracts. No one--prime contractor, subcontractor, or federal agency--is going to want to risk working with your company unless you have a good handle on the FARS.

Contracting Principles the DoD Forgot, Part 4: The Proposed Purchasing System DFAR: Consequences for Subcontractors and Prime Contractors

Our last closely examined area of the proposed rule brings us back to the topic of subcontracting. The following Purchasing System Administration clause is noteworthy for subcontractors as well as prime contractors.

"252.244–7XXX Contractor purchasing system administration.
As prescribed in 244.305–7X, insert the following clause:
Contractor Purchasing System Administration (Date)
(a) Definitions. As used in this clause—
Deficiency means a failure to maintain any element of an acceptable purchasing system.
Purchasing system means the Contractor’s system or systems for purchasing and subcontracting including make or buy decisions, the selection of vendors, analysis of quoted prices, negotiation of prices with vendors, placing and administering of orders, and expediting delivery of materials."

Note that the defined purchasing system includes systems for subcontracting and information related to subcontractors and their proposals to, and contracts with, the prime contractor. It is important to note that this proposed rule 252.244–7XXX is a business-transaction-information-and-documentation-requirement as well as a business systems and business systems administration rule. It almost looks like the beginning of a required ISO quality management system for purchasing transactions and documentation. Also, please note that there is no exception or exclusion in this definition for very small vendors.

The clause continues:

"Purchasing system includes, but is not limited to—
(1) Internal audits or management reviews, training, and policies and procedures for the purchasing department to ensure the integrity of the purchasing system;
(2) Policies and procedures to assure purchase orders and subcontracts contain all flow down clauses, including terms and conditions required by the prime contract and any clauses required to carry out the requirements of the prime contract;"

Training for many contractor purchasing departments is often occasional and insufficient. If adopted in some similar form, such a final rule may trigger greater attention to in-house and externally sourced training. Also in that event, more attention by contractors to their policies and procedures for purchasing departments will likely be necessary to avoid possible deficiency findings. An annual review of all purchasing department policies and procedures, and documentation confirming the thoroughness of that review, will now be more important than ever before. These points seem supported by subsequent paragraphs of this proposed FAR that are noted below. Overall, a final rule similar to the proposed rule would discourage caviler treatment of company policies and procedures. The withholding penalties would be too extreme to risk.

The clause continues:

"(3) An organizational and administrative structure that ensures effective and efficient procurement of required quality materials and parts at the most economical cost from responsible and reliable sources;
(4) Selection processes to ensure the most responsive and responsible sources for furnishing required quality parts and materials and to promote competitive sourcing among dependable suppliers so that purchases are reasonably priced and from sources that meet contractor quality requirements;"

Given such requirements in a final rule, increased use of ISO qualified subcontractors seems highly desirable.

The clause continues:

(5) Performance of price or cost analysis on purchasing actions; and

Presumably explanatory documentation of these analyzes would be necessary. Paragraph 252.244–7XXX(c)(5) below seems to support that thought.

The clause continues:

(6) Procedures to ensure that proper types of subcontracts are selected and that there are controls over subcontracting, including oversight and surveillance of subcontracted effort.

It will be interesting to see whether supplemental requirements will be added over time such as details of necessary elements in a subcontracting and subcontracts oversight and surveillance procedure. How far will contractors have to go in their subcontracting procedures in order to satisfy the government? Will a new internal or external legal audit and formal opinion-letter certification eventually become viewed as helpful or necessary?

The clause continues:

(b) General. The Contractor shall establish and maintain an acceptable purchasing system. Failure to maintain an acceptable purchasing system, as defined in this clause, may result in disapproval of the system by the ACO and/or withholding of payments.
(c) System requirements. (1) Have an adequate system description including policies, procedures, and operating instructions that comply with the FAR and DFARS.

Note in 252.244–7XXX(c)(1) above the words "policies, procedures, and operating instructions that comply with the FAR and DFARS". Couple these requirements with 252.244–7XXX(b)’s statement above that: "Failure to maintain an acceptable purchasing system, as defined in this clause, may result in disapproval of the system by the ACO and/or withholding of payments." What do you conclude? Consider the following possible conclusions.

1) Perfection Required Regarding DFARS. Under the proposed 252.244–7XXX(b) and (c)(1) it appears that less that perfect (i) awareness or knowledge, (ii) interpretation and understanding, and (iii) application or implementation, of all applicable then-current DFARS in "policies, procedures, and operating instructions" may result in payment withholding or purchasing system disapproval.

