Contractor Purchasing System Review (CPSR) Information & FAQ

The Defense Contract Management Agency (DCMA) is a government agency involved in the oversight and review of contractor business systems.
Key aspects of DCMA’s role include:

• Evaluating Contractor Purchasing Systems: DCMA conducts Contractor Purchasing System Reviews (CPSRs) to assess the efficiency and effectiveness with which contractors spend US government funds and comply with government regulations when subcontracting.
• Overseeing Government Property: DCMA plays a significant role in managing and reviewing contractor management of Government Property, performing more property system reviews than any other business system. It administers a substantial amount of DoD property held by contractors.
• Conducting Business System Reviews: Besides purchasing and property systems, DCMA is involved in reviewing other business systems, such as Earned Value Management Systems (EVMS) through surveillance and compliance reviews.
• Providing Expertise: DCMA has specialized groups like the Commercial Item Group (CIG), which offers expertise in evaluating commercial item determinations and pricing.
• Working with Contracting Officers: DCMA provides findings and recommendations to Administrative Contracting Officers (ACOs), who ultimately make determinations regarding the approval or disapproval of contractor business systems.

In essence, DCMA serves to mitigate risk and protect the government’s interests by ensuring that contractors have adequate systems and processes in place when managing government funds and property.

DCMA performs a CPSR for several reasons, as outlined in the sources. These events or factors can trigger a review of a contractor’s purchasing system:

• Past Performance is one factor that can trigger a DCMA CPSR.
• Subcontract volume, complexity, and dollar value can lead to a CPSR.
• Sales to the Government during the next 12 months are a significant trigger. If these sales are expected to exceed $25 million (FAR) or $50 million (DFARS), a CPSR may be initiated. This includes Prime Contracts, Subcontracts under Government Prime Contracts, and Modifications. However, this excludes competitively awarded Firm-Fixed-Price (FFP) and Fixed-Price with Economic Price Adjustment (FP-EPA) contracts, as well as FAR Part 12 commercial awards.
• The Contracting Officer (CO), which includes ACO, CACO, DACO, or PCO, plays a crucial role. The CO decides if a CPSR is needed after performing surveillance activities and a risk assessment and then contacts the DCMA CPSR team. The need for a CPSR is a key consideration for the ACO, at least every 3 years.
• A Government RFP requirement to have an approved system may also indirectly trigger a contractor to undergo a CPSR to meet solicitation requirements.
• The ACO’s determination of “need” considers factors beyond sales volume, such as contractor past performance and the volume, complexity, and dollar value of subcontracts. Input from Functional Specialists/Procurement Customers and system changes (organizational or employee turnover) also factor into this determination.

It’s important to note that the objective of the government in reviewing purchasing systems is to evaluate the efficiency and effectiveness with which a contractor spends Government funds, protects taxpayer dollars by paying reasonable prices, procures quality goods and services from responsible vendors, complies with Government policy when subcontracting, and supports the Government’s socio-economic agenda. The ACO uses the CPSR to determine whether to grant, withhold, or withdraw system approval.

To prepare for a Contractor Purchasing System Review (CPSR), a company should take a comprehensive approach that addresses policies, procedures, practices, and documentation. Here’s a breakdown of key preparation steps based on the sources:

1. Understand the CPSR Process and Requirements:

• Identify events that trigger a DCMA CPSR, such as past performance, subcontract volume, complexity, dollar value, and expected sales to the government exceeding certain thresholds ($25M per FAR or $50M per DFARS, excluding specific contract types).
• Understand that a CPSR is a review of a contractor’s purchasing system performed by the government (DCMA analysts) to evaluate the efficiency and effectiveness of spending government funds and compliance with government policy when subcontracting.
• Recognize that the “system” includes policies and procedures, practices, lines of authority, training, and internal reviews, covering all activities from identifying a requirement through order, receipt, and payment directly charged to government contracts.
• Familiarize yourself with the regulations and guidance, including FAR 44.3, FAR 52.244-2, DFARS 252.244-7001 (which outlines 24 system criteria), and the DCMA CPSR Guidebook. The guidebook provides guidance and procedures for evaluating purchasing systems and lists 30 major purchasing areas reviewed. Note that the guidebook should be viewed as guidance and that the FAR and DFARS are the ultimate sources of requirements.
• Understand the different types of CPSRs: Initial, Comprehensive (typically every 3 years), Follow-Up (after disapproval), and Special (focused on specific areas).

