Where information means insight



What You Should Know About SF1408

by Kim KosterA/E

Mar 29, 2020

Overview of the Pre-Award Survey & Manual When becoming a government contractor there are many new things to think about, including the DCAA pre award survey. You are introduced to what feels like over 1,000 acronyms, audit after audit, and project management requirements. If you are a prospective government contractor with an award looming that has cost type work, your first encounter with DCAA will most likely be the Pre-Award Survey (SF1408). In this section, we will provide an overview of the SF1408 survey and audit. Before that, however, let’s do a quick review of DCAA Manual No 7641.90: Information for Contractors, which is a great resource for new and prospective contractors.   DCAA Manual No 7641.90: Information for Contractors Believe it or not, the DCAA doesn’t just loom over contractors with audits; they provide a lot of helpful resources for contractors to understand the various audits they may undergo and how to prepare! DCAA Manual No. 7641.90 provides an introduction to the DCAA and explains several audits including price proposals, incurred cost proposals, Pre-Award Survey, and more. This document is a must-read for anyone new to government contracting. Enclosure 2 of the document focuses on the Pre-Award Survey. If you are just getting started in the government contracting world, access the DCAA Information for Contractors.   The DCAA Pre Award Survey and Audit Overview The pre award survey is not an audit. It is an evaluation typically made by your contract administration office of your ability to perform a proposed contract. DCAA may be requested to provide information regarding the adequacy of your accounting system to accumulate the type of cost information required by the contract. Before the contracting officer (CO) requests a DCAA audit of your accounting system, the CO will ask you to complete the “Pre-award Survey of Prospective Accounting System Checklist.” You can find that checklist by going to the website, specifically the link below. The checklist provides documentation to the auditor on how your accounting system meets the criteria in the SF 1408. The CO will give the checklist to DCAA when they request an audit of your accounting system. To download the checklist, visit the DCAA website. The SF1408 or pre-award accounting system survey is an examination before contract award to determine the acceptability of your accounting system for accumulating costs for your prospective government contract. The audit scope is limited to obtaining an understanding of the design of the prospective accounting system so as to appropriately complete the SF1408 “Pre-award Survey of Prospective Contractor Accounting System,” and procedures essential to reach an informed opinion as to whether or not the design of the prospective accounting system is acceptable for accumulating costs and can generate the specific cost information that is required to execute a government contract. Organizations that are looking to get their first government contract may not want or need to install a new, more detailed accounting system unless awarded a contract. In this case, if the potential government contractor anticipates a contract award, it must have developed and designed a system that is operable, though not necessarily in use. You need to be in position to demonstrate the new system to the auditor and ready to implement the system prior to incurring any costs on the government contract. Sometimes the auditor may not think the system is acceptable. You and your CO will receive notification and typically will give you suggestions on needed corrections. Once you have incorporated the corrective actions, a follow up audit will be completed and hopefully the CO and DCAA will be satisfied. Once you have won the contract, you may be subject to an accounting system audit. The basic objective of this audit is to assure your accounting system is adequate for accumulating cost and passing those costs on through invoices presented to the government. This audit is requested by the CO when there is follow-up recommended from the pre-award survey or if no pre-award survey was done.   Is There Such a Thing as DCAA Approved Software? Just to be clear, there is no such thing as DCAA Compliant Software! It is your organization and procedures that will be assessed for compliance. That said, software such as Unanet, that is purpose-built for government contractors can significantly help you with achieving compliance. DCAA compliance requires that your accounting and related business processes which collectively including policies, manual procedures and tools be compliant. Software alone is not audited for DCAA compliance or certified, nor approved as DCAA compliant. However, Unanet software has been reviewed by DCAA auditors at more than one thousand customer sites and, along with the customer policies and procedures, approved as supporting DCAA requirements.   