BDO Knows Government Contracting Newsletter - Summer 2018

Table of Contents

• “So you think you’re an S.”
• NIST Security Controls Enable HIPAA Compliance
• Tax Reform Enhances Value of Research Tax Credits for Government Contractors
• How Government Contractors Can Apply the Five-Step Revenue Recognition Model
• Quarterly Regulatory Update​
• Significant Accounting & Reporting Updates
   

---

“So you think you’re an S.”

By Brendan J. Sullivan and Alison V. Torres

Trendiness is a word not frequently used in conjunction with tax planning. Discussing the in-vogue corporate structure never will be the hot topic of a dinner party, nor will pictures of the organization chart trend on Instagram. But every once in a while, trendiness rears its head and presents us with an entity structure so avant-garde that every fashionable business owner feels ever so compelled. Lately, it seems like everyone has jumped on the bandwagon in an attempt to combine a limited liability company’s coolness and flexibility with an S corporation’s simplicity and fragility to create the delicate flower known as the LLC taxed as an S corporation.

However, trendiness often comes with a cost, and in the case of an LLC electing to be taxed as an S corporation, that cost could be corporate-level taxes. The fragility of the S status is inherent in the code section that birthed it—IRC §1361 very clearly defines the “cans” and “can nots” of S corporations by limiting the type of eligible shareholders, the number of shareholders, and most importantly, the classes of stock.

As you probably know, an S corporation can have only a single class of stock. What that means is each share of an S corporation’s equity needs to convey identical rights to distribution and liquidation proceeds. LLCs on the other hand are the Wild, Wild West of tax entities in their flexibility. In addition to their ability to offer units with distributions rights that differ like show ponies and workhorses, they can move in and out of various tax statuses depending on the elections made or not made. Inaction results in the LLC either being disregarded or treated as a partnership for federal income tax purposes. If action is taken by making an entity classification election, an LLC can be taxed as an association. Even without making an entity classification election, if an otherwise effective S corporation election is made, an LLC electing S corporation status is deemed to have made an entity classification election to be taxed as an association under IRC §301.7701-3(c)(v)(C). Anyone else starting to feel like they are standing in the middle of the O.K. Corral during a shootout?

These differences aren’t impossible to manage, but they do create a large ravine that requires guidance from an experienced tax advisor to navigate successfully. Tax advisors need to carefully review the LLC’s operating agreement to ensure that any provisions that facilitate the LLC’s ability to be taxed as a partnership (i.e., methods and manners of allocating income, losses, distributions and liquidation) don’t create a second class of stock concern. This is especially true because even if these provisions have not resulted in actual non-proportionate distributions, the mere existence of these provisions can result in a second class of stock.

Specifically, the IRS has ruled:

• A partnership agreement is a governing provision for purposes of Treasury Regulation 1.1361-1(l)(2) because it is a binding agreement that defines the members’ rights to distribution and liquidation proceeds (IRS Ltr. Rul. 200450012).
• While no dissolution of the association had ever been made and no capital accounts had been kept, an association’s bylaws may have invalidated the company’s S election because at the time of the election, the company may have had more than one class of stock (IRS Ltr. Rul. 200301038). This occurred because the bylaws stated that upon dissolution and after paying the debts of the association, the assets were to be distributed to shareholders (1) to pay their capital accounts, and then (2) to be divided among them as a distribution of profits.
• An operating agreement, which provided for the maintenance of capital accounts in accordance with IRC §704—including allocations to be made to members first with positive capital accounts using curative allocations and distributions to be made in accordance with positive capital accounts—may have caused the company’s S election to have been ineffective because the company may have had more than one class of stock (IRS Ltr. Rul. 201528025).

The key takeaways from these rulings are that: (1) The application of the S corporation rules to operating agreements are complicated, and should you find yourself in a situation where you have both, it is best to consult an experienced tax advisor, and (2) if you do have a problem, fear not! Relief is generally available by seeking a private letter ruling under IRC §1362(f).

By Maria Ramos, Eric Chuang, and George Hondros

The exponential growth of new technologies is significantly reshaping the healthcare industry.

New trends such as cloud, mobile, and wearable devices, among others, have given rise to innovative ways to manage, offer, and deliver healthcare services.

As healthcare organizations adopt new technologies, they need to apply reasonable and adequate security controls to ensure compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Meanwhile, government contractors working in the healthcare space must also work to ensure their compliance with HIPAA.

