Jan 6, 2016

By Jack Hott

Before Microsoft and Excel there was a very popular electronic spreadsheet call Lotus 1-2-3 with the slogan “easy as 1-2-3”. To be honest, preparing for and passing a CPSR isn’t that easy, but there are three steps in the preparation and audit process that if consistently followed will result in a favorable audit and purchasing system approval that will make the process easier. The steps are system: one, existence; two adequacy; three, compliance.

Step One: System Existence

You can have a “system” based on actual work being performed without a pile of procedures, right? Wrong! The first step for a successful CPSR is written procedures. From the auditor’s point of view if it isn’t written down then the system doesn’t exist. So, the first thing is a comprehensive acquisition manual. There is no one way to write the perfect manual. Some believe it should only cover the solicitation and award processes while others believe it includes budgeting baselines through acquisition planning, solicitation, award, post-award, closeout and record retention. In fact it goes beyond this continuum with subjects like make or buy, ethics and Contract Officer Technical Representative training, and lease vs. purchase analysis to name a few. There is also no magic formula organization of the “manual”. Some will want an extensive series of long chapters covering every imaged detail, while others will want a brief overview of the basics for the auditors reading pleasure with desktop instructions or training materials (that they won’t tell the auditors about) for the acquisition staff. The problem with either approach is they don’t work well if you are only thinking about the auditor. The long chapters suffer from too much “stuff” to read through for the acquisition staff. When the staff is under pressure to get goods and services on contract, they will get it done (potential compliance issue – step 3). The overview of basics approach suffers from lack of specificity and the auditors will request and get the backroom desktop anyway. The shortfall is the question “who is the audience” for the acquisition manual is often overlooked. The answer is the client’s auditors, your acquisition staff, and your internal project staff served by the acquisition staff, are all different parts of the audience. You must keep all the audiences in focus when developing a system of policies and procedures.

Step Two: Acquisition Procedure Adequacy

Now that the auditor has determined a system exists, then their attention turns to adequacy. Adequacy can be broken down into two categories; specific FAR, FAR supplements and other contractual requirements, and second the depth of explanation of these requirements. The first category is effectively a gap analysis between what the auditor believes should be in the manual and what is actually in the manual. The 55 items on DCMA Contractors Policies and Procedures Checklist, better known as CPSR Appendix B, the 24 system criteria in DEFARS 252.244-7001, Contract Purchasing System Administration, and the 17 review items in FAR 44.202-2, Considerations, are a great place to start. While these three sources overlap they often bring a different frame of reference to the same question. Also, any specific requirements in the your government contracts can add to the list.

The second adequacy category depends on the auditor and the auditor’s management. For example, the FAR requirement to check debarred suspended status before award of subcontracts. The FAR requires immediately prior to award the Contracting Officer review SAM Exclusions to ensure that no award is made to listed contractors, See FAR 9.405 (c); however, the is no definition of “immediately”. This has been interpreted from a few days to minutes before the subcontract is signed. The answer depends on which agency is performing the CPSR audit. While many believe DCMA is the only agency that can perform a CPSR audit, the reality is DCMA is limited to those contractors under DOD cognizance. Other agencies such as NASA and DOE are responsible for contractor procurement systems under their cognizance.

Step Three: Compliance

This is the part you always hear about; what the auditors found (or didn’t find) in the acquisition files. It makes it sound like the audit is all about the files! The reality is that it’s about all three parts: step one, an established and documented system; step two, the system adequately addresses government requirements in sufficient detail; and step three, the acquisition files contain adequate proof that the acquisition staff is compliant with system requirements. If the acquisition staff followed their manual but didn’t, in the opinion of the auditor, adequately document it, then the file is non-compliant. If the same non-compliant condition is found in other files, then a significant deficiency has been identified. Not only can a significant deficiency preclude a recommendation for system approval under FAR 44.3, Contractors’ Purchasing Systems Reviews, it can also result in withholding of payments under DFARS 252.244-7001, Contractor Purchasing System Administration and DFARS 252.242-7005, Contractor Business Systems.


It’s only as easy as 1-2-3 when you work hard to meet the requirements of all three steps. Step one, a sound well developed system of policies and practices. Step two, a comprehensive gap analysis of all requirements that need to be addressed in the policies and procedures. And, step 3, a well-trained acquisition workforce knowledgeable of the policies and procedures who consistently comply with policies and procedures AND document their compliance.

When you are successful in completing all three steps the result is; an audit recommendation for system approval, Contracting Officer approval raising consent requirements, better CPARS ratings, and better source selection reviews on future prime contract evaluations. Now that’s a good outcome!

We will discuss this in more depth at Centre’s CPSR course scheduled for February 24-25, 2016.

Leave a Reply

Your email address will not be published. Required fields are marked *