The BDO GovCon Week Ahead - August 2019

August 2019


August 19, 2019

All IT Spending Mapping Tools Must Be Brought Through Schedule 70The Office of Management and Budget (OMB) is getting serious about federal agencies mapping spending outcomes.   While the agency has previously directed agencies to develop and use Technology Business Management (TBM) gauges, it is now telling them that they must buy solutions from GSA’s IT 70 Schedule.  This is a potential boon for IT 70 contractors that offer measurement and analysis tools that can meet TBM requirements.  The GSA and OMB are also implementing a Task Order Review Board (TORB) to manage all proposed TBM solution acquisitions.  It is advisable that companies work with customer agencies, and get to know the people who will serve on the TORB to help ensure that business is smoothly conducted.   The OMB expects that ultimately these systems will help federal agencies better manage and analyze IT spending and be interoperable across government to make enterprise wide analysis easier to conduct.  IT Schedule contractors that offer these tools need to understand what the GSA and OMB are doing and how to position themselves to pursue this business.  See the original story here from NextGov for more information.
TAA Fine Against Medical Device Company Shows Compliance Still Key:  A medical device contractor recently discovered that the government still does care about Trade Agreements Act (TAA) compliance and whether the items offered via a GSA or VA Federal Supply Schedule contract comes from the US or a designated end country.  The company paid a fine of a little more than $3 million to settle Department of Justice claims that as much as 80 percent of the items sold to the VA came from non-compliant countries.  While not included in the mandatory DOJ press release, the firm likely paid approximately seven figures in legal and associated fees, and incurred a significant loss of productivity during the investigation.  The true cost to the company was easily closer to $5 million, a figure that likely cut significantly into its federal net profit.  Companies must take TAA compliance seriously.  In FSS contracting TAA Compliance is second only to defective data cases in terms of enforcement actions.  While contractors may say everyone is doing it, that is clearly not a rationale that will win over the Department of Justice.  It is also not accurate to say that your company is in the clear if it doesn’t get audited.  While not clear in this specific case, the vast majority of Schedules-related False Claims Act cases are initiated by whistleblowers.   If you are not sure how your company measures up in terms of TAA compliance, BDO can help.
Blanket Purchase Agreements and Year-End BusinessDoes your federal customer have a need that will start this year, continue into the next fiscal year and then maybe last even longer?  A GSA schedule-based Blanket Purchase Agreement (BPA) could be a great way to take care of your client’s need, and grow your federal business at the same time.  BPA’s are a proven way to take care of repetitive buying requirements, obtain lower pricing, and still ensure competition.  While the GSA requires that all BPA’s be reviewed annually, multiple award BPA’s can last five years or longer, as long as your underlying Schedule contract stays in place.  Single award BPA’s are also allowed and, while they must meet FAR-based sole source criteria, even single award BPA’s can be awarded for one base year and four one-year options.  The only restriction is that any single award BPA above $112 million must be signed off on by an agency head.  You and your customer can also negotiate terms that are better than those of the underlying Schedule. So long as the BPA, itself, does not contain language less advantageous to the government than the underlying Schedule, customization is allowed.  An organization must have a GSA or VA Schedule on which the customer can base a BPA (FAR 13 BPA’s are a different matter), and you still collect and remit the Schedules Industrial Funding Fee.  Once your Schedule contract hits year 20, the BPA ends when the contract ends.  Also, while regular orders can be placed against a Schedule on the last day of the contract and take 60 months for fulfillment, that is not the case for BPA orders.  Stay compliant and remember that when your contract sunsets, so, too, does the BPA.

August 12, 2019

Pentagon Spending on Vulnerable IT Highlights Need for Contractors to Educate CustomersThe Department of Defense spent $33M on COT’s IT with potentially significant security weaknesses, according to a recently released DOD IG report.  Printers, cameras, and even seemingly well-known off-limits brands such as Lenovo laptops, were all purchased.  The IG report focused on the damage done to the agency’s security, but another question is “Why does this happen?”  Many contractors know the answer.  Volumes of anecdotal evidence suggests that “buying cheap” is the prime driver for why the DOD, and other agencies, cut corners.  The drive to get a bargain can be stronger than the mandate to buy secure, safe IT solutions.  Companies selling these solutions need to show their customers the IG report, as well as easy to digest information on why an extra five or ten dollars per item up front can keep their networks safe, and keep the buyers out of the headlines.  If more customers understand that the safe acquisition choice is also the secure IT choice, incidents such as those logged in the IG report would fall.  Contractors should not assume that their customers know that certain items are prohibited for DOD acquisition, or that those that seem ok have security shortcomings.  Making sure that your customer has that information, especially if it is on DOD letterhead, can help you help your customer make a smarter buying decision.  