The HIPAA Security Rule provides the standards that must be applied to safeguard electronic protected health information (ePHI) against threats, hazards, and unauthorized disclosure. The HIPAA security rule requires the implementation of administrative, physical, and technical controls to ensure the confidentiality, integrity, and availability of ePHI. Healthcare organizations and government contractors are also required to conduct a risk analysis and to ensure that they have reduced the level of risk to an acceptable level.

The NIST SP 800-66 r1 and NIST 800-53 r4 publications contain a comprehensive set of controls that healthcare organizations can apply when pursuing HIPAA compliance.

Below are the NIST 800-53 r4 controls supporting the administrative, technical, and physical safeguards of the HIPAA Security Rule:

ADMINISTRATIVE SAFEGUARDS

Security Management Process (§ 164.308(a)(1)): Implement policies and procedures to prevent, detect, contain, and correct security violations.

Supporting NIST SP 800-53 r4 controls: Risk Assessment (RA-1, RA-2, RA-3, RA-4), Planning (PL-6), Personnel Security (PS-8), Audit and Accountability (AU-6, AU-7), Security Assessment and Authorization (CA-7), Incident Response (IR-5, IR-6), Systems and Information Integrity (SI-4)

Assigned Security Responsibility (§ 164.308(a)(2)): Identify the security official responsible for the development and implementation of the entity’s policies and procedures.

Supporting NIST SP 800-53 r4 controls: Security Assessment and Authorization (CA-4, CA-6)

Workforce Security (§ 164.308(a)(3)): Implement policies and procedures to ensure that all workforce members have appropriate access to electronic protected health information, and to prevent those who are unauthorized from obtaining access to this information.

Supporting NIST SP 800-53 r4 controls: Access Control (AC-1, AC-2, AC-3, AC-4, AC-5, AC-6, AC-13), Maintenance (MA-5), Media Protection (MAP-2), Personnel Security (PS-1, PS-2, PS-3, PS-4, PS-5, PS-6, PS-7)

Information Access Management (§ 164.308(a)(4)): Implement policies and procedures for authorizing access to electronic protected health information.

Supporting NIST SP 800-53 r4 controls: Access Control (AC-1, AC-2, AC-3, AC-4, AC-5, AC-6, AC-13), Personnel Security (PS-6, PS-7)

Security Awareness and Training (§ 164.308(a)(5)): Implement a security awareness and training program for all workforce members, including management.

Supporting NIST SP 800-53 r4 controls: Awareness and Training (AT-1, AT-2, AT-3, AT-4, AT-5), Systems and Information Integrity (SI-3, SI-4, SI-5, SI-8), Access Control (AC-2, AC-13), Audit and Accountability (AU-2, AU-6), Identification and Authentication (IA-2, IA-4, IA-5, IA-6, IA-7)

Security Incident Procedures (§ 164.308(a)(6)): Implement policies and procedures to address security incidents.

Supporting NIST SP 800-53 r4 controls: Incident Response (IR-1, IR-2, IR-3, IR-4, IR-5, IR-6, IR-7)

Contingency Plan (§ 164.308(a)(7)): Implement policies and procedures for responding to an emergency or other occurrence (i.e., fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.

Supporting NIST SP 800-53 r4 controls: Contingency Planning (CP-1, CP-2, CP-3, CP-4, CP-5 CP-6, CP-7, CP-8, CP-9, CP-10), Risk Assessment (RA-2)

Evaluation (§ 164.308(a)(8)): Perform a periodic technical and nontechnical evaluation, based initially upon the standards implemented under this rule and subsequently, in response to environmental or operational changes affecting the security of electronic protected health information.

Supporting NIST SP 800-53 r4 controls: Security Assessment and Authorization (CA-1, CA-2, CA-4, CA-6, CA-7)

Business Associate Contracts and Other Arrangements (§ 164.308(b)(1)): A covered entity may permit a business associate to create, receive, maintain, or transmit electronic protected health information on the covered entity’s behalf only if the covered entity obtains satisfactory assurances that the business associate will appropriately safeguard the information.

Supporting NIST SP 800-53 r4 controls: Security Assessment and Authorization (CA-3), Personnel Security (PS-7), System and Service Acquisition (SA-9)

PHYSICAL SAFEGUARDS
Facility Access Controls (§ 164.310(a)(1)): Implement policies and procedures to limit physical access to its electronic information systems and the facility (or facilities) in which they are housed, while ensuring that properly authorized access is allowed.