2. Assess Current Policies, Procedures, and Practices:

• Review and update your Policies and Procedures (P&Ps) to ensure they comply with FAR and DFARS requirements, address all topics listed in the CPSR Guidebook, and provide a foundation for practice assessment. P&Ps should include the Why, What, Who, When, and How, and reference relevant clauses and prescriptions like DFARS 252.244-7001(c).
• Conduct a Gap Analysis to identify areas where your current system may not meet CPSR requirements. Use internal or external reviewers for this.
• Step up Compliance Reviews (pre- and post-award) to assess if practices align with policies and regulations.

3. Address Potential Deficiencies:

• Document and track corrective actions taken to address identified gaps.
• Focus training on weak areas or those recently changed, ensuring it covers CPSR topics, conflict of interest, and gifts/gratuities. Develop and execute a training plan and document it. Cross-functional involvement in training (Legal, Ethics, HR) is beneficial.
• If you don’t have an internal audit function, consider establishing one or using external “mock CPSRs” to check compliance. Review policies and practices for consistency, compliance, and repeatability across the procurement lifecycle. Cross-functional teams (Internal Audit, Compliance, Quality, External Consultants) can be involved.

4. Prepare Documentation:

• Ensure your system has an adequate system description including policies, procedures, and purchasing practices.
• Maintain complete and accurate history of purchase transactions, documenting negotiations and subcontract changes affecting cost or price. Documentation should support vendor selection and prices paid.
• Ensure procurement files are consistently organized and self-contained, with documentation depending on the award value, type, and complexity.
• Be prepared to provide a 12-month Purchase Order (PO) universe in the format requested by DCMA to allow for sample selection. Aim for the ability to generate this quickly.
• Develop an Internal Control Matrix that maps internal controls and P&Ps to system requirements, documenting design and operating effectiveness gaps.
• Prepare a DCAA Accounting System Description Narrative Template as it can be a useful framework to demonstrate system compliance.

5. Foster Cross-Functional Involvement:

• Identify areas requiring cross-functional involvement early in the preparation process. Many aspects of CPSR readiness require collaboration with departments like Legal, Contracts Management, Finance, Program Management, Engineering, Quality, and IT.

6. Plan for the CPSR Execution:

• Be prepared for the scheduling process, which is coordinated between the Contracting Officer (CO), CPSR Analyst, and Contractor.
• Anticipate that the CPSR Analyst will start requesting information 90-120 days before the review, including P&Ps and questionnaire responses.
• Establish procedures for providing quick access to procurement files (potentially electronic access) once the sample is selected.
• Prepare a team to respond to questions submitted via email within 24 hours during the CPSR.
• Develop an audit management process to ensure timely and low-risk responses during the CPSR.

7. Understand Current Trends:

• Be aware of the trend towards hybrid (partially onsite, partially virtual) or fully virtual reviews.
• Note the possibility of increased scrutiny due to new or changing regulations, such as those related to cybersecurity and supply chain management.
• Be prepared for a focus on public law compliance (FFATA, Debarment, DPAS, Payments to Influence), price analysis, source selection (especially sole source justifications), and commercial item determinations as these are frequently identified deficiencies.
• Understand the new post-exit briefing process where Level II Corrective Action Requests (CARs) are issued shortly after the review, with a 30-day response timeframe for the Corrective Action Plan (CAP). Aim to have corrective actions substantially implemented with objective evidence when submitting the CAP.
• By diligently addressing these areas, a company can significantly enhance its preparedness for a DCMA CPSR and increase the likelihood of a positive outcome.

The key focus areas and persistent challenges identified within contractor purchasing systems during CPSRs, are:

Key Focus Areas:

• Price Analysis and Cost Analysis: The efficiency and effectiveness with which contractors spend government funds, particularly through adequate price and cost analysis, is a central focus. This is directly tied to the mission of ensuring government funds are spent effectively. The adequacy of cost and price analyses performed on subcontractors is specifically mentioned as part of effective subcontract management. The techniques used for price analysis, as outlined in FAR 15.404-1(b)(2), are scrutinized.
• Source Selection: The processes for selecting subcontractors, including the extent of competition and the justification for non-competitive (single or sole source) awards, are critical. This includes evaluating vendor responsibility and ensuring debarred or suspended contractors are excluded.
• Compliance with Public Law: Adherence to various public laws such as FFATA (reporting executive compensation and subawards), debarment, DPAS (Defense Priorities and Allocations System), and payments to influence (anti-lobbying) are major areas of scrutiny.
• Commercial Item Determinations: Ensuring that commercial items are incorporated to the maximum extent practicable and that commerciality determinations (CIDs) are adequately supported and documented is a significant focus.
• Policies and Procedures: The existence and adequacy of written policies and procedures that comply with FAR and DFARS and address all relevant CPSR topics are foundational. These policies should cover the entire purchasing lifecycle.
• File Documentation: Maintaining complete and accurate documentation for all purchase transactions, fromrequisition to closeout, is essential to demonstrate compliance. This documentation must support vendor selection and prices paid.
• Flow-Down Requirements: Ensuring that all applicable clauses, terms, and conditions from the prime contract are properly flowed down to subcontractors is a key area of review.
• Internal Reviews and Training: Contractors are expected to have internal audit or self-review processes and regular training programs in place to ensure the integrity of the purchasing system.
• Supply Chain Management: This includes vendor rating systems, oversight of subcontractors, and compliance with requirements related to counterfeit electronic parts and cybersecurity (safeguarding Covered Defense Information – CDI).