What the DCAA is Looking for in the SF1408 Segregation of direct and indirect costs Identification and accumulation of direct costs by contract Consistent allocation method for indirect costs to intermediate and final cost objectives Accumulation of cost under general ledger control A time keeping system that identifies employees’ labor by intermediate or final cost objectives A labor distribution system that charges direct and indirect labor to the final cost objectives Interim determination of costs charged to a contract through routine posting of books of account Exclusion from costs charged to the government contracts of amounts that are not allowable Identification of costs by contract line item and units Segregation of preproduction costs from production costs Far 31.202 defines Direct Cost FAR 31.203 defines Indirect Cost For the system to get an acceptable, all items above must be checked Yes or Not Applicable. Utilizing Unanet, you can be confident that you will meet the standards in FAR 53.209-I(f). Unanet Success Story With Unanet, Array successfully completed a DCAA audit that stated that their accounting system design complies in all material respects with the criteria contained in FAR 53.209-l(f), Standard Form 1408 (SF1408). “Unanet shone during our DCAA audit” – Bob Deegan, Senior Vice President and CFO Read the full success story The Importance of Using a Timekeeping System to Maintain Compliance One of the most important aspects of government contracting is maintaining compliance with a timekeeping system. As we touched on above and reviewed in our “DCAA compliant software” blog, remember that timekeeping software alone is not enough to ensure compliance. DCAA requires that the timekeeping process itself—collectively including policies, manual procedures, and tools—be compliant; timesheet software alone is not audited for compliance or certified, nor approved as DCAA compliant. However, timesheet software like Unanet has been reviewed by auditors at hundreds of customer sites and, along with the customer policies and procedures, approved as supporting DCAA timekeeping requirements. That said, let’s dive into the timekeeping requirements and what auditors are looking for. Keeping Track of Your Time Timekeeping procedures and controls on labor charges are areas are of critical concern for government contractors. The key to accuracy in labor charging is your employees. Training, training, and more training is critical so that employees understand the organizations policies and procedures and abide by them. Establishing a culture that understands the criticality of accurate and timely labor charging will encourage employees to get it right the first time. Timekeeping systems must meet the following requirements: There should be a segregation of responsibilities for labor-related activities. Internal controls must be established. An example would be that the responsibility for timekeeping and payroll should be separated. Policies and procedures must be crystal clear Controls must be monitored, and violations dealt with swiftly A culture emphasizing to employees the importance of accurate and timely timesheets. Reminders and training plans will help reinforce proper time charging. Employees need to have training and detailed instructions on completion of the timesheet: Record time daily Record time on the timesheet Time should be recorded by identifier (project, contract name, etc.). Employees should be able to access the description of the identifiers and their descriptions in the work authorization system. Documented process to change time sheet if needed Record all hours worked Certification that the number of hours worked and on what tasks are correct at the end of each period. A policy for timekeeping must be in place that includes the following: The supervisor should approve and cosign all timesheets The supervisor is prohibited from completing an employee’s timesheet unless the employee is absent for a prolonged period on some form of authorized leave. If the employee is on travel status, the supervisor for the employee may prepare a timesheet. Upon his or her return, the employee should turn in his/her timesheet and attach it to the one prepared by the supervisor. The guidance should state that the nature of the work determines the proper distribution of time, not availability of funding, type of contract, or other factors. The company policy should state that the accurate and complete preparation of timesheet are the employee’s responsibility. Careless or improper preparation may lead to disciplinary actions under company policies, as well as applicable Federal statutes.   Unanet Success Story Burns & McDonell was able to gain greater project visibility with Unanet’s time keeping solution and the flexibility that they gained allowed them to establish more best practices around their business rules and processes. After implementing, Burns & McDonnell: Achieved a quick and ongoing return on their software investment Has more accurate entry of time that led to better visibility into project issues and an enhanced ability to forecast true costs to complete projects Is able to be compliant with DCAA requirements through an improved annual process Maintains ad hoc reporting tools directly in the hands of their project management team Experiences better control over timesheet review and approval without undue administrative overhead Read the full success story   Why Unanet for Government Compliance? Unanet is purpose-built with the project or contract in mind. It is uniquely designed for government contractors and has been battle-tested for compliance rules and regulations. Our compliance features are built into the tool, making compliance part of the fabric of your business. Unanet currently has over 2,000 clients using and trusting the system. Unanet supports compliant accumulation and allocation of costs utilizing time keeping, expense accounting, cost pools, indirect rates, revenue recognition, and project management all in one truly integrated system. Whether you are a small new or a seasoned larger GovCon, you can count on Unanet for your compliance needs. Unanet is recognized by the audit agencies as being “compliant ready,” giving you an immediate advantage in the audit process. Make sure you’re prepared for a pre-award survey and an accounting audit. Learn more about SF1408 in our white paper, “SF1408 & Timekeeping,” or register for a demo to see how Unanet helps smooth the path to compliance.