Requirements for contractor perfection are often problematic. In connection with 252.244–7XXX(b)’s statement above, how will "an acceptable purchasing system" be defined specifically or precisely, in other words, in greater detail than by 252.244–7XXX(c)’s criteria? To illustrate, how quickly must subcontractor invoices be approved or rejected, and if approved, paid? Is it "acceptable" to pay a subcontractor within 60 or 90 days of invoice receipt, or of invoice approval? Will delays longer that a few weeks or a month be viewed as a deficiency? Software systems for the purchasing function are common among contractors. Is it "acceptable" if a new release from a software licensor contains a bug that takes weeks or months to be fixed when the bug affects the contractor’s purchasing system, for example, changing the calculations or other content in invoices or purchase orders? It is hard to be perfect when you do not know the details of all requirements.

2) Confusing "Mandatory" Versus "Optional" Inconsistency. There appears to be a confusing inconsistency between "252.242–7XXX, Business Systems" that we previously reviewed, and "252.244–7XXX Contractor purchasing system administration".

(i) In 252.242–7XXX, Business Systems, we see a mandatory penalty. Note the mandate in 252.242–7XXX(c)(2): "If the ACO determines that the Contractor’s business system contains deficiencies, the final determination will include a notice of a decision to withhold payments." Next, note the mandate in 252.242–7XXX(d)(1) to "immediately withhold ten percent of each of the Contractor’s payments under this contract" for deficiencies in a business system. We must remember of course that a purchasing system is a type of covered business system.

(ii) However, in 252.244–7XXX(b)’s statement we see an optional penalty: "Failure to maintain an acceptable purchasing system, as defined in this clause, may result in disapproval of the system by the ACO and/or withholding of payments."

Which is it, "will" or "may" withhold payments? There appears to be no explanation.

3) ACO Inconsistency. We must recognize the probability that ACOs will not be consistent across contracts and over time. Inconsistency in ACO actions is a major danger in the near future after the final rule issues, and years later, because of potential unexpected withholdings for reasons not triggering a withholding under (i) a contractor’s other then-current, in-progress contracts, (ii) a competitor’s then-current contracts, or (iii), in the future, under a contractor’s old contracts. The same ACO may be consistent, but the consistency issue clearly arises with different ACOs. Inconsistent withholding decisions seem unavoidable even if ACOs receive training in an attempt to minimize them. After all, ACO actions are not the actions of judges in courts of law who are bound by precedent. Undoubtedly there will be some inconsistencies across contracts or over time that will be reasonable and fair given the respective surrounding circumstances, but equally undoubtedly other inconsistencies across contracts or over time will be unreasonable, unfair, costly, and may lead to considerable harm to the contractor involved and its workforce, shareholders, and senior management.

4) Uncertainty. The lack of details in DFAR requirements, on the one hand, and ACO inconsistency, on the other hand, will likely initiate and maintain some degree of contractor uncertainty over which application or implementation imperfections or idiosyncrasies will be "acceptable" in any particular newly-awarded contract and at any particular point in time. Focusing only on purchasing systems for the moment, the potential withholding or system disapproval consequences of a purchasing system imperfection are draconian. The risk of payment withholding or purchasing system disapproval due to imperfections is too dire to treat lightly. Assuming the requirements of the final Business Systems DFAR are at least somewhat similar to those of the proposed DFAR, it will be highly desirable for contractors to undertake any reasonable steps to improve DFAR (i) awareness or knowledge, and (ii) interpretation and understanding. Contractors would not want one of these more controllable sources of risk to trigger a withholding. Application or implementation imperfections or idiosyncrasies will cause more than enough problems. Overall, awareness and knowledge failures, and interpretation and understanding failures, must be minimized.

5) Best Solutions. It follows that prudence suggests discontinuing any reliance on sources for DFARS, and FARS as well, that are unnecessarily incomplete or less than reasonably current. Prudence further suggests more vigilant research into and analysis of new DFARS, and FARS as well, rather than accepting prevalent internal interpretations without question because they may be blind to, or may incompletely recognize, some potential dangers.

Assuming the requirements of the final DFAR Business Systems rule are at least somewhat similar to those of the proposed rule, the time will have come for more attention to, and more professionalism in, FAR/DFAR awareness/knowledge, and FAR/DFAR interpretation and understanding. Occasional and piece-meal updating of FARS and DFARS is no longer adequate in an environment of countless new grounds for a withholding penalty. Occasionally discussing proposed or new FARS/DFARS is insufficient. Occasionally finding and reviewing an article on the interpretation of a proposed or new FAR/DFAR is insufficient. Contractors need a FAR/DFAR management system.