Persistent Challenges (Most Common Deficiencies):

• Price Analysis (or Cost Analysis): Inadequate or missing price analysis and a failure to demonstrate fair and reasonable pricing are consistently the most frequent deficiencies. This includes not using FAR-recognized techniques or not establishing a valid basis of comparison.
• Source Selection (SSJ): Deficiencies in justifications for single or sole source awards, including a lack of adequate rationale, market research, or management approval, are common.
• FFATA (Federal Funding Accountability and Transparency Act) Reporting: Non-compliance with reporting requirements for first-tier subcontractor executive compensation and awards, including lack of reporting, ineffective exemption reliance, inaccurate or late reporting, and inadequate record retention, is a persistent challenge.
• Debarment: Missing “as of time of award” debarment disclosures in writing from suppliers is a frequent finding.
• DPAS (Defense Priorities and Allocations System) Rating: Issues with obtaining or documenting timely written acceptance (or rejection) of rated orders and not including all elements of a rated order are common.
• Payments to Influence (Anti-Lobbying): Missing time of offer or time of award certifications related to lobbying activities are often cited.
• Commercial Item Determinations: Inadequate documentation or lack of supporting market research for commercial item determinations are persistent problems.
• Negotiations: Insufficient or missing documentation of negotiation efforts, even for sole-source awards, remains a challenge.
• Truthful Cost or Pricing Data (TINA): Issues with not requesting required data, missing cost analyses or certificates, misapplication of thresholds or exemptions, and ineffective documentation of exemptions are frequently identified.
• Policy & Procedure Manual: Inadequate, outdated, or missing policies and procedures that do not address all CPSR topics or accurately reflect current regulations and practices are common deficiencies.

These focus areas and persistent challenges highlight the complexity and the government’s emphasis on ensuring contractors have robust and compliant purchasing systems to protect taxpayer funds.

DCMA’s Contractor Purchasing System Review (CPSR) significantly impacts government contractors’ purchasing practices by establishing a framework for evaluating their systems and ensuring compliance with government regulations. The processes, criteria, and recent trends of CPSRs drive contractors to adopt and maintain specific purchasing practices to achieve and retain an approved purchasing system.

Impact of CPSR Processes:

• Triggers and Preparedness: Events like exceeding specific sales thresholds ($25M per FAR/$50M per DFARS), past performance concerns, and subcontract volume can trigger a CPSR. This necessitates that contractors continuously monitor these factors and remain prepared for a potential review. Many contractors start preparing 1-2 years in advance.
• Policy and Procedure Development: The CPSR process requires contractors to have documented policies and procedures addressing 30 major purchasing areas aligned with FAR and DFARS requirements. This compels contractors to develop comprehensive documentation covering all aspects of purchasing, from requirement identification to payment.
• Cross-Functional Involvement: Preparing for and undergoing a CPSR necessitates cross-functional involvement from various departments such as legal, ethics, HR, training, internal audit, contracts management, finance, and program management. This promotes a collaborative approach to purchasing compliance across the organization.
• Data and Documentation Management: DCMA requests significant data and documentation before and during a CPSR, including policies, procedures, questionnaires, a 12-month PO universe, and procurement files. This drives contractors to maintain organized and readily accessible records of all purchasing activities.
• Corrective Action and Continuous Improvement: The post-CPSR process involves addressing any identified deficiencies through Corrective Action Requests (CARs) and developing Corrective Action Plans (CAPs). This fosters a culture of continuous improvement in purchasing practices to address weaknesses and prevent recurrence. The reduced timeframe for responding to Level II CARs (30 days) emphasizes the need for swift action.