The Importance of Remembering Your Employee’s Birthday

by Sarah LorekAEC, Architecture and Engineering, Construction, Cosential, CRM

Feb 18, 2020

const t="undefined"!=typeof HTMLImageElement&&"loading"in HTMLImageElement.prototype;if(t){const t=document.querySelectorAll("img[data-main-image]");for(let e of t){e.dataset.src&&(e.setAttribute("src",e.dataset.src),e.removeAttribute("data-src")),e.dataset.srcset&&(e.setAttribute("srcset",e.dataset.srcset),e.removeAttribute("data-srcset"));const t=e.parentNode.querySelectorAll("source[data-srcset]");for(let e of t)e.setAttribute("srcset",e.dataset.srcset),e.removeAttribute("data-srcset");e.complete&&(}}{"image":{"layout":"constrained","backgroundColor":"#f8d8c8","images":{"fallback":{"src":"/static/b76c28e35ae921ae2cf3edbe4fc5329f/00d3f/birthday.png","srcSet":"/static/b76c28e35ae921ae2cf3edbe4fc5329f/13ce0/birthday.png 141w,\n/static/b76c28e35ae921ae2cf3edbe4fc5329f/5ecf3/birthday.png 282w,\n/static/b76c28e35ae921ae2cf3edbe4fc5329f/00d3f/birthday.png 564w,\n/static/b76c28e35ae921ae2cf3edbe4fc5329f/85beb/birthday.png 1128w","sizes":"(min-width: 564px) 564px, 100vw"},"sources":[{"srcSet":"/static/b76c28e35ae921ae2cf3edbe4fc5329f/facfe/birthday.webp 141w,\n/static/b76c28e35ae921ae2cf3edbe4fc5329f/eef95/birthday.webp 282w,\n/static/b76c28e35ae921ae2cf3edbe4fc5329f/e706e/birthday.webp 564w,\n/static/b76c28e35ae921ae2cf3edbe4fc5329f/97f81/birthday.webp 1128w","type":"image/webp","sizes":"(min-width: 564px) 564px, 100vw"}]},"width":564,"height":296},"alt":"","className":"wp-image-41187 aligncenter inline-gatsby-image-wrapper","data-wp-inline-image":"1"} In How to Win Friends and Influence People, Dale Carnegie has his famous fourth principle: “Become genuinely interested in people.” And one way he did that was by remembering everyone’s birthday. Carnegie famously kept a birthday book where he wrote down people’s birthdays, and when their day came he would send them a telegram or a letter. “What a hit I made!” he declared. “I was frequently the only person on earth who remembered.” Remembering your employee’s birthday is a great way to show that you are interested in them.But we get it. It’s impossible to remember everything. You have 100+ employees on several projects going on simultaneously, so many of them being subcontractors that you haven’t worked within months, not to mention new people on the job that you don’t know all that well. And on top of all that you have to pick up your son from the mall, drop your daughter off at her friend’s house, and go grocery shopping before dinner. Wait, when was the last time you had a checkup at the dentist? Or went to yoga? And taxes . . . Geez! Did you file your taxes yet?!?! Look, we are certainly not judging. Instead, what we are doing is helping. In Unanet’s user-friendly modules you can keep track of both your employees’ and your clients’ birthday. In Contact Manager, along with their birthday, you can store all of your client’s necessary personal information: phone number, email, credentials, recent projects, and any other relevant information. In the Personnel module, you can do the same thing with your employees—all their contact information, project experience, certifications, leads, and so forth, so you never have to slap your head and say, “Did I forget your birthday? I’m so sorry!” Remember the last time you were at work on your birthday, walking with your head down looking at a file trying to perform some calculation in your head. The last thing on your mind was the fact that it was your birthday, and then all of a sudden someone says, “Hey! Happy birthday!” And what did you do? You looked up with a huge smile on your face. Doesn’t it feel nice? (Unless, of course, you would prefer not remembering your birthday. But that’s another story entirely . . .) Remembering your employee’s birthday is a great way to show that you care. It’s a way to show your employees that you have a relationship with them beyond the lead metrics and projected sales revenues, that they’re people, just like you. If you are in need of a solution for your data, proposals, or customer relations we would love to show you our CRM. Book your demo now! Feel free to also reach out to our sales team here or call 800-505-7089 ext. 1 with any questions you may have. Here are other articles that may be of interest to you: Here’s How to Get Free Construction Leads Transform your address book with Unanet CRM by Cosential CallerID. Expert Advice: How to Make the Right Go/No Go Decision


