Effective Subcontractor Risk Management

Risks_1
One of the truisms we have learned about creating an effective program management culture is that effective subcontractor management may be the most important single factor driving program outcomes. The success or failure of your program very likely hinges on how well you are managing performance that you have pushed outside your factory to external suppliers. We have observed this axiom over and over, whether discussing the Boeing 787 program or the Airbus A380 program or major defense acquisition programs. We have also observed that program execution risks found in the supply chain are, as a rule, under-managed.

Program risk identification, to the extent it takes place, generally focuses on historical or known risks within the prime contractor’s four walls. Such risks often include lack of sufficient headcount with the right skills/experience to accomplish the work as scheduled, lack of sufficient budgets, lack of availability of test equipment, etc. Moreover, both the probability of a risk materializing and then evaluation of its probable impact to the program (consequence) tend to be more accurate with respect to internal risks than with respect to external (supply chain) risks, simply because internal risks are better understood. Consequently, risks found in the supply chain – notably risks found in the performance of major subcontractors – tend to be under-managed.

The end result of the foregoing situation is, we assert, that programs generally devote less management resources to addressing supply chain risks, and therefore are too often surprised – and ill-prepared – to address those risks when they materialize. And in our experience they will materialize, if only because program management tends to ignore them. Inflection points in the risk probabilities are missed; early warning indicators are missed; and so problems materialize as if out of thin air … and the programmatic impacts are catastrophic.

Additional risks are introduced when the subcontract types are “flexibly priced” (to use a neologism we detest). Cost-type and T&M type subcontracts present additional compliance risks that need to be managed by the prime contractor, since it will be the prime contractor who bears the brunt of any Government customer allegations of noncompliance (due to privity of contract issues). We discussed risks associated with T&M contracts (and subcontracts) in a past article. And it’s not just “flexibly priced” subcontract types: even FFP subcontract types introduce compliance risks when contract financing payments are involved.

Too often prime contractors are unwilling even to discuss supply chain compliance risks, let alone develop effective risk management strategies for them. We are reminded of one Top 5 defense contractor’s subcontract management team’s response when we tried to raise product substitution, mischarging, and other subcontractor noncompliance risks in a cross-functional risk identification “brainstorming” session. The subcontractor management team responded, “Oh, our suppliers would never do that!”

Yeah, right.

The bottom-line is that effective program management relies on effective subcontractor management, and effective subcontractor management includes managing noncompliance risks. Prime contractors ignore those risks at their own peril, as Northrop Grumman recently learned, courtesy of the DOD Inspector General.

The DOD IG released an audit report highly critical of Northrop Grumman and its subcontractor, DynCorp. Unfortunately, the report was classified “For Official Use Only,” and thus it would take a FOIA request to obtain the FOUO report. Fortunately for taxpayers, the Project on Government Oversight (POGO) obtained the audit report (entitled “Northrop Grumman Improperly Charged Labor for the Counter Narco-terrorism Technology Program”) and published it for all to see.

The DOD IG found that—

For nearly 6 years, Northrop Grumman did not properly charge labor rates for the Counter Narco-terrorism Technology Program. Specifically, Northrop Grumman submitted labor charges performed by 360 of 460 DynCorp employees … that did not meet the qualifications specified in the contract. Northrop Grumman officials submitted labor charges for an additional 33 DynCorp employees that may not have met the qualifications specified in the contract. Additionally, Northrop Grumman charged Army Contracting Command–Redstone Arsenal (ACC-RSA) 215,298 labor hours in excess of 8 hours per day. …

As a result, ACC-RSA authorized questionable costs of $91.4 million for labor performed by unqualified contractor employees. ACC-RSA may have authorized additional questionable costs of $10 million for 33 DynCorp employees that were not reviewed. Additionally, ACC-RSA authorized questionable costs of $21.7 million for labor performed in excess of 8 hours per day …

According to the background section of the audit report, a DOD IG Hotline complaint alleged that DynCorp had “incorrectly and knowingly” misapplied labor rates and billing rate categories to its subcontract with Northrop Grumman. The report stated that “DynCorp management ignored the incorrect billings because they believed that Northrop Grumman had previously accepted DynCorp’s pricing and they had no obligation to change it.”

The audit report found that—

Northrop Grumman officials submitted labor charges performed by 360 of 460 DynCorp employees that did not meet the labor qualifications specified in contract W9113M-07-D-0007.

Northrop Grumman officials submitted labor charges for key employees that not meet the labor qualifications specified in contract W9113M-07-D-0007. … Northrop Grumman identified a DynCorp employee as a program manager and billed 5,729 labor hours over a 1 ½ -year period, totaling almost $1.2 million. However, the employee did not meet the program manager qualifications because he did not have a bachelor’s degree.

Northrop Grumman charged ACC-RSA for 215,298 labor hours in excess of 8 per day from October 2007 through March 2013. The task orders defined the workweek as 40-hours per week from Saturday through Thursday. While minimizing overtime, the task orders also stated that weekly hours may exceed 40 hours based upon operations and exercises. ACC-RSA representatives were unable to identify a typical Northrop Grumman workweek in Afghanistan. However, Northrop Grumman billed 215,298 hours in excess of 8 hours per day. Specifically, Northrop Grumman charged 29,401 hours in excess of 24 hours per day. For example, one employee billed 1,208 labor hours during a 12-day period, resulting in overpayments totaling $176,900.

The DOD IG audit report did not comment upon Northrop Grumman’s review of invoices submitted by its subcontractor, DynCorp. However, given the other findings, it is not difficult to conclude that Northrop Grumman’s invoice reviews were insufficiently rigorous, to the extent they were performed at all.

It didn’t take long for the POGO-obtained DOD IG audit report to hit the news media headlines. For example, the Washington Post’s story carried the headline “Northrop Grumman Improperly Charged Government More than $100 Million, IG Says.” Note that DynCorp was not mentioned in the WaPo story until the fourth paragraph.

Which proves our point that prime contractors are responsible for the actions of their subcontractors, and that program risk management needs to extend well into the supply chain, and that the risk of noncompliance with contract terms needs to be considered and mitigated. Simply saying that “our subcontractors would never do that,” is not a realistic approach to managing risks in the program supply chain.

< Prev		Next >