Whitepaper: The Audit World's Biggest Myths
Download Now
Whitepaper: The Audit World's Biggest Myths
Download Now

Preparing for DCMA’s Information Requests

July 12, 2022

Preparing for DCMA's Information Requests - In Addition To The DCMA CPSR Policy And Procedure Checklist, What Information And Records Does the DCMA CPSR Group Request From The Contractor Before The CPSR?

The DCMA CPSR Policy and Procedure Checklist, the DCMA CPSR Pre-Review Questionnaire and the Active Contracts Listing - understanding the DCMA CPSR Group’s expectations when responding to their pre-CPSR “data calls” is a critical piece to your organization’s CPSR compliance posture, CPSR preparedness activities and overall CPSR experience.

By: Chase Kunk, Managing Partner, Capital Edge Consulting
Michael Carter, Director, Capital Edge Consulting

Learning Objectives

Some of the salient questions this document is intended to answer includes:

  • What information will the DCMA CPSR Group ask from my organization?
  • How much time will I have to provide DCMA CPSR Group responses to their data calls and questionnaires?
  • Where can I find the DCMA CPSR Policy and Procedure Checklist?
  • What is the DCMA CPSR Policy and Procedure Checklist used for?
  • Does the DCMA CPSR Guidebook include everything I need to know about the CPSR and CPSR compliance?

Once the contractor has been formally scheduled for a Contractor Purchasing System Review (CPSR) by the Defense Contract Management Agency (DCMA) CPSR Group, a variety of records and data are requested. This formal request by DCMA occurs via what is commonly known as the “CPSR notification letter.” In addition to requesting specific records and data from the contractor with defined due dates to DCMA (e.g., DCMA CPSR Policies and Procedures Checklist, etc.), this letter restates the review dates that the contractor has agreed to with DCMA and establishes the “Universe Period” applicable to the review. These requests from DCMA are commonly known as the “CPSR data calls.”

In today’s DCMA CPSR environment, your organization should expect to receive the following data calls in advance of your next CPSR. You can typically expect to receive these data calls between 60 to 120 days prior to the start of the CPSR. Interpreting, understanding and processing these data calls and presenting complete, accurate and timely responses is one of the early steps in successful “audit management” of the CPSR. This document is intended to provide unique insights, lessons learned and practical tips in responding to DCMA effectively during the pre-CPSR phase of your next review.

1. Pre-Review Questionnaire (or alternatively referred to as the “Pre-Site Visit Questionnaire”)

As with many of their data calls, DCMA has a form for it. The Pre-Review Questionnaire is one of those examples. This four-page form has seen quite a bit of evolution and refinement over the years, especially during the last couple of years. Moreover, the current version of this form incorporates many of the key elements of the longstanding DCMA CPSR Risk Assessment Form.

From the Government’s perspective, this form, once completed by the contractor, provides a variety of administrative and macro-level details about the contractor’s business, especially, its purchasing system. The contractor’s view of this form may be much different – for one, many contractors struggle in completing it because their management systems simply do not capture many data points required by the form. Thus, manual effort as well as the exercise of indirect resources across multiple functionsis often required to fill in the fields completely and accurately. Overlay the manual preparation with a response timeline DCMA defines and you may have a recipe for disaster. We have seen DCMA provide as little as a week to the contractor to prepare their response (and as much as two months).

Some of the most notable sections of this form include:

  • Identification of both the primary and additional CAGE codes applicable to the purchasing system (remember, business system approval status is on a CAGE code basis);
  • Identification of whether the purchasing system is electronic, paper or hybrid (remember, a CPSR is an evaluation of documented policies, procedures and practices – not of an information technology/software system);
  • Identification of at least one prime contract containing FAR 52.244-2 (remember, paragraph (j) of that clause grants the Government access to review the system in accordance with FAR Part 44);
  • Identification of at least one prime contract containing several DFARS clauses including DFARS 252.244-7001 and 252.242-7005 (remember, the DFARS codifies the business system payment withhold requirement);
  • Disclosure of sales data categorized as specified–e.g.by year (prior, current and prospective); as a prime contractor by military service, NASA and othernon-DoD agencies; by prime contract type including variations pertaining to negotiated Firm Fixed Price contracts, Flexibily Priced (Cost/T&M/LH), Commercial awards; as a subcontractor by the same contract types and variations; etc.;
  • Calculation of the sales data disclosed – e.g. contractor’s sales as a percentage of totals sales, government sales, commercial (FAR Part 12) sales, by contract type, etc.;
  • Summary-level quantities of FAR 44.3 CPSR qualifying transactions for the relevant one-year period, broken down by commercial v. non-commercial and across a variety of dollar thresholds – e.g. $2M+, $750,000 to $2M, etc.; and
  • The form is marked “Controlled Unclassified Information.”

Tips from your Peers:

  • As with every deliverable to the Government, take this form seriously. DCMA will rely on your inputs. Accuracy is important. In fact, certain data sets included in this form will be duplicated in the DCMA CPSR Report issued to your Administrative Contracting Officer (ACO).
  • Expect a cross-functional team to be involved in preparing your response to this form – e.g., Finance/Accounting, Contracts, Supply Chain, etc.
  • The form has very little instruction embedded. Think through if, when and how you seek guidance and from whom.