The Basics of Government Contracts

by Kim KosterGovCon

Feb 17, 2020

In this blog, we’ll explain the basics of Government Contracts. We’ll begin with the history and basics of each contract type, as well as obligations and the risks for each category. Also discussed are the different features of each contract and some of the newer hybrid contracts emerging in the industry. Brief History of Government Contracts: Contract types have been around since the very first financial transactions. In the beginning, all contracts were Fixed Price. When World War I came around, the concept of tear down and repair contract types were introduced. There was a Fixed Price order to tear down a piece of equipment that had failed. However, the problem was identified, and a proposal was prepared to repair it. Next, a Time and Materials (T&M) order was issued to make the repair. This type of contract is still very common today, even at your local auto repair shop. A major difference is that the auto repair shop usually does the diagnosis part at no charge. They look at it and tell you what’s wrong with it and do the proposal on speculation. When World War II rolled around, the concept of Cost Reimbursable contracts was born because there simply wasn’t time for definitive specifications. The contractors found themselves developing things while the specifications were being written. It’s just not possible to provide a fixed price for an effort like that; you don’t know where you’re going, much less where you are. In the 1950s, the government forayed into R&D, like project Moho, where the government gave Howard Hughes a contract to drill a hole to the center of the Earth, and he figured out he couldn’t do it. It was a Fixed Price contract, and rather than roll over and let the government do to him what they do to you when you fail to complete a Fixed Price contract, he sued. The resulting court case established the principle that when performance and cost risk is very high, the federal government should assume the risk, and the Cost Type contract was born. The DoD has experimented over the years with Fixed Price contracts in all kinds of areas, including R&D, mostly unsuccessfully. The last significant Fixed Price R&D contract was for the NAVY 8a12, the very first stealth aircraft. This was in the early 1990s, when stealth aircraft didn’t exist, and it wasn’t even certain that it was possible to have an aircraft that could evade radar. The researchers weren’t successful, and the government terminated them for default. This was eventually converted to a termination for convenience, and the last of the lawsuits were settled at over 20 years old. Fixed Price R&D’s have never been particularly successful, but, Fixed Price contracts make for good press. The reality is that when the risk is very high, both cost risk and performance risk, Fixed Price just isn’t appropriate. The three basic contract types are fixed price, also called Firm Fixed Price and abbreviated FFP. If you are looking in the dictionary of acronyms, you will find FFP under contract types, Time and Materials, or labor hour T&M contracts, and Cost Reimbursement or Cost-Plus type contracts. There is a lot of variation within these contract types. Your contract could have a mixture of Fixed Price labor and Cost Reimbursable for other direct costs. It could also be a fixed price contract with time as a unit of measure that is really Time and Materials. Another deviant is Fixed-Price services with level of effort, that has a special contract type that will be discussed later. There can be several combinations here and these mixed contracts are referred to as hybrids. Hybrid contracts are experiencing an increase in popularity. So how much money does the government spends on these contracts, and how much is allocated to each type? The chart below is not as easy to analyze because the annual totals are changing, but you can see the contract percentage mix. Note that there is a lot of money in fixed price, this is not because fixed price is inherently better or worse, it because very large production and construction contracts are always fixed price. While it is a lot of money, it represents a relatively small number of contracts. const t="undefined"!=typeof HTMLImageElement&&"loading"in HTMLImageElement.prototype;if(t){const t=document.querySelectorAll("img[data-main-image]");for(let e of t){e.dataset.src&&(e.setAttribute("src",e.dataset.src),e.removeAttribute("data-src")),e.dataset.srcset&&(e.setAttribute("srcset",e.dataset.srcset),e.removeAttribute("data-srcset"));const t=e.parentNode.querySelectorAll("source[data-srcset]");for(let e of t)e.setAttribute("srcset",e.dataset.srcset),e.removeAttribute("data-srcset");e.complete&&(}}{"image":{"layout":"constrained","backgroundColor":"#f8f8f8","images":{"fallback":{"src":"/static/8e36d4c205b34b3ee35697ef9ebba689/afa05/basics-of-gov-contracts-chart-1.png","srcSet":"/static/8e36d4c205b34b3ee35697ef9ebba689/ba1fa/basics-of-gov-contracts-chart-1.png 138w,\n/static/8e36d4c205b34b3ee35697ef9ebba689/60718/basics-of-gov-contracts-chart-1.png 275w,\n/static/8e36d4c205b34b3ee35697ef9ebba689/afa05/basics-of-gov-contracts-chart-1.png 550w","sizes":"(min-width: 550px) 550px, 100vw"},"sources":[{"srcSet":"/static/8e36d4c205b34b3ee35697ef9ebba689/25f5d/basics-of-gov-contracts-chart-1.webp 138w,\n/static/8e36d4c205b34b3ee35697ef9ebba689/5b347/basics-of-gov-contracts-chart-1.webp 275w,\n/static/8e36d4c205b34b3ee35697ef9ebba689/a3a1a/basics-of-gov-contracts-chart-1.webp 550w","type":"image/webp","sizes":"(min-width: 550px) 550px, 100vw"}]},"width":550,"height":196},"alt":"","className":"alignnone wp-image-24346 size-full inline-gatsby-image-wrapper","data-wp-inline-image":"1"} const t="undefined"!=typeof HTMLImageElement&&"loading"in HTMLImageElement.prototype;if(t){const t=document.querySelectorAll("img[data-main-image]");for(let e of t){e.dataset.src&&(e.setAttribute("src",e.dataset.src),e.removeAttribute("data-src")),e.dataset.srcset&&(e.setAttribute("srcset",e.dataset.srcset),e.removeAttribute("data-srcset"));const t=e.parentNode.querySelectorAll("source[data-srcset]");for(let e of t)e.setAttribute("srcset",e.dataset.srcset),e.removeAttribute("data-srcset");e.complete&&(}}{"image":{"layout":"constrained","backgroundColor":"#f8f8f8","images":{"fallback":{"src":"/static/7c6f374ec3f65b4bd463344fed623281/010f7/basics-of-gov-contracts-chart-2.png","srcSet":"/static/7c6f374ec3f65b4bd463344fed623281/aefa2/basics-of-gov-contracts-chart-2.png 138w,\n/static/7c6f374ec3f65b4bd463344fed623281/96a5b/basics-of-gov-contracts-chart-2.png 275w,\n/static/7c6f374ec3f65b4bd463344fed623281/010f7/basics-of-gov-contracts-chart-2.png 550w","sizes":"(min-width: 550px) 550px, 100vw"},"sources":[{"srcSet":"/static/7c6f374ec3f65b4bd463344fed623281/38503/basics-of-gov-contracts-chart-2.webp 