Top Contractor Questions Emerging from the U.S. Department of Defense Cybersecurity Maturity Model Certification:  The U.S. Department of Defense (DOD) has recently announced the creation of a new Cybersecurity Maturity Model Certification (CMMC) program. The DOD has stated the new CMMC program will provide a cybersecurity framework for enforcement of their Defense Federal Acquisition Regulation Supplement (DFARS) requirements to protect controlled unclassified information (CUI). The current DFARS requirements for cybersecurity invokes the National Institute of Standards and Technology (NIST) Special Procedure (SP) 800-171, which contains 110 information security control requirements. The DFARS requirements for cybersecurity was officially implemented effective December 31, 2017.

August 5, 2019

Congress Leaves Town with Broad Spending Agreement, But No SpecificsCongress adjourned this past Friday for its annual summer recess with a broad agreement on budget issues, but little forward progress on specific spending for Fiscal Year 2020 (FY’20).  Congress will only have a few weeks to pass all 12 annual appropriations measures before the start of new fiscal year on October 1st.  It seems likely that at least some federal agencies will again start the year under a Continuing ResolutionAll is not totally bleak, at least from a contractor standpoint.  As previously stated, there is a broad, two-year budget deal that eliminates sequestration.  In addition, there seems to be bi-partisan support for increasing the funds allocated to buy what contractors sell for most government agenciesThe Wall Street Journal reported recently that adding to the deficit does not currently seem to concern lawmakers, who may be positioning themselves for next year’s election cycle.  While some voters may want to spend more on defense than others, Congress detects no consensus right now that the electorate wants to trim spending.  Contractors can expect to see increases in both defense and civilian agency budgets.  So, when will all of this will happen?  While each chamber of Congress has done some work on FY’20 spending bills, they have not had any substantive discussions with each other.  Such talks are seen as a bellwether, indicating that agreements are being hammered out and that final votes can come soon after.  The hard work will again be done in September, and likely even in October.  Stay tuned.      
Contractors Uneven in Following New DOD Security RulesThe Department of Defense does not know the amount of DOD information managed by contractors and cannot determine whether contractors are protecting unclassified agency information from unauthorized disclosure, according to a recent report published by the Department of Defense Inspector General.  The report, conducted to measure contractor compliance with the treatment of sensitive, but non-classified, information shows that contractors have not adopted the organizational safeguards required to comply with the NIST-based DOD standard. In one case, a contractor mistakenly stored classified information on an accessible commercial cloud platform.  These problems persist despite substantial discussion of the NIST cyber standards and the need for contractors to implement new procedures receiving substantial attention in the trade press.  There may also be some confusion over whether and how companies that typically provide commercial solutions must follow the rules.  Commercial item acquisitions aren’t covered by the rule, but contractors should be aware that they can sometimes sell the same solutions through both commercial and non-commercial based contracts.  It is important to remember that rules may apply to some parts of your business, but not others.  The report should serve as a wake-up call to the industry that it needs to either implement proper cyber controls or risk losing future DOD business.  DOD buyers also need to be aware that meeting the new requirements will cost companies money.  If the deal seems too good to be true, ask about security.
Recent GSA Schedule Rate Dispute Shows Why Contractors Need to Be PreparedGSA contractors need to be prepared to justify the rates they’re offering to federal agencies via their GSA Schedule contract.  This is one of the lessons learned from a recent GSA Inspector General recommendation to cancel a Schedule contract in part because the rates were too high.  The more work your company puts into preparing its offer and defending the prices and discounts being offered, the more prepared you will be to show contracting officers, their supervisors, or even the IG, why the price you’re offering is fair.  While it does take more time to put an offer together in this manner, it is absolutely worth the effort.  We have seen recent headlines in the trade press about not only the legal and consulting fees an organization incurred, but also the impact on future business this publicity brought them.  The fact that GSA may reject your offer even if you’re proposing very competitive pricing is nothing new.  GSA, itself, has written on this topic as far back as the late 1980’s.  Although rare, GSA will reject an offer if the net pricing is still high compared to that offered by competitors for the same or similar items.  This practice has increased as GSA looks horizontally at competitors’ rates when making a price reasonableness determination.  It can be very aggravating to a company to have to justify its rates to multiple government officials at different times, but the burden can be significantly reduced if you have properly prepared to show why your company believes its proposal is fair.  It also never hurts to be flexible and, remember that you also have the right to walk away if you can’t come to an agreement that works for your company.