2. DCMA CPSR Policy and Procedure Checklist

Like the Pre-Review Questionnaire, DCMA will provide you the form to use here. Think of this form – the “DCMA CPSR Policies and Procedures Checklist” – as the macro-level view of the subject matter areas DCMA evaluates in a CPSR and where each of those areas are addressed in your procurement manual and/or policies and procedures.

The form, occasionally referred to by others as the “DCMA CPSR Checklist” or the “DCMA Audit Checklist,” identifies all subject matter areas in DCMA’s scope, as well as some of the key FAR and DFARS reference points for each area. The task for your organization, when asked to complete the DCMA CPSR Policy and Procedure Checklist, is to “map” by reference each associated policy/procedure section and page number in your procurement manual or policies and procedures to each of those CPSR areas. The DCMA CPSR Guidebook (September2021), specifically the Table of Contents found on page 2 as well as the Job Aids included in Section 5 of  the CPSR Guidebook, lists those CPSR requirements or areas that are captured in the DCMA CPSR Policy and Procedure Checklist.

Once populated, the DCMA CPSR Policies and Procedures Checklist is a quick reference tool for the DCMA CPSR analyst to locate the appropriate policy and procedure associated with the subject matter area of interest as they are assessing your policies and procedures for adequacy.

Tips from your Peers:

  • Every cell within the DCMA CPSR Policy and Procedure Checklist needs to include content about your organization. No blanks. In other words, make sure you have a documented policy and procedure to address each CPSR requirement or area listed in the Policy and Procedure Checklist provided by DCMA.
  • A CPSR is not an “existence” check. Rather, the DCMA is evaluating the adequacy of whatever documentation is put in front of them – that includes policies and procedures. Avoid the false sense of confidence that comes with a fully populated DCMA CPSR Policies and Procedures Checklist – that just demonstrates existence of policy and procedure for each area with the DCMA CPSR scope, not its adequacy.


3. Copies of the Contractor’s Policies and Procedures

Unfortunately, there is not a form for this. In addition to providing the completed DCMA CPSR Policy and Procedure Checklist, DCMA will also request a copy of your policies and procedures. This is simply the request for your organization to provide an electronic copy of the existing policies and procedures that govern your organization’s purchasing system. Specifically, those documented policies and procedures that, if fully adhered to, would demonstrate DCMA CPSR compliance in practice. Remember, make sure your organization maintains a documented policy and procedure for each subject matter area found in the DCMA CPSR Policy and Procedure Checklist.

Developing policies and procedures is no easy feat. And that’s just developing them. Now add some complexity – develop and maintain policies and procedures that are adequate in the estimation of the DCMA CPSR Group. Why is that such a challenge for contractors? Primarily, because the specific policy and procedure content expectations of any DCMA CPSR analyst is not static nor uniform from analyst-to-analyst. This is a moving target.

No silver bullet resource (not publicly available at least) exists to assist in ensuring your organization’s policies and procedures are “CPSR compliant” or, in other words, adequate. Some of the relevant sources of information to carefully consider in attempting to best position the policies and procedures include:

Tips from your Peers:

  • The presumption is your organization maintains documented policies and procedures to address all subject matter areas in the DCMA CPSR Group’s scope – all those areas identified in the DCMA CPSR Policies and Procedures Checklist. DCMA will then review those policies and procedures for adequacy. As the purchasing system compliance tip-of-the-spear for your organization, you must aim for the adequacy standard in your continual policy and procedure maintenance activities.
  • Just because your organization’s policies and procedures were reviewed by the DCMA CPSR Group in the last few years, does not mean they are still adequate today. Regulations do and have changed. FAR and DFARS clauses have and do change. DCMA’s interpretation of the regulations and clauses have and do change. DCMA CPSR Group management’s expectations of an adequate policy and procedure has changed. Each individual CPSR analysts’ expectations of an adequate policy and procedure has and do change.
  • The DCMA CPSR Guidebook is just that – a guidebook. It is not primary nor secondary authority. The preamble even cautions the reader in relying on the Guidebook. The DCMA CPSR Guidebook does not detail all the ins-and-outs, nuances and intricacies that are evaluated in today’s DCMA CPSR environment.


4. Copies of the Contractor’s Terms and Conditions

The next item the CPSR notification letter requests are those terms and conditions your organization maintains. The letter will state the request in a manner similar to: “Copies of [INSERT YOUR ORGANIZATION’S NAME] Terms and Conditions (all versions) including FAR/DFARS flowdown clauses for transactions under U.S. Government contracts.” Essentially, DCMA is seeking copies of those existing templates that your subcontracts/procurement community uses to establish contractual relationships with subcontractors in support of government programs. This includes your organization’s standard or general terms, conditions and provisions as well as the appendices, attachments or the like that serve as the mechanism to flow down FAR, DFARS and other agency supplemental clauses to your supply base.