Contracting Principles the DoD Forgot, Part 3: “Business Systems” Excerpts From The Proposed Mandatory Withholding DFAR

The following passages from the proposed rule will disclose some key processes and begin to suggest its penalties. For those readers unfamiliar with the terminology, an "ACO" is an Administrative Contracting Officer.

"Subpart 242.70—Business Systems
242.70X1 Business system deficiencies.
(a) Definitions. "Acceptable business systems" and "Business systems" are defined in the clause at 252.242–7XXX, Business Systems.
(b) Reporting of deficiencies. The auditor or other cognizant functional specialist shall document deficiencies in a report to the ACO. The report shall describe the deficiencies in sufficient detail to allow the contracting officer to understand what the contractor would need to correct to comply with the applicable standard or system requirement, and the potential magnitude of the risk to the Government posed by the deficiency. Follow the procedures at PGI 242.70X1(b) for reporting of deficiencies.
(1) Initial determination of deficiencies. If the ACO makes a determination that there is a system deficiency, the ACO shall provide an initial determination of deficiencies and a copy of the report to the contractor and require the contractor to submit a written response in accordance with the clause at 252.242–7XXX, Business Systems.
(2) Evaluation of contractor's response. The ACO, in consultation with the auditor or cognizant functional specialist, shall evaluate the contractor's response and make a final determination.
(3) Notification of ACO final determination. The ACO shall notify the contractor in writing of the ACO's final determination with copies provided, as applicable, to the auditor; other cognizant functional specialists; and affected contracting activities and contract administration offices. The ACO shall take one of the following actions—
(i) Withdraw the initial determination of deficiencies. The ACO shall withdraw the initial notification if the contractor has corrected all deficiencies or the ACO agrees with the contractor's written response disagreeing with the initial determination of deficiencies; or
(ii) The ACO shall notify the contractor of the ACO's decision to implement payment withholding in accordance with the clause at 252.242–7XXX, Business Systems. The notice shall—
(A) Identify any deficiencies requiring correction;
(B) Inform the contractor that—
(1) The contractor must correct the deficiencies;
(2) The contractor must submit an acceptable corrective action plan within 45 days if the deficiencies have not been corrected within that 45 day timeframe;
(3) Payments shall be withheld in accordance with 252.242–7XXX, Business Systems, until the ACO determines that all deficiencies have been corrected; and
(4) The ACO reserves the right to take other actions within the terms and conditions of the contract.
(c) Monitoring contractor's corrective action. The Government shall monitor the contractor's progress in correcting the deficiencies and shall notify the contractor of the decision to decrease or increase the amount of payment withholding in accordance with 252.242–7XXX, Business Systems.
(d) Correction of system deficiencies.
(1) If the contractor notifies the ACO that the contractor has corrected the system deficiencies, the ACO shall request the auditor or other cognizant functional specialist to review the correction to determine if the deficiencies have been resolved.
(2) The ACO shall determine if the contractor has corrected the deficiencies.
(3) If the ACO determines the contractor has corrected all deficiencies, the ACO shall discontinue withholding payments.
(e) System review matrix. Refer to the matrix at PGI 242.70X1(e) to crossreference DCAA internal control reviews and other business system audits to the list of "business systems" defined at 252.242–7XXX, Business Systems."

Note the mandate above in 242.70X1(b)(3)(ii)(B)(3) to withhold payments until all deficiencies have been corrected. Note also in 242.70X1(c) above the ability of the ACO to decrease or increase the amount of payment withholding. Then in 242.70X1(d)(3) above the ACO may discontinue withholding payments when the ACO determines the contractor has corrected all deficiencies. The proposed rule continues:

"242.70X2 Contract clause.
Use the clause at 252.242–XXXX, Business Systems, in solicitations and contracts when the solicitation or contract includes any of the following clauses:
(a) 52.244–2, Subcontracts.
(b) 52.245–1, Government Property.
(c) 252.215–7002, Cost Estimating System Requirements.
(d) 252.234–7002, Earned Value Management System.
(e) 252.242–7004, Material Management and Accounting System.
(f) 252.242–7YYY, Accounting System Administration."
* * * * *

Note the reference in 242.70X2(a) above to subcontracts. Subcontracting is addressed in several subsequent locations within the proposed rule including at the end, in the topic area of contractor purchasing systems. Before that point we see other major systems of the contractor addressed in Part 252—Solicitation Provisions and Contract Clauses. We also see in Part 252 the proposed clause at 252.242–7XXX, Business Systems, addressing some key processes and the withholding-payments penalty.