Supporting NIST SP 800-53 r4 controls: Physical and Environmental Protection (PE-1, PE-2, PE-3, PE-4, PE-5)

Workstation Use (§ 164.310(b)): Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation, or class of workstation, that can access electronic protected health information.

Supporting NIST SP 800-53 r4 controls: Access Control (AC-3, AC-4, AC-11, AC-12, AC-15, AC-16, AC-17, AC-19), Physical and Environmental Protection (PE-3, PE-5, PE-6)

Workstation Security (§ 164.310(c)): Implement physical safeguards for all workstations that access electronic protected health information to restrict access to authorized users.

Supporting NIST SP 800-53 r4 controls: Media Protection (MP-2, MP-3, MP-4), Physical and Environmental Protection (PE-3, PE-4, PE-5, PE-18)

Device and Media Controls (§ 164.310(d)(1)): Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of a facility, and the movement of these items within the facility.

Supporting NIST SP 800-53 r4 controls: Configuration Management, (CM-8), Media Protection (MP-1, MP-2, MP-3, MP-4, MP-5, MP-6), Personnel Security (PS-6), Contingency Planning (CP-9)

TECHNICAL SAFEGUARDS
Access Control (§ 164.312(a)(1)): Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.

Supporting NIST SP 800-53 r4 controls: Access Control, (AC-1, AC-3, AC-5, AC-6)

Audit Controls (§ 164.312(b)): Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

Supporting NIST SP 800-53 r4 controls: Audit and Accountability (AU-1, AU-2, AU-3, AU-4, AU-6, AU-7)

Integrity (§ 164.312(c)(1)): Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.

Supporting NIST SP 800-53 r4 controls: Contingency Planning (CP-9), Media Protection (MP-2, MP-5) System and Information Integrity (SI-1, SI-7), System and Communication Protection (SC‑8)

Person or Entity Authentication (§ 164.312(d)): Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.

Supporting NIST SP 800-53 r4 controls: Identification and Authentication (IA-2, IA-3, IA-4)

Transmission Security (§ 164.312(e)(1)): Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.

Supporting NIST SP 800-53 r4 controls: System and Communication Protection (SC-9)

BDO’s TAKE
The implementation of appropriate security controls is a critical task that, if lacking, can have major implications on the security posture of a healthcare organization or government contractor.

Selection of the proper security controls is a highly important process that requires the involvement of adequate resources to efficiently identify the proper security controls that will protect organizational assets and help manage security risk at an acceptable level.

 

---

How Government Contractors Can Apply the Five-Step Revenue Recognition Model

By Amy Thorn & David Libbares

Privately held government contractors racing to implement new FASB and IASB standards for identifying and reporting revenue from customer contracts by the end of this year are wrestling with one overarching question—when?

When does a contract meet the criteria for existence? When should we consider a good or service distinct under the new standards? When do we recognize revenue over the course of a multi-year contract with numerous performance obligations and budget variables? The following five-step model for complying with the customer contracts standards answers these questions and more:

THE FIVE-STEP MODEL

Step 1.         Identify the contract.
Step 2.         Identify the separate performance obligations.
Step 3.         Determine the transaction price.
Step 4.         Allocate the transaction price to performance obligations.
Step 5.         Recognize revenue once the performance obligation has been satisfied.

Background

By now, most government contractors know general information about the new FASB and IASB standards for recording revenue from customer contracts, like when the standard goes into effect. The effective date for public entities applied to the first interim period for annual reporting periods beginning after December 15, 2017.  All nonpublic entities, including nonpublic government contracting companies, must adopt ASC 606 or IFRS 15 in the annual reporting period beginning after December 15, 2018.

For a refresher on the main provisions of ASU No. 2014‑09, Revenue from Contracts with Customers (Topic 606), refer to our Spring 2017 Newsletter. In our last issue, the Spring 2018 Newsletter, we reviewed the steps for implementation and issues specific to government contractors that may arise.

Step 1. Identify the Contract
The first step in this process is to identify when a contract is created between a government contractor and its customer. Government contracts, especially those subject to Federal Acquisitions Regulations (FAR), must meet all the following five criteria:

1. Both parties must approve and sign the agreement;
2. Both parties must identify their rights regarding goods and services to be transferred, often using standard forms and clauses required under FAR;
3. Standard payment terms for goods and services to be transferred are identified;
4. The contract has commercial substance where the risk, timing or amount of the goods or services to be transferred can be identified; and
5. Collectability of consideration is probable, meaning the customer has the ability and intention to pay amounts when they become due.  