138w,\n/static/7c6f374ec3f65b4bd463344fed623281/c0d23/basics-of-gov-contracts-chart-2.webp 275w,\n/static/7c6f374ec3f65b4bd463344fed623281/9582e/basics-of-gov-contracts-chart-2.webp 550w","type":"image/webp","sizes":"(min-width: 550px) 550px, 100vw"}]},"width":550,"height":175},"alt":"","className":"alignnone wp-image-23042 size-full inline-gatsby-image-wrapper","data-wp-inline-image":"2"} You will notice that cost type contracts remain between 31% and 32%. This stability is a result of the principle that what the government buys determines the level of risk and the level of risk determines the type of contract. All the pounding on the podium that the politicians do and all the preferences that the administration states for the types of contracts has had little impact for 20 years. The number of dollars spent on caucus type contracts is still roughly the same proportion—approximately a third of all procurement spending—simply because about a third of everything the government buys can’t reasonably be fixed price. This is because an important factor is unknown: either the delivery specifications, the delivery schedule, when we want it, where we want it, what we want to buy, or something similar, that makes the risk inordinately high. What is the difference between contract types? Firm Fixed Price contracts: This contract type should be used when requirements are known and can be precisely described. We also know exactly when we want it and where we want it. Cost of performance can be reasonably predicted. We know what it ought to cost and the risk is relatively low, making a fixed-price appropriate. Time and Materials contracts: This contracting type is used when requirements are poorly described and we don’t know exactly what we want or exactly when or where we want it. It is typically services; the cost of performance can be predicted with a reasonable degree of certainty with respect to the cost per hour. However, when it’s going to be performed, where it’s going to be performed, and which categories of labor might be used are less understood. With the unknowns, the use of individual delivery orders is appropriate. Often T&Ms are Indefinite Delivery Indefinite Quantity contracts (IDIQs). The basic contract’s an empty template and the delivery orders carry the money specifications and other details. Cost Reimbursable contracts: This type is a good option when the requirements or ability to fulfill the requirements are uncertain. In the case of Howard Hughes and project MoHo, it wasn’t certain that the task the government gave him could be even be completed, a perfect example of the use of cost reimbursable contracting. It is also appropriate when we are sure something can be completed but we are unsure of the cost. When costs cannot be predicted with any degree of certainty, a cost type contract is appropriate. Fixed Price Contracts Let’s look first at the fixed-price contract. This category can be broken into two different contract types: Fixed Price completion contracts and Firm Fixed price. Fixed Price Completion Contract: The contractor’s obligation is to simply deliver the goods or the services. The government’s obligation is to pay on delivery, to pay promptly, provide inspection acceptance, and presentation of an invoice are all required. Once those things have been fulfilled, the government must pay the agreed upon price. This type of contract is most of the fixed price contracts. Fixed-Price Level of Effort Contract: The contractor’s obligation is to deliver exactly the hours specified in the contract level of effort. If you don’t meet the goal, the contract requirements are not fulfilled, and you don’t get paid. If you go over, you don’t get paid any more. This is a fixed price contract, but it’s dependent on fulfilling exactly a certain level of effort by labor category. Firm Fixed Price: The government’s only obligation is to pay, once all the hours are delivered as specified in the contract. However, certain fixed level of effort contracts will occasionally have a special provision in them or clause that treats them like a Time and Materials contract during performance, especially if they’re going to last more than three or four months. This means the contractor does not have to finance the entire performance of the contract, only getting paid at the end. Time and Materials Contracts Time and Materials contract: This type is used when there will be non-labor costs involved in the contract like travel, materials, and usage of equipment. Typically, travel, materials, and other direct costs (ODCs) are reimbursed at actual cost. The government’s obligation here is to pay for the hours that are delivered and accepted upon pursuant to a proper statement of work. Acceptance of hours under a T&M Contract is one of the steps. There is a provision in every T&M contract that allows the government to require that hours that were not acceptable be reworked at no cost. It isn’t invoked very often but can be very expensive. Cost Reimbursable Contracts Cost Reimbursable contracts: This type comes in multiple variations, with the two basic types being completion type and level of effort. These are often referred to as a “best efforts statement of work”. The contractor’s obligation is to provide his or her best efforts in pursuit of the objectives stated in a statement of work. There is no other obligation under a cost type contract whether it’s completion type or level of effort. When the money runs out, you are supposed to stop. If there is a cost growth after the contract is completed, like rates and direct rates, you can collect that over and above the original estimate. The government’s obligation is to reimburse the contractors total cost of performance, if the contractor has abided by all the allowability and eligibility rules. Contracting Risks Risk is inherent in all contracts; it just depends on what side of the contract you sit. It is a very important aspect of contracting and it comes in two forms: performance risk and cost risk. Performance risk revolves around these questions: Can this be done? Is the schedule realistic? Is the timeline attainable? The contract will establish responsibilities in the event the contract cannot be completed or completed on time. Cost risks are used in situations where we know something can be done and how long it will take, but we do not know the final cost. For example, this can be due to fluctuation in precious metal costs that are driven by market supply and demand. A very important yet often overlooked aspect of a contract is obligations. If you are performing services or delivering goods to the federal government, you need to understand your obligations under the contract and the government’s obligation to you. Fixed Price Risk Fixed price completion contracts performance risk for the contractor is very