Impact of CPSR Criteria:

• Regulatory Compliance: The 24 system criteria outlined in DFARS 252.244-7001(c) serve as the core standards against which contractors’ purchasing systems are evaluated. These criteria mandate compliance with FAR and DFARS across various areas, influencing contractors to align their practices with these regulations.
• Emphasis on Key Areas: The criteria emphasize critical aspects such as competitive sourcing, fair and reasonable pricing, adequate cost or price analysis, proper flow-down of clauses, debarment checks, and documentation. This directs contractors to prioritize these areas in their purchasing practices.
• Documentation as Proof: The criteria repeatedly stress the need for complete and accurate documentation of all purchasing transactions. This compels contractors to maintain thorough records to demonstrate compliance. The principle of “Done and Documented” becomes central to their purchasing practices.
• Public Law Adherence: The CPSR evaluates compliance with public laws such as FFATA, debarment regulations, DPAS, and anti-lobbying provisions. This forces contractors to integrate these legal requirements into their purchasing processes.
• Commercial Item Considerations: The CPSR also assesses how contractors determine commercial items and apply relevant regulations. This encourages contractors to properly identify and document commercial items to leverage applicable exemptions and clauses.

Impact of Recent Trends:

• Hybrid and Virtual Reviews: The shift towards hybrid and virtual CPSRs necessitates contractors to adapt their processes for remote data sharing and communication with DCMA. This requires robust digital documentation management capabilities.
• Increased Scrutiny and Focus Areas: DCMA’s continued focus on areas like price analysis, source selection justifications, public law compliance, commercial item determinations, and cyber security (supply chain) directs contractors to enhance their practices and documentation in these specific domains. The emphasis on cyber security requires closer oversight of subcontractors’ information systems.
• Timely and Comprehensive Corrective Actions: The streamlined post-review process with shorter response times for CARs emphasizes the need for contractors to have proactive corrective action processes in place. DCMA expects CAPs to include robust actions fully implemented with objective evidence.
• Emphasis on Understanding the Guidebook: While the DCMA CPSR Guidebook is guidance for analysts, its content reflects the areas of focus and expectations during a review. Recent trends highlight the importance for contractors to understand the Guidebook’s content to prepare effectively.
• Contracts Listing Requirement: The recent requirement for a contracts listing allows DCMA to identify all applicable contracts for review, ensuring a more comprehensive assessment of the purchasing system’s application across the contractor’s government business.

In conclusion, DCMA’s CPSR framework exerts significant influence over government contractors’ purchasing practices. The processes drive organizational readiness and continuous improvement, the criteria establish the standards for compliance across various purchasing activities, and the recent trends highlight evolving areas of focus and the need for adaptability in review approaches. Ultimately, the goal is to ensure efficiency, effectiveness, and compliance in the expenditure of government funds during subcontracting.

The CPSR guidebook, specifically the DCMA CPSR Guidebook, is a document published by the Defense Contract Management Agency (DCMA) that serves as a roadmap for how DCMA personnel evaluate a contractor’s purchasing system during a Contractor Purchasing System Review (CPSR). It provides guidance and procedures for CPSR analysts to use when conducting these reviews. The guidebook is considered a living document that DCMA aims to update at least annually.

Here are some key aspects of the CPSR guidebook based on the sources:

• Purpose: It is used to evaluate the efficiency and effectiveness with which contractors spend government funds and comply with government policy when subcontracting. It helps determine if a contractor’s purchasing system is acceptable.
• Content: The guidebook outlines the scope of a CPSR and the processes involved. It contains 30 major purchasing areas that are reviewed during a CPSR. These areas go beyond the 24 system criteria listed in DFARS 252.244-7001(c).
• Structure: The guidebook typically includes sections on the types of CPSR reviews, how DCMA plans and conducts them (including entrance and exit conferences), and the issuance of a formal report. A significant portion of the guidebook consists of appendices, containing 30 job aids, each covering a specific topical area of the CPSR.
• Job Aids: These job aids are structured similarly, providing an introduction to the topic, relevant statutory and regulatory references, applicability, and a breakdown of the review process into pre-review, review of policies and procedures, review of practices, and post-review considerations. They also often include questions that auditors should be asking.
• Use: The guidebook assists DCMA analysts in preparing for and conducting CPSRs. It can also be used by contractors as a roadmap to assess their own procurement systems, develop compliant policies and procedures, and prepare for potential CPSR audits.
• Accessibility: The DCMA CPSR Guidebook is publicly available on the DCMA website.
• Relation to Regulations: While the guidebook provides perspective and guidance, it is not intended to replace the ultimate guidance, which is always the FAR and DFARS. Contractors are responsible for tailoring the applicable FAR and DFARS requirements to their individual business models.

The CPSR guidebook serves as a crucial resource for both the government in conducting reviews and for contractors in understanding the government’s expectations for an acceptable purchasing system.