Federal acquisition is necessarily more complicated than in the private sector, with additional layers of compliance and accountability. For the Department of Defense (DOD), owing to its unique mission and risk profile, the challenge is even more daunting. Having supported DOD acquisitions for many years, I have witnessed the ongoing drive to implement solutions that are more modern, as well as the emergence of fierce competition in the contract writing solution market.
Contract writing solutions (CWS) have enabled both defense and civilian agencies to ease the path by automating many required processes. However, choosing a CWS in the first place demands exacting evaluation of the contenders before making a decision. With numerous commercial off-the-shelf (COTS) solutions available in the marketplace, selecting such a system can be a daunting task. Qualitative risk management techniques common to several best practice frameworks can be a useful tool in evaluating your options.
In 2017, after an open competition featuring a wide-ranging software demonstration, the Army chose CGI Federal and our Momentum® enterprise solution to create the Army Contract Writing System (ACWS). Earlier this year, the Navy engaged CGI Federal to help develop the Navy's Electronic Procurement System (ePS). However, many agencies at all levels of government are still examining their options to replace legacy procurement systems and better integrate with their other IT systems.
Today’s technologies can help automate routine tasks, reveal historical pricing, find existing ordering vehicles, and foster collaboration. Emerging technologies including machine learning and other forms of artificial intelligence offer the promise that significant further improvements may not be far away. CWS vendors look for innovations and trends in the greater IT marketplace, such as blockchain and cloud computing, and attempt to leverage those into their offerings. However, as always, a cost-benefit analysis remains necessary in making decisions.
Picking a contract writing solution
Here, then, are some key strategies I recommend defense agencies consider as they evaluate procurement systems—or any other systems, for that matter.
- Start with a business impact analysis. Identify all of your agency’s key assets and the threats and risks around each by asking questions such as: What would be the cost of a security breach? What data could cybercriminals steal if they were able to break in? Answers to such questions factor into an accurate assessment of the potential impact. For each of these risks, estimate the likelihood of their occurrence in any given year, and the potential dollar value of the risk if it occurs, for a rough estimate of how much a solution that mitigates such risk may be worth. (How detailed an analysis this should be will vary from case to case, influenced by factors such as the classification level of the data involved.)
- Do this analysis before talking to any vendors. Similarly, evaluate your major issues as a contract-writing organization. For most shops, procurement lead-time is a top issue. Despite years of efforts to streamline and speed up procurement, it still takes longer than it should to get a contract out and get goods and services to military personnel around the globe. Once you have your own assessment of the risks, you will be