high. There are obligations to perform: deliver the goods, deliver the services, no matter what it costs. So, both performance risk and cost risks are very high. The government’s risk on a Firm Fixed Price completion contract is very low. They have no obligation to the contractor to pay or do anything else until the goods or services are delivered, inspected, and accepted, then they pay. That’s about as low risk as it gets. For the level of effort Fixed Price contract, it’s exactly the opposite. There the performance risk is very low, and the cost risk is also moderately low, because the contractor’s sole obligation on a fixed price level of effort contract is to furnish the hours purchased—exactly the hours purchased, no more, no less. For the government the risk is high, because they’re not assured that when the level of effort has been provided, that the job will be done. All they know is how many hours they’re going to get. They don’t know what work is going to be finished, so performance risk is high on that. There is a variant of fixed price contract called a fixed price incentive contract. This is always a completion type. With this type, the government puts into the contract what are called cost shares, so if the contractor underruns the contact, the government shares part of the savings. On the flipside if the contractor overruns the contract, the government pays part of the overrun, not all of it. So, it’s still high risk for the contractor, but the risk is less than with Firm Fixed Price. Time and Materials Risk For Time and Materials contract, they are always level of effort contracts, because that’s what a Time and Materials contract buys: hours. The contractor’s performance risk is very low, because the only obligation is to furnish the hours. The cost risk is also moderately low because remember part of Time and Materials is Cost Reimbursable so there you’re going to get back whatever you spend. It’s only the labor that has any risk at all, and that’s only the pricing of the labor and the indirect costs. If your pricing model is good, then the cost risk is going to be low on the labor portion of a Time and Materials contract. The government’s risk is just like a fixed price level of effort; it’s going to be high because there’s no assurance they’re going to get what they want. The only assurance they have is that they’re going to get the hours they ordered. Now the cost risk is relatively low because they know exactly what every hour is going to cost upfront. What they don’t know is whether they’re going to get what they wanted out of those hours or not, and that’s why the performance risk is high. Cost Reimbursable Risk For all the cost type contracts—whether it’s fixed fee or an incentive fee—where the contractor has an incentive to achieve something technical, they will get more fee if they achieve that objective. For the contractor, performance risk is very low across the entire Cost Reimbursable contract spectrum. Why? Because the contractor has no obligation except to do their best. Cost risk is very low on cost plus fixed fee, incentive fee, and award fee contracts because the government’s going to reimburse all the costs. That’s the obligation of the government under a cost type contract; the government’s risk is very high. The reason it’s very high is because we don’t know whether the task can even be done or not, or—if it is possible—how much it’s going to cost. That’s why we’re in a cost type environment to begin with, so the government’s risk is as high as it gets in the cost type environment. Hybrid Contracts This contract type evolved from a strong Government/DOD preference for fixed price contracts. These contracts feature multiple characteristics of various contract types but are labeled as fixed price. For example: Fixed Price Labor but Cost Reimbursable sub contracts Labor billed as a unit of time rather than hours, such as a Fixed Price per month, but then they go on to define month as X number of labor hours, so it’s really a Labor Hour contract, or a Time & Materials Contract. However, because it is described in the statement of work as a Fixed Price per unit of time, it might be reported in the data as a Fixed Price Contract. DCAA audit with hybrid contracts Sometimes these hybrid contracts will contain the allowable cost and payment clause. If they do, that triggers the requirement for an Incurred Cost Submission. DCAA considers the Fixed Price hybrids, if they have cost type features, to be cost type contracts. They look for them in the Incurred Cost Submission schedules, and they will reject the submission when they find a hybrid contract that has been “improperly classified”. These things are difficult to detect and they’re often missed, especially on a cursory review, and DCAA will sometimes miss them until it’s time to audit the incurred cost submission, three, four, or five years after the costs were booked. They then find that the contract was misclassified, reject the submission, and it must be done all over again. The Incurred Cost Submission is used to establish a firm’s indirect rates for each year. Your fringe rates, your overhead rates, your General and Administrative or G&A rate, your Subcontract and Material Handling or SCMH rate, this is required if you have any contracts with the Allowable Cost and Payments clause in them. It is not determined by contract type. Contract type should be determined whether the clause is there or not, but if the clause is there, then the incurred cost submission is required, so it’s worth looking in your contracts and contracts groups to determine whether the clause is there or not, and not look at what the contract type says it is. Conclusion What does the government look for in selecting contract types? Here is where a government contract really differs from a commercial negotiation. In the commercial world, the contract type is a matter of agreement between the parties. The buyer and the seller agree on what kind of arrangement they’re going to have, but in the government world, that’s all determined before the solicitation is ever issued for contractors to bid on. In the government contracting world there is not a choice of contract type. Competition, price, cost, complexity, frequency of need, and segregation/fragmentation are all factors that play into the upfront contracting type decision made by the government. As a government contractor, you may have no choice about the type of contract you are bidding on, but you sure have the choice to understand the impact that contract types have on your overall financials. Selecting the right tool, one battle tested by government contractors can help you navigate the financial nuances of each contract type. To learn more about how Unanet can help you effectively manage your government contracts, contact us.


