RGCI - DoD Final Rule Requires Contracting Officers to Consider SPRS Risk Assessments

DoD Issued a Final Rule amending the Defense Acquisition Regulation Supplement (DFARS) to require contracting officers to consider Supplier Performance Risk System (SPRS) risk assessments when evaluating a suppliers quote or offer. The final rule is effective March 22, 2023. The Supplier Performance Risk System (SPRS) is the authoritative source to retrieve supplier product and performance information assessments for the DoD acquisition community to use in identifying, assessing, and monitoring unclassified performance.

The final rule added a new solicitation provision, DFARS 252.204-7024, Notice on the Use of the Supplier Performance Risk assessment. This provision is required in solicitations for supplies and services including solicitations for commercial products and services under FAR Part 12, Acquisition of Commercial Products and Commercial Services procedures.

The solicitation states the contracting officer shall consider item, price and supplier risk assessments when evaluating a supplier’s quote or offer. The new DFARS section defines the three risk categories as follows:

  • Item Risk – probability that a product, based on intended use, will introduce performance risk resulting in safety issues, mission degradation, or monetary loss.
  • Price Risk – a measure of whether a proposed price for a product or service is consistent with historical prices paid for that item or service.
  • Supplier Risk – the probability that an award may subject the procurement to the risk of unsuccessful performance or to supply chain risk.

DFARS requires contracting officers to consider the supplier risk assessments when determining contractor responsibility, based on the information available in the SPRS. However, it does not provide further instructions on how the information should be evaluated when making their determination of supplier responsibility, which is a good thing as it gives the contracting officers some flexibility.

SPSR risk assessments are generated daily and contractors have access to their risk assessment in SPRS. As a result of this new requirement, Redstone GCI recommends contractors evaluate their risk assessments in SPRS to ensure they are accurate and update them accordingly. While the new DFARS provision does not reference the NIST SP 800-171 basic assessments that are required to be uploaded into SPRS in accordance with DFARS 252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements and DFARS 252.204-7020 NIST SP 800-171 DoD Assessment Requirements, contractors should review the accuracy of their NIST basic assessment.

Since cyber security is a top priority of the Biden Administration and the basic self-assessment is required to be uploaded into SPRS, it is only a matter of time before DoD incorporates the basic assessment into the supplier risk assessment. This means the accuracy of your NIST basic assessment is important. The Office of the Under Secretary of Defense has issued a memorandum on contractual remedies related to breach of contract terms (addressed in our blog Contractors Beware: Don’t get caught with a Material Breach of Contract Terms) and the Department of Justice is asking individuals to report potential cyber security noncompliances (addressed in our blog Department of Justice Initiative on Cyber Security Incident Reporting) related to inaccurate NIST assessments.  

Redstone GCI can provide our clients with more information and guidance in working with established industry leading partners who can assist in fulfilling numerous cybersecurity compliance requirements. Redstone GCI along with our trusted partners can bring you a full solution with ensuring cyber security policy and flow-down requirements revolving around all aspects are accomplished including but not limited to purchasing policy requirements.

Whitepaper: DFARS Business Systems Download Now

Written by Lynne Nalley, CPA

Lynne Nalley, CPA Lynne is a Director with Redstone Government Consulting, Inc. providing government contract consulting services to our clients primarily related to Commercial Item Determinations and support, Cost Accounting Standards, DFARS Business System Audits, Proposals, and Incurred Cost. Prior to joining Redstone Government Consulting, Lynne served in several capacities with DCAA and DCMA for over 35 years. Professional Experience Lynne began her career working with DCAA in the Honeywell Resident Office, Clearwater, FL in 1984. Lynne’s experience included various positions which involved conducting or reviewing forward proposals or rate audits, financial capability audits, progress payments, accounting and estimating systems, cost accounting standards, claims and disclosure statement reviews. She is an expert in FAR, DFARS, CAS and testified as an expert witness. Lynne assisted in drafting the commercial item guidance for DCAA Headquarters. Lynne was assigned as a Regional Technical Specialist where she provided guidance to 20 field offices on highly complex or technical issues relative to forward pricing, financial capability or progress payment issues. As an Assistant for Quality, she was involved in reviewing and ensuring audit reports were in compliance with policy and GAGAS as well as made NASBA certified presentations to the staff including but not limited to billing reviews, CAS, unallowable cost and progress payments. To enhance her experience in government contracting, Lynne accepted a position with DCMA in 2015 as part of the newly organized DCMA Cadre of Experts in the Commercial Item Group. This included performing reviews of prime contractor’s assertions and/or commercial item determinations as well as performing price analyses. Lynne was a project lead and later became a lead analyst where she engaged with the buying commands on requests and reviewed price analysis reviews performed by a team of 5 analysts. She also assisted the DCMA CPSR team relative to commercial items and co-instructed the Commercial Item Training presented to DCMA. Education Lynne earned a Bachelor of Science Degree in Accounting from the University of Central Florida. Certifications State of Florida Certified Public Accountant State of Alabama Certified Public Accountant Defense Acquisition Workforce Improvement Act (DAWIA) Level III- Auditing DAWIA Level III – Contracting

About Redstone GCI

Redstone GCI is a consulting firm focused on fulfilling the needs of government contractors in all areas of compliance. With a singular mission to help contractors through the multiple layers of “red tape,” we allow contractors to focus on what they do best – support their mission with the U.S. Government. We are home to a group of consultants made up of GovCon industry professionals, CPAs, attorneys, and retired government audit and acquisition professionals.

Our focus and knowledge of audit and compliance functions administered by DCAA and DCMA will always be at the heart of what we do. However, for the past decade, we’ve strategically grown to support other areas of the government contractor back-office with that same level of focus and expertise. We’ve added expertise in contracts management, subcontract administration, proposal pricing, various software systems, HR and employment law, property administration, manufacturing, data analytics/reporting, Grant specialists, M&A, and many other areas. When we see a trend in the needs of contractors, we act to ensure we can provide the best expertise in the market to fulfill those needs.

One thing our clients can be certain of is that with the Redstone GCI Team in your corner, there is no problem too big and no issue too technical for our team to tackle.

Topics: Contracts & Subcontracts Administration, DFARS Business Systems, Cybersecurity