This last factor is important for government contractors who enter into unfunded or partially-funded contracts. Approved enforceable contracts with the U.S. government meet the criteria for contract existence—for both funded and unfunded portions—as federal contracts have a low likelihood of cancellation and demonstrate a commitment to pay. Once the contract is deemed to exist, the unfunded portion is considered variable consideration (similar to award or incentive fees). The contractor includes variable consideration in the transaction price when it is probable that a significant reversal of cumulative revenue will not occur when the uncertainty (the unfunded portion) is resolved.

Termination clauses also take on new meaning and importance under the new revenue standards. As “termination for convenience” clauses are typically required by FAR for contracts with the U.S. federal government and require compensation to the vendor for work performed through termination, these clauses support the concept that the contract has commercial substance. Therefore, the entity would not assume cancellation in determining the scope and term of the contract, as well as the transaction price.

Step 2. Identify the Separate Performance Obligations
A performance obligation is a promise to transfer a distinct good or service, or a series of goods or services that are substantially the same and that have the same pattern of transfer, to the customer. In this step, the government contractor must specify performance obligations and when they will be performed, whether on or by a specific date or over time. Parties must identify the unit of account for each good or service and assign a transaction price to the fulfillment of those performance obligations.

Step 3. Determine the Transaction Price
The transaction price, or the amount of consideration that a government contractor expects in exchange for transferring promised goods or services to a customer, can vary depending on the nature of the performance obligations and timing. Timing considerations come into play here because the new ASC 606 standards require entities to estimate variable consideration when determining the transaction price, even if the promised consideration is based upon the occurrence or nonoccurrence of a future event. Examples of variable consideration include discounts, rebates, refunds, credits, award fees, incentive fees, performance bonuses or penalties, and contingencies based on the occurrence or non-occurrence of a future event, such as financing or funding.

The requirement to estimate variable consideration represents a significant change to U.S. GAAP. Under the new standard, there is no “fixed or determinable” concept.  This change reflects the new standard’s principle that revenue should more closely depict the transfer of control. That is, the standard accepts more uncertainty in the measurement of revenue compared to prior U.S. GAAP to more closely reflect a vendor’s performance.

Step 4. Allocate the Transaction Price to Performance Obligations
In this step, the government contractor allocates or divides the transaction price, as determined in Step 3, between its performance obligations, which were identified in Step 2.  The allocation is based on the relative “standalone selling price” of each identified performance obligation, being the price at which the entity would sell a promised good or service separately to a customer.  If there is an observable price of a good or service when the entity sells that good or service, that is the price that would be used.  If not, the entity must estimate the standalone selling price, maximizing the use of observable inputs, and considering all available information.

There are three methods prescribed in Step 4 to determine standalone selling price (i) adjusted market approach, (ii) expected cost plus margin approach, (iii) residual approach.  Unless the entity or a competitor has sold a standard product or service for a period of time that it can use as the basis for its analysis, the expected cost plus margin approach will often be the best estimation method for a contract with the U.S. federal government.

Step 5. Recognize Revenue Once the Performance Obligation has Been Satisfied
The core principle of the new FASB and IASB revenue reporting standards is that companies must recognize revenue when control of goods or services are transferred to customers in an amount that reflects the consideration to which the entity expects to be entitled for those goods or services. To comply with this core requirement, a government contractor must decide whether a performance obligation will be satisfied over time, or at a point in time.  Revenue should be recognized over time if one of three criteria are met:

• The customer simultaneously receives and consumes all of the economic benefits provided by the entity’s performance
• The entity creates or enhances an asset controlled by the customer
• The entity’s performance does not create an asset for which the entity has an alternative use AND the entity has an enforceable right to payment for performance completed to date

Government contractors can determine whether the control of goods or services has been transferred to the customer. Some indications that the control has transferred might include:

• The contractor earns the right to payment;
• The customer takes legal title to an asset;
• The contractor transfers physical possession of an asset to the customer;
• The customer assumes any significant risks and rewards of ownership of an asset; or
• The customer accepts the asset.

Satisfaction of one or more of the above criteria may demonstrate that the performance obligation has been satisfied.

Consult Your Auditor

When you find yourself having more questions than answers about the new standards for reporting revenue from customer contracts, an auditor can provide information, updates and reminders about the Topic 606 changes to make sure you are prepared to meet the December 2018 deadline.