The CMMC Has Arrived. Here’s What DoD Contractors Need to Know to Comply

by Kim KosterGovCon

Feb 06, 2020

Government contractors that want to do business with the U.S. Department of Defense (DoD) soon will have to prove to a third-party auditor that they meet new elevated cybersecurity standards to be considered for DoD contracts. The new DoD compliance regimen known as Cybersecurity Maturity Model Certification (CMMC) was released as Version 1.0 on January 31, 2020. It’s based on a unified cybersecurity standard modeled after management maturity models used by other entities inside and outside the government, with a set of five levels that describe the maturity of a government contractor’s cybersecurity practices and processes. The CMMC could have major compliance implications for DoD contractors, as detailed in a new white paper from Unanet, a leader in ERP software purpose-built for government contractors. We’ve been following the CMMC process closely here at Unanet. To assist government contractors in their efforts to comply with the policy, we have integrated capabilities into the Unanet software platform to support the relevant technical requirements within the new model. What’s more, our Cloud Operations team has been diligent about keeping abreast of new DoD policies and has taken the necessary steps to ensure that its processes and procedures are similarly aligned with CMMC and NIST 800-171 standards. For information on how Unanet can support and simplify your organization’s compliance with Federal government requirements, contact us.


NIST 800-171 and CMMC Compliance for Government Contractors

by Kim KosterGovCon

Jan 31, 2020

The initial deadline for government contractors to be compliant with NIST SP 800-171 was December 31, 2017, but that passed and there was much discussion in the community whether this would be a focus for contracting officers. Recent events have brought cybersecurity to the fore with the announcement of the Cybersecurity Maturity Model Certification (CMMC) and it is clearly a very high priority now in the DoD community. This blog post helps explain how the standard applies to your company. Every day, the news is filled with stories about cyber-attacks or breaches. What if one happened to your company, would you be ready? How do you get started? One of the best ways to protect your company is to begin to define security processes, procedures, and controls, and the time to start is now. Being prepared to handle cyber-attacks will ensure that your business operations and valuable data are protected. As a government contractor, you have the added responsibility of safeguarding our nation’s valuable data assets. To guarantee that risks are mitigated, cyber risks standards are now being applied to contracts that are issued by the DoD. The standards are outlined in the Defense Federal Acquisition Regulation Supplement (DFARS). The DoD requires contractors to demonstrate cybersecurity adherence for protection of Covered Defense Information (CDI) and Controlled Unclassified Information (CUI), or Unclassified Controlled Technical Information (UCTI). If there are any doubts about the nature of your data, make sure to discuss with your Contracting Officer (CO). Exhibit 1 – Types of Information Expect to see the following DFARS references in your contract. You will be expected to demonstrate compliance to these standards. Exhibit 2 – DFARS Clauses – Cybersecurity The three DFARS clauses above mandate that defense contractors adhere to the security requirements, demonstrating cybersecurity protections are adequate to protect information from attack. The security requirements are specified in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.” For ease of use, the security requirements are organized into fourteen families. Each family contains the requirements related to the general security topic of the family. There are 110 controls around non-classified controlled information. This sounds like a lot but keep in mind the type of information that is being protected. In many cases, these controls represent best practices that you may already have adopted. 14 control families: Audit and Accountability Identification and Authentication Awareness and Training Incident Response Media Protection Risk Assessment System and Information Security Physical Protection System and Communication Protection Security Assessment Personnel Security Maintenance Configuration Management Access Control Defense contractors must also have in place a mechanism and communication plan if they identify an incident or breach. The notification must happen with 72 hours of the breach. Incident reporting is done via the DoD’s Defense Industrial Base (DIB) Cyber Incident Reporting & Cyber Threat Information Sharing Portal. Be prepared to address the necessary information on the form and provide supporting documents and evidence relating to the breach. What Do You Have to Do to Reach NIST 800-171 and CMMC Compliance? Contractors initially faced a deadline of December 31, 2017 to attain compliance with all the security requirements in NIST SP 800-171. Contractors that did not have all the NIST controls implemented were to submit a written explanation of how 1) the required security control(s) is not applicable, or 2) an alternative control or protective measure that is used to achieve equivalent protection. All controls were to be addressed, either through implementation, remediation, and/or documented explanation of non-applicability. In June 2019 the DoD announced the Cybersecurity Model Certification which builds on, and formalizes, the requirements of NIST 800-171. The implications of CMMC are significant: All DoD Contractors will need to become CMMC Certified by passing an independent CMMC Audit to verify they have met the appropriate level (1 – 5) of cybersecurity for their business. The Federal Government will determine the appropriate level for the contracts they administer, and not all contracts will require the highest levels of security. The required CMMC level will be contained in sections L & M of Request for Proposals making cybersecurity an “allowable cost” in DoD contracts. Audits will be performed by an independent CMMC Third-Party Assessment Organization (C3PAO) that has been accredited by the CMMC Accreditation Body. The following important milestones have been identified: Contractors should determine now where they stand regarding NIST 800-171 controls and the CMMC Level they want to achieve in order to be certified by the 2nd quarter of 2020. In November 2019 the DoD released additional drafts of the CMMC Levels and their associated NIST 800-171 controls. In January 2020 the official CMMC Levels and requirements will be released. The DoD will also announce the non-profit that will be in charge of the certification process who will start training independent Certified 3rd Party Assessment Organizations to conduct audits on DoD contractor information systems. Certifiers will be available soon thereafter to begin audits. There is likely to be a big backlog since there are an estimated 70,000 companies in the Defense Industrial Base requiring audits in a short time-frame and a very limited supply of certifiers/auditors. In June 2020 the CMMC requirements will be in Requests for Information. In late 2020 DoD contractors will need to be certified to bid on Requests for Proposal. More information on Cybersecurity Maturity Model Certification is available from Office of the Under Secretary of Defense for Acquisition & Sustainment at: Getting prepared for this requirement is important for your company. Unanet is participating in industry groups and working with partners to carefully watch each draft of the CMMC requirements prior to the final version being published so that we can support our customers CMMC certification efforts. You may consider hiring a consulting service to assist you on this journey. It is critical for the overall success of keeping and winning new government contracts. Your Unanet Project Management and Accounting System The Unanet hosted environment on the AWS cloud will provide the basis for your compliance. We have been diligent regarding compliance requirements as they have been published and updated. Unanet undertakes, and passes an annual independent SOC 2 Plus audit which addresses the NIST 800-171 requirements. This section discusses NIST 800-171 controls which relate to: Multi-Factor Authentication Identification & Authentication Controls Cyber Incident Reporting Data Encryption Multi-Factor Authentication To deliver robust support for individual customer’s requirements for multi-factor authenticated access both to Unanet and other information systems which contain CUI, Unanet integrates with leading providers of Identity and Access Management (IAM) tools such as OneLogin, Duo and Okta, and other providers, via SAML. Identification & Authentication Controls IAM vendors, such as those identified above, include robust capabilities related to logon management, and password complexity and reuse that satisfy the relevant NIST Controls. Prompt Cyber Incident Reporting Customers using Unanet’s cloud offering will be notified of any unauthorized intrusion. Data Encryption The requirements for data encryption are met through use of SSL, and the availability of the Unanet cloud platform in a FedRAMP Moderate environment that uses data encryption at rest. Contact your Customer Success Manager for more information. US-Based Support You should also be aware that all Unanet software is developed, hosted and supported in the United States, and exclusively by US citizens. This is not a requirement of the NIST standard. It does, however, provide an important additional measure of assurance to government contractors. This is especially important in comparison to other industry ERP software developed and supported in countries known to conduct state-sponsored hacking of US organizations.


Alvine Engineering Innovates with Unanet A/E

by Lucas HaydenA/E

Jan 29, 2020

  We recently had the chance to visit with one of our innovative clients, Alvine Engineering, at their home office in Omaha, Nebraska. Alvine was founded in 1961 as a mechanical and electrical systems design and consulting firm. They are a family-owned company with two generations of expertise in fire protection engineering, architectural lighting design, building commissioning services, technology systems design, and life support systems engineering. Alvine’s philosophy states that the best engineering involves equal parts science, art, and business. Unanet A/E powered by Clearview is honored to be a part of that mix. We are committed to partnering with them to continue enhancing their skills in project management, data analytics and accounting with our modern and flexible, project-based ERP. Here are a few words Alvine’s COO had on the importance of having a powerful platform to run their business: “I’m Brant Yantzer with Alvine Engineering. I’m the chief operations officer and oversee all daily operations of the firm, from the operational, technology and technical perspective. Alvine Engineering currently has 140 employees with 4 offices and licensed in 49 states across the country with active projects in 36. A robust ERP system is vital to the success of any professional services and design firm in the architecture engineering industry. Access to information about the clients, the design, the technical details, the communications, in a realtime fashion through multiple platforms and devices, is something that we require. This is due to the mobility that is required in order to meet our clients needs, project needs, and to close things out in a method that is clear, crisp, and concise for all parties involved. One of the things that drew us to the Unanet A/E platform was that of their Organizational Nervous System which we feel is imperative to our success. Not only does their software provide the necessary components that most businesses need, but also allows for the flexibility to move in areas to collect data and information and bring it into the system to transform it into information we require to make better business decision, satisfy our clients, and deliver our technical services. We feel Unanet A/E’s platform offers us the opportunity to enhance the experience of not only what we’re trying to accomplish, but meet the needs of our clients and design professionals alike.” Unanet A/E is proud to partner with Alvine Engineering on the future of project-based ERP. Their vision for project management and financial excellence as well as efficient training matches our passion for delivering a product that will help them reach these goals.