Once those templates are provided to DCMA, an evaluation is to occur, most likely performed by a DCMA Legal representative. Some of the focus areas in their evaluation of your terms and conditions templates will pertain to lower-tier clause flow down, data rights, subcontractor claims, overly restrictive clauses, and order of precedence. In today’s CPSR, any concern with these terms and conditions templates are categorized as a Level II deficiency, specifically a policy deficiency within the Terms and Conditions/Mandatory FAR and DFARS Flow Down subject matter area. This will require a Corrective Action Plan in response to the DCMA Corrective Action Request.

Tips from your Peers:

  • If DCMA expresses a concern with the templates, immediately take the appropriate action and demonstrate the implementation of the revision to the templates for use going forward.
  • DCMA will also test for FAR/DFARS flow down clause compliance during the CPSR across the sample transactions they review. If there is a flow down concern detected, DCMA will categorize it as a Level II deficiency, specifically a “practice” deficiency within the Terms and Conditions/Mandatory FAR and DFARS Flow Down subject matter area.This will require a Corrective Action Plan in response to the DCMA Corrective Action Request. 


5. Government Contracts Listing or “Active Contracts List”

DCMA certainly has a form for this. This form, really this step, is a relatively new piece to the pre-CPSR puzzle and DCMA’s data collection efforts. For many years, DCMA would request a Purchase Order Universe (or “PO Universe”) as part of the CPSR notification letter. However, a few years ago, DCMA adjusted course and inserted a new step in this process – the Government Contracts Listing or commonly known as the “Active Contracts List.”

This form asks you to provide specific details on “all Government prime contracts and subcontracts” held by your organization that are “currently active.” This is not a supplier-facing set of data; rather, these are customer-facing, contractual details. Depending on your contracts portfolio, this could be a very large volume of contracts to disclose. Similar to a couple of the other forms DCMA provides with the CPSR notification letter, this form is seeking summary-level data, some of which is not routinely at the fingertips of many organizations. Some of the most notable data points relate to: Original Award Value (vs. Current Value), contract type, FAR Part 12 consideration, source selection, and details of the prime contract even if your organization is not the prime contractor.

It is understood that this new step in the process really serves a single purpose – to provide the DCMA CPSR Group with the information necessary to perform the FAR 44.3 qualifying contracts analysis. Once that analysis is complete, then the DCMA CPSR Group has a clear line of sight as to which contracts are subject to CPSR and, therefore, the guardrails by which the contractor is to prepare their Purchase Order Universe or “PO Universe.”

Tips from your Peers:

  • Have a plan on how to collect prime contract-level details when your organization is not the prime contractor.
  • The form has virtually no instruction embedded. Think through if, when and how you seek guidance and from whom.

In conclusion, the DCMA CPSR Group has a job to do. They need access to certain data, information and records from your organization to fulfill their responsibilities under FAR Part 44 and DFARS Part 244. Understanding what is coming your way will benefit your organization’s CPSR compliance posture, experience with the DCMA CPSR and the result of that review. To that end, some of the key takeaways from this paper include:

  • Understanding the DCMA CPSR Group’s expectations and how they interpret the inquiries within these data calls is not always obvious. Engage a trusted advisor who has ground-level knowledge with these forms and the figurative landmines others have stepped on in this process.
  • Preparing the responses to these data calls (e.g., DCMA CPSR Policy and Procedure Checklist, etc.) is laborious, even for those organizations that have navigated the DCMA CPSR process historically. That is the case even when DCMA provides a reasonable amount of time to respond.
  • Have a plan and consider rehearsing your organization’s abilities to identify, collect, and verify the data and information while preparing these responses. The rhetorical advocacy and audit management starts now.
  • Trust but verify – the DCMA CPSR Group will rely on your inputs but will also pressure-test them. Accuracy builds confidence, and confidence affords you opportunities to capitalize on throughout the process as your organization works towards an approved purchasing system.
  • Fundamentally, the Government is determining whether the documents your organization puts forth are adequate. Adequacy is often a subjective concept, including in a DCMA CPSR. Possessing the specific knowledge, intricate insights and visibility into the current nuances of the DCMA CPSR Group’s expectations and interpretations is paramount to earning an adequate purchasing system determination by the cognizant federal agency official.

Set Up a Free Strategy Session with one of our Business Intelligence Experts Today!

Capital Edge Consulting is a professional services company comprised of adept problem solvers who deliver tangible results to address today’s most complex U.S. government contracting challenges. Capital Edge helps clients address the challenging regulatory, contractual, and compliance requirements of U.S. federal contracts and we have experience working with a wide variety of industries that provide goods or services to the federal government including industries such as biotech and healthcare, nuclear energy, education, information technology, non-profit, professional services, defense, and software.

Contact our Compliance Experts to prepare for your next CPSR

About Capital Edge Consulting

Capital Edge government contract consultants support Government Contractors and Federal Grant Recipients. Our consultants specialize in the regulatory compliance matters you need.

Stay In Touch


Call Us: (855) 227-3343

Whitepaper: The Audit World's Biggest Myths
Download Now
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram Skip to content