---

Quarterly Regulatory Update

FINAL DECISIONS

OCI WAIVERS CREATE DIFFICULTY IN PROVING OCI ALLEGATIONS; GAO B-413860.4, CACI, INC.-FEDERAL; GENERAL DYNAMICS ONE SOURCE, LLC
KEY DETAILS: CACI, Inc. and General Dynamics One Source, LLC (GDOS) protested the issuance of a task order to Jacobs Technology Inc. issued by the U.S. Special Operations Command (USSOCOM). CACI and GDOS alleged the award represented impaired objectivity, unequal access to information, and biased ground rules organizational conflicts of interest (OCIs) stemming from other U.S. Government contracts. The allegations were first raised in fall 2017 and in response the agency ultimately determined no disqualifying OCIs existed. Furthermore, the contracting officer requested the Head of the Contracting Activity (HCA) waive applicability of OCI rules for this procurement. The protesters challenged again on the basis of the waiver decision. However, the GAO denied the protest due to the agency’s waiver of the application of FAR Subpart 9.5 authorized by FAR 9.503. GAO explained the agency’s waiver of OCIs does not depend on the conclusions within the OCI investigation, and the FAR provides the agency’s discretion as to the government’s best interest in issuing the waiver.

EFFECTIVE: 1/5/2018

AFFILIATION RULES SHOULD BE CONSIDERED AS PART OF SBA RULES; SBA SIZ-5893, MELTON SALES & SERVICES, INC.
KEY DETAILS: The Office of Hearing and Appeals (OHA) of the SBA found two entities were affiliated despite one of the entities only owning less than 1% of the other entity’s outstanding ownership interests. The solicitation was a small business set-aside with a corresponding size standard of 1,500 employees, with the Army awarding the contract to MTP Drivetrain Services, LLC. Melton Sales & Services, Inc. argued MTP was not a small business due to the affiliation with other businesses. One business affiliated with MTP, Joe Gear, had 1 ownership share in a company, VIPAR, with 120 outstanding ownership shares. OHA ruled that without clear evidence indicating the power to control, then each minority shareholder is determined to have equal control over the concern. Therefore, it was determined both MTP and Joe Gear were affiliated with VIPAR. While the finding did not change MTP’s status as a small business, it provided further clarification surrounding minority ownership interests and affiliation status.

EFFECTIVE: 3/29/2018

FINAL RULES

DOD ISSUES Class deviation for micro-purchase and simplified acquisition threhsolds
KEY DETAILS: The Department of Defense issued a class deviation consolidating prior class deviations which increased the micro-purchase and simplified acquisition thresholds. In addition, DOD expanded non-statutory emergency acquisition flexibilities and changed the thresholds for set-asides for small business from specific dollar amounts to the terms micro-purchase threshold and simplified acquisition threshold. The new micro-purchase threshold for DOD is $5,000, although several exceptions exist. For example, there is a higher level of flexibility for higher education or research institutions at $10,000. The new simplified acquisition threshold is $250,000 which also includes several exceptions.

EFFECTIVE: 4/13/2018

Dollar Threshold Triggering Certified Cost and Pricing Data increases to $2 Million for all DOD Contracts

KEY DETAILS: The Defense Pricing/Defense Procurement and Acquisition Policy advised all DOD contracting officers that effective July 1, 2018, the triggering threshold for certified cost and pricing data and application of the Cost Accounting Standards (CAS) will increase from $750,000 to $2 million. The requirement is a part of the Truthful Cost or Pricing Data statute, still commonly known as the Truth in Negotiations Act or “TINA”. In addition, due to the CAS threshold being tied to the TINA threshold by statute, on July 1 the threshold increase will apply to both TINA and CAS. However, the TINA and CAS thresholds will remain at $750,000 for all civilian agency contracts.

EFFECTIVE: 4/13/2018

CYBER ATTACK PROMPTS GSA TO REQUIRE NOTARIZED LETTERS FROM CONTRACTORS REGISTERED IN SYSTEM FOR AWARD MANAGEMENT
KEY DETAILS: The General Services Administration acknowledged on March 22 its Inspector General was looking into a hack of the SAM.gov website after hackers allegedly changed banking information for a limited number of contractors. All government contractors must have an active registration within the System for Award Management (SAM). As of March 22 for new contractors and April 27 for existing contractors, users must provide an original, signed notarized letter confirming the authorized Entity Administrator. The letter must be mailed to the Federal Service Desk (FSD) and the contractor’s registration will not be activated until the letter is processed and approved.

