Few people in government or industry are apparently happy with the current CPARS contractor evaluation system.  Contractors don’t like having to wait months for what increasingly seems to be a perfunctory rating.  Federal contracting officers don’t like the time it takes to do an evaluation and they, along with the customers they support, question whether the CPARS evaluation actually measures the right things.  GovConRx, working with the Office of Federal Procurement Policy, compiled this information from a recent survey of federal contractors and their customers.  There are a variety of suggestions on how to make the evaluation process better.  Contractor self-assessments were one popular response, though there are obvious concerns with having companies be the only ones to assess the quality of their contract work.  Eighty-four percent of survey respondents supported a “CPARS-Lite” solution for certain fixed price and commercial item contracts, less complex procurements, and those under $500,000.   This would allow expedited CPARS ratings and reduce the burden of CPARS reporting across the acquisition workforce.  77% want a closer alignment between CPARS narratives and ratings and the associated quality assurance surveillance plan (QASP), mission objectives and contract outcomes.  There may be a real opportunity to streamline the CPARS system so that reports are more meaningful and timely.  GovConRx and OFPP are working with several industry associations, including the Professional Services Council and ACT-IAC to follow up on the survey data and develop potential improvements.  Interested contractors should make sure that their voices are heard via the associations in which they have memberships. 

In our on-going quest to ensure that companies are successful in their federal business for FY’21 and beyond, we offer these three tips and reminders.  While they some may sound like common sense, they are not always followed.  Business suffers as a result. 

1.  Don’t Take Your Customer’s Word For It:  Make sure you get any special customer directions in writing.  Even then, directives or interpretations of your contract that are inconsistent with the actual terms and contract clauses are invalid.  More than one contractor has gotten in serious legal trouble for using the “My Customer Said It Was OK” defense.  Always strive to stay compliant and remember that there is such a thing as bad business. 

2.  Don’t Do It All Yourself:  Government business is not a “go it alone” proposition according to every successful contractor we’ve spoken with.  Make sure that you get qualified help when needed, whether its with contracts, market research, legal support or whatever is needed to ensure that your business grows in a sustainable way.  Small business owners:  delegate to your staff.  Don’t fall into the trap of allotting playing time on the White House tennis courts a la Jimmy Carter. 

3.  Do Understand The Impact of the Elections on Your Business:  Election outcomes do matter to government contractors.  Priorities change, even when a president is re-elected. New Congressmen and Senators have differing priorities.  Remember the maxim, “Washington can do things for you and to you”.  You’ve invested in government business.  Don’t ignore policy changes that can change your market. 

Out with the old, in with the new.  We hope your FY’20 year-end was strong, but whether or not it was, the reward is to crank it up and start over again for FY’21.  Here are three things contractors should focus on now: 

1.  There is Business To Be Done in October:  Federal spending data show that there is actually a good bit of business transacted in October.  Some of this is renewals of licenses and service agreements, while other business includes continuing projects that an agency may have wanted to stop, but can’t because they don’t have new funding to replace and existing system.  Either way, no one should write off October. 

2. Train and (virtually) Network:  The start of the fiscal year is perhaps the very best time to train your team on important compliance factors.  The pace of business is not as hectic, and annual training is manifestly a best practice.  The holidays are right around the corner and you want an ethics refresher to be in the minds of your sales team to ensure that your company stays compliant with gift rules, among other requirements.  October and November are also traditionally conference time in our market.  While the meetings this year are virtual, there is still excellent information to be obtained and perhaps even a bit of networking.  At a minimum, you can hear from federal officials on their challenges and that is never a bad thing for formulating your business plan.  You do yourself, and your company, a great disservice if you don’t participate in association conferences and similar events.  Between now and early December there are many from which to choose. 

3.  Set Meetings With Potential Clients:  The first two quarters of the fiscal year are the best time to develop your “FY’21 Model Year” message and meet with current and potential customers.  Federal officials have a bit more time, relatively speaking, now than they will next Spring.  Most officials do want to hear from you, as long as you’ve done your homework and have a relevant message.  There will be more comings and goings this Fall, regardless of the election outcome, but the next 4-5 months are a great time to increase your contact list.  

While Cybersecurity Maturity Model Certification (CMMC) has received bad press lately for potential misdealing by a board member AND the actual certification process would lose a race to molasses in January, the Defense Department nevertheless released an interim rule this week (https://bit.ly/33nTeMz) that will require contractors to prove they are keeping up with key cybersecurity measures.  The interim rule, effective November 30^th, creates three levels for cybersecurity assessments, basic, medium, and high.  Each level requires contractors to apply the security requirements of NIST SP 800-171 to “covered contractor information systems”’. 

This includes even those systems that are not part of an IT service or system operated on behalf of the government.  It is important to remember that compliance with NIST SP 800-171 was required before CMMC requirements were created and that CMMC was only created because companies had failed to implement the mandated security protocols in the first place. CMMC certification, itself, will be required of all DOD contractors handling “Controlled, Unclassified Information” by October 20205.  CMMC certification, though, is slow coming out of the starting gate.  The interim rule may be a step to keep pressure up on industry to ensure compliance.  While industry may have expected a proposed rule, DOD believes that the requirements are critical enough to start with an interim measure.  Companies can comment on the rule until the November 30^th effective date. 

It’s not enough for everyone in your organization to “know” what the processes are to maintain compliance with your government contracts.  Roles change over time and, believe us, it is absolutely amazing how differently people interpret their responsibilities when speaking candidly.  The bottom line:  Your people may not know what you think you taught them. Your company’s policies should be written down and updated as needed. This leads us to a discussion of internal vs. external training.  While both can be important, contractors too often rely exclusively on in-house training. 

Anyone who has children, though, will tell you that they tune their parents out when mom and dad are delivering instructions.  Internal training can follow this pattern.  Plus, it makes it too easy for people to get distracted and get back to their regular work.  External training provides your team with a fresh voice and a dedicated real or virtual training space.  It also shows any auditor or investigator that your company takes compliance seriously enough to invest in outside classes. 

This can be an important factor in assessing any fines or penalties stemming from a noncompliance issue.  Yes, we realize that writing down policies takes time and that external training costs money.  So does dealing with and paying lawyers, expert witnesses, forensic accountants, and others that are routinely part of any significant compliance action.  Guess which one costs less in the long run?  Proceed accordingly.