"252.242–7XXX Business systems.
As prescribed in 242.70X2, use the following clause:
Business Systems (Date)
(a) Definitions. As used in this clause—
Acceptable business systems means business systems that comply with the terms and conditions of this contract.
Business systems means—
(1) Accounting system, if this contract includes the clause at 252.242–7YYY, Accounting System Administration;
(2) Earned value management system, if this contract includes the clause at 252.234–7002, Earned Value Management System;
(3) Estimating system, if this contract includes the clause at 252.215–7002, Cost Estimating System Requirements;
(4) Material management and accounting system, if this contract includes the clause at 252.242–7004, Material Management and Accounting System;
(5) Property management system, if this contract includes the clause at 52.245–1, Government Property; and
(6) Purchasing system, if this contract includes the clause at 52.244–2, Subcontracts.
(b) General. The Contractor shall establish and maintain acceptable business systems in accordance with the terms and conditions of this contract.
(c) System deficiencies.
(1) The Contractor shall respond in writing within 30 days to an initial determination of deficiencies from the ACO that identifies deficiencies in any of the Contractor's business system.
(2) The ACO will evaluate the Contractor's response and notify the Contractor in writing of the final determination as to whether the business system contains deficiencies. If the ACO determines that the Contractor's business system contains deficiencies, the final determination will include a notice of a decision to withhold payments.
(d) Withholding payments.
(1) If the Contractor receives a final determination with a notice of the ACO's decision to withhold payments for deficiencies in a business system required under this contract, the ACO will immediately withhold ten percent of each of the Contractor's payments under this contract. The Contractor shall, within 45 days of receipt of the notice, either correct the deficiencies or submit an acceptable corrective action plan showing milestones and actions to eliminate the deficiencies.
(2) If the Contractor submits an acceptable corrective action plan within 45 days of receipt of a notice of the ACO's intent to withhold, but has not completely corrected the identified deficiencies, the ACO will reduce the amount withheld to an amount equal to five percent of each payment until the ACO determines that the Contractor has corrected the deficiencies in the business system. However, if at any time the ACO determines that the Contractor fails to follow the accepted corrective action, the ACO will increase the amount of payment withheld to ten percent of each payment under this contract until the ACO determines that the Contractor has completely corrected the deficiencies in the business system.
(3) If the ACO is withholding payments for deficiencies in more than one business system, the cumulative percentage of payments withheld shall not exceed fifty percent on this contract.
(4) Notwithstanding any other rights or remedies of the Government under this contract, including paragraphs (d)(1) through (d)(3) of this clause, if the ACO determines that there are one or more system deficiencies that are highly likely to lead to improper contract payments being made, or represent an unacceptable risk of loss to the Government, then the ACO will withhold up to one-hundred percent of payments until the ACO determines that the Contractor has corrected the deficiencies.
(5) For the purpose of this clause, payment means any of the following payments authorized under this contract:
(i) Interim payments under—
(A) Cost reimbursement contracts;
(B) Incentive type contracts;
(C) Time-and-materials contracts;
(D) Labor-hour contracts.
(ii) Progress payments.
(iii) Performance-based payments.
(6) The withholding of any amount or subsequent payment to the Contractor shall not be construed as a waiver of any rights or remedies the Government has under this contract.
(7) Notwithstanding the provisions of any clause in this contract providing for interim, partial, or other payment on any basis, the ACO may withhold payment in accordance with the provisions of this clause.
(8) The payment withholding authorized in this clause is not subject to the interest penalty provisions of the Prompt Payment Act.
(e) Correction of deficiencies.
(1) The Contractor shall notify the ACO in writing when the Contractor has corrected the business system's deficiencies.
(2) Once the Contractor has notified the ACO that deficiencies have been corrected, the ACO will take one of the following actions:
(i) If the ACO determines the Contractor has corrected all deficiencies in a business system, the ACO will discontinue the payment withholding under this contract associated with that business system and release any monies previously withheld that are not also being withheld due to deficiencies on other business systems under this contract. Any payment withholding in effect on other business systems under this contract will remain in effect until the deficiencies for those business systems are corrected.
(ii) If the ACO determines the Contractor has not corrected all deficiencies, the ACO will continue the withholding payments in accordance with paragraph (d) of this clause and not release any monies previously withheld.
(End of clause)"

Note the general requirement in 252.242–7XXX(b) above to establish and maintain acceptable business systems. Note the mandate in 252.242–7XXX(c)(2) above: "If the ACO determines that the Contractor's business system contains deficiencies, the final determination will include a notice of a decision to withhold payments." Next, note the mandate in 252.242–7XXX(d)(1) above to "immediately withhold ten percent of each of the Contractor's payments under this contract" for deficiencies in a business system. Then note 252.242–7XXX(d)(3) above explaining that deficiencies in more than one business system can justify withholding up to 50% of payments under the contract.

This already shocking proposed rule now gets worse. Note the 100% mandate in 252.242–7XXX(d)(4) above: "if the ACO determines that there are one or more system deficiencies that are highly likely to lead to improper contract payments being made, or represent an unacceptable risk of loss to the Government, then the ACO will withhold up to one-hundred percent of payments until the ACO determines that the Contractor has corrected the deficiencies." Please note that there is no maximum time limit for withholding in this clause 252.242–7XXX. Instead, under 252.242–7XXX(e)(2)(ii) above it appears that withholding could theoretically continue indefinitely.

Most of the points noted above will be discussed later in this article. For the present, an observation appears warranted. If not earlier, then by this point it seems obvious that the decision makers behind this proposed rule would flunk our hypothetical Introduction to Procurement course. In fact, in my role as their helpful teacher I would encourage them to find a career outside the field of procurement.

Contracting Principles the DoD Forgot, Part 2: Introduction to the Proposed Mandatory Withholding DFAR

On January 15, 2010 the Federal Register published the Department of Defense (DoD) proposed rule "to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to improve the effectiveness of DoD oversight of contractor business systems." Interested parties were invited to submit comments referencing DFARS Case 2009–D038, and a few dozen responses were submitted. At this time we are awaiting further action from the DoD, but it seems unlikely that the DoD will simply drop this proposed rule entirely.

In the Federal Register the DoD provided the following background explanation for the proposed rule:

"Contractor business systems and internal controls are the first line of defense against waste, fraud, and abuse. Weak control systems increase the risk of unallowable and unreasonable costs on Government contracts. To improve the effectiveness of Defense Contract Management Agency (DCMA) and Defense Contract Audit Agency (DCAA) oversight of contractor business systems, DoD is considering a rule to clarify the definition and administration of contractor business systems as follows:

1. DoD is proposing to define contractor business systems as accounting systems, estimating systems, purchasing systems, earned value management systems (EVMS), material management and accounting systems (MMAS), and property management systems.

2. DoD is proposing to implement compliance enforcement mechanisms in the form of a business systems clause which includes payment withholding that allows administrative contracting officers to withhold a percentage of payments, under certain conditions, when a contractor's business system contains deficiencies.
Under such circumstances, payments could be withheld on—

• Interim payments under—
  • Cost reimbursement contracts;
  • Incentive type contracts;
  • Time-and-materials contracts;
  • Labor-hour contracts;
• Progress payments; and
• Performance-based payments."

The very first sentence of this background statement illustrates the fundamental flaw in the DoD's thinking about its procurements. It is not "Contractor business systems and internal controls" that serve as "the first line of defense against waste, fraud, and abuse". This statement ignores the customer's responsibilities and conceptually shifts all risk of waste, fraud, and abuse to the contractor. You might ask: "How else could it be?" You might say: "After all, the contractor controls its own actions including wasteful, fraudulent, and abusive actions, and the customer does not commit waste or fraud against itself, or abuse itself." There are some qualifications and exceptions to these thoughts that we could explore, but more importantly, it is the customer's fulfillment of its responsibility to define what it wants in a comprehensive, clear, and timely manner, and the customer's treatment of the contractor in a fair manner, that serves as "the first line of defense against waste, fraud, and abuse". At most, contractor business systems and internal controls are a secondary or tertiary line of defense against waste, fraud, and abuse. The DoD has forgotten some of the basic principles of procurement in our culture.

Coming soon: Part 3: "Business Systems" Excerpts from the Proposed Mandatory Withholding DFAR

Contracting Principles the DoD Forgot, Part 1: Mandatory Payment Withholding Consequences for Contractors

If you were to design an Introduction to Procurement course for undergraduates enrolled in a Business College of a University, during the first or second class you would introduce basic general concepts, and some customs, traditions, and tendencies that have historically formed the environment for procurements in our culture, and that still form that environment. The American concept of “fairness” as perceived and applied in the realm of business and more specifically in the context of procurements would be one of the important general cultural concepts introduced and would likely generate lively discussion. The American “can do” mindset, particularly among vendors, would be another cultural discussion point. This traditional attitude is so deeply ingrained within us that often we are not aware of its influences. The tradition of the American work ethic would also be mentioned in class, and some enjoyable debate might arise over which parts of the country exhibited the greatest degree of this work ethic of our forefathers. Along with many other customs you would go on to mention the typical responsibilities of the parties at a high level of abstraction—at the “50,000 foot level”. For example, you might explain that customers usually have two major responsibilities at the 50,000 foot level: (a) to define what the customer wants; and (b) to pay for it.

The customer’s first responsibility is to (i) define its required product or service deliverables, results, research, engineering, efforts, or other commitments from the vendor in advance of entering into a contract; or (ii) hire a consultant or a vendor to help specify them in advance; or (iii) require samples or a prototype that must be approved before the customer fully commits; or (iv) provide safe harbors for the vendor; or (v) specify some other requirements. A safe harbor in this general procurement context might include a commitment and a set of required conditions that, if completed or satisfied by the vendor, trigger payment, or earn other consideration, and protect the vendor against unreasonable rejection, termination, and/or liability. The set of conditions might include a vendor’s certification on certain ISO standards, a customer’s pre-contract inspections of required operations, or a customer’s acceptance criteria that are clear and comprehensive.

Since our hypothetical course is a basic introduction to procurement, a young student might ask: “Why must the customer define requirements for the vendor in advance of entering into a contract?” One answer is because the vendor is not a mind reader. Another answer is that fairly often the vendor needs to know the customer’s requirements in order to set a price including any applicable discounts or premiums. Still another answer is that customers often have only a poorly defined notion of what they want, and if they do not improve that notion and also clearly communicate what they want, it is not the vendor’s fault.

Without a comprehensive notion of what they want that is clearly and timely communicated to their bidders or vendor, customers may very well not be happy with what they receive, and they may reject, terminate, litigate, or pay more to get what they decide they really want. In fact, this situation of customers not knowing what they want, or having only a vague notion about it, and often not clearly or timely communicating their poorly-thought-out requirements, is a reality in both commercial and government procurements, and is a major cause of cost overruns. If customers could better define what they wanted—comprehensively, clearly, and in a timely manner, then some noticeable excess expenditures could be avoided.

Further, if a customer poorly defines its requirements, or delays in defining them, and attempts to shift to its vendor the risk of resulting cost-overruns and performance glitches or delays, the situation quickly becomes unfair, and it justifies the vendor, among other reactions, in requiring a premium for accepting a high-risk procurement. One of the traditions surrounding procurements in our culture is that with higher than normal risk goes greater than normal reward. If the customer refuses to pay a premium in a higher-than-normal-risk context and still imposes these risks, the customer encourages the vendor to (i) hide extra profit; or (ii) ignore non-standard requirements, especially if they are communicated after contract commencement; or (iii) take other steps intended to balance reward with risks. Under no circumstances will the vendor want to accept a penalty due to the customer’s poorly defined requirements or delays in defining them.

The second customer responsibility—to pay for its requirements--includes making payments to vendors on schedule and without unreasonable or capricious payment lateness, withholding or denial. Denying payments earned, and, in the alternative, lengthy withholding periods for payments earned through performance, are each a very serious matter. Each situation has the tendency to at least diminish business relationships, and often generates disputes. Small, and even mid-sized, vendors have been known to go out of business fairly quickly if the size of the payment denied or withheld is noticeable.

As our final academic point, near the beginning of our hypothetical basic procurement course you might also explain that, considering all procurements in the country at any given point in time, more often than not neither party to a typical contract may unilaterally change its terms or conditions in any significant way during its life. Of course, customers with unusual leverage, such as government customers, may make such demands. However, even in the face of considerable leverage, absent additional discussion and accord, and absent mutually-acceptable change mechanisms built into the contract in advance and reasonably implemented, disputes will often arise as a result of significant unilateral changes in contracts during their term. Such disputes commonly give rise to procurement delays, unforeseen costs, and sometimes other unforeseen consequences.

This is a general academic review, and these are all basic procurement concepts, customs, traditions, tendencies, and commonplace results. In the United States, everyone with any measurable experience in procurement should be very aware of them. They are not advanced course or graduate course material. Yet earlier this year our federal government appears to have forgotten some of them.

Coming soon: Part 2: Introduction to the Proposed Mandatory Withholding DFAR