EFFECTIVE: 4/27/2018

GAO IMPLMENTS ELECTRONIC PROTEST DOCKETING SYSTEM (EPDS)

KEY DETAILS: The GAO announced that its EPDS system is operational and implemented effective May 1. The system will provide easier navigation and make the overall filing process for bid protests more straightforward and user-friendly. EPDS will also become the only way to file new protests except for those containing classified materials. Full implementation will likely also signal a significant update to the bid protest rules as proposed amendments were last published in April 2016.

EFFECTIVE: 5/1/2018

DOD reduces requirement for voluntary disclosures on defective pricing

KEY DETAILS: The Department of Defense issued a final rule amending the DFARS to allow DOD contracting officers discretion in requesting a limited or full-scope audit for any potential defective pricing issues identified by a contractor after contract award. The final rule requires only a discussion between the CO and Defense Contract Audit Agency (DCAA) to determine if a limited-scope, full-scope, or technical assistance is appropriate given the circumstances. The discussion must cover the contractor’s voluntary disclosures, accuracy of the cost impact, and potential impact on other existing contracts or proposals.

EFFECTIVE: 5/4/2018

PROPOSED RULES
Proposed changes to appeals under contract dispute act

KEY DETAILS: A proposed change to the Civilian Board of Contract Appeals Rules of Procedure regarding appeals under the Contract Dispute Act was published in the Federal Register. The proposed rules signal the Board’s wish to simplify and modernize access to the board, clarify its rules, and increase conformity between its rules and the Federal Rules of Civil Procedure. The Board seeks to revise approximately 40 procedural rules for CDA appeals.

EFFECTIVE: 3/28/2018

Proposed Revisions to Small Business Size Standards methodology

KEY DETAILS: The Small Business Administration (SBA) revised its white paper explaining how small business size standards are established, reviewed, and modified. The proposed rule notified the public the SBA has until June 26, 2018 to review and comment on the revision. The comments and white paper will serve to shape SBA size standards and determinations in the future. The 2010 Jobs Act directed SBA to continue with a complete review of the size standards not less than every five years and the last major revision occurred in 2011.

EFFECTIVE: 4/27/2018

Proposed modifications to Mentor-protégé program

KEY DETAILS: The Department of Defense is proposing to amend the DFARS to implement sections of the FY 2017 NDAA which will provide certain modifications to the DoD Pilot Mentor-Protégé Program. The proposed modifications include revising the definition, revising requirements regarding affiliation between mentor firms and protégé firms, and including additional types of assistance for mentors to provide to protégés.

EFFECTIVE: 5/4/2018

KEY REPORTS, MEMORANDUMS, GUIDANCE, ETC.

Department of labor announces launch of self-audit pilot program
KEY DETAILS: On March 6, 2018, the Department of Labor announced a self-audit pilot program known as the “Payroll Audit Independent Determination” (PAID). The program will launch nationwide and be evaluated after the initial six month trial period. Employers will be able to respond proactively to potential minimum wage and overtime violations under the Fair Labor Standards Act (FLSA). This includes violations such as misclassification of exempt status, improper overtime pay calculations, and “off the clock” violations.

EFFECTIVE: 3/6/2018

General Services Administration and Office of Management and Budget Finalize Plan for e-commerce portal

KEY DETAILS: On March 16, 2018, the General Services Administration (GSA) and Office of Management and Budget (OMB) issued their joint implementation plan to establish a program to procure commercial products through e-commerce portals. The portal will come online in three phases with the implementation plan and schedule already completed in Phase 1 and expected rollout by FY 2020. The portal will serve to alleviate issues in commercial acquisition including making it easier to buy commercial off the shelf (COTS) items, providing confidence that products offered are the best value due to increased competition, making the user experience easier and similar to consumer experiences outside of government platforms, and refining data report and transparency.

EFFECTIVE: 3/16/2018

Department of defense releases draft guidance on cybersecurity readiness

KEY DETAILS: On April 24, 2018, the Department of Defense released draft guidance providing further clarification surrounding the enforcement of its NIST Cybersecurity requirements. While contractors were required to submit a System Security Plan (SSP) by December 31, 2017, there was still some uncertainty as to how the requirements would be enforced. The guidance issued by DOD provides clarity around ensuring consistent review of SSPs by DOD and how evaluation of SSPs may factor into the source selection process for contracts subject to DFARS 252.204-7012. A contractor’s SSP will be required as part of the proposal and may be used as a “go/no go” factor, or alternatively assessed as a separate technical evaluation factor.

EFFECTIVE: 4/24/2018