June 06, 2013

The basic question asked by DCMA during a CPSR - Does the contractor's purchasing system mitigate supply chain risk to the government enough to allow the ACO to end pre-award subcontract oversight?

I throw this out there to help give some conceptual parameters to CPSR requirements and explain why some contractors get approval for procedures that lead to findings for other contractors.  

The overall result of your review must show sufficient supply chain management and public law compliance to permit the CPSR team to recommend a stoppage on the basic Advance Notice and Consent requirements imposed by 52.244-2. In other words, your purchasing system works well enough to allow the ACO to stop looking over your shoulder prior to award of "high risk" subcontracts (FFP orders over the threshold and any flexibly priced subcontract).  

This is a sliding scale. So, for example, one contractor may be allowed to award T&M subcontracts with relatively little review of a subcontractor's accounting system because that contractor has robust vendor ratings, high levels of competition and effective price analyses. Another contractor with low levels of competition, little in the way of vendor rating and suspect price analysis results may be sighted for awarding T&M subcontracts without a full determination of accounting system adequacy via DCAA audit.  

The overall goal of purchasing system output, other than public law compliance, is effective mitigation of risk to the government incurred through supply chain operation. If a system is effectively mitigating that risk through aggressive competition, price analysis and negotiation, then the CPSR Team is much more likely to let a less aggressive contract type selection procedure slide a bit - either through minor findings or no finding at all. 

In general, if you follow the Three Big C's of supply chain management - Competition, Commercial Item Procurement and Constriction of contract types - your system is well on its way to approval. The more your system strays from the Three Big C's, the more robust your additional compliance procedures must be to satisfy the CPSR's Team's basic inquiry.  

This isn't a rule by any means - some contractors who run tight systems get picked on for otherwise minor compliance issues for reasons that range from political to personal on the government side. This post is simply a suggested conceptual framework to help you evaluate the overall effectiveness of your system risk management and develop rebuttals to potential CPSR Team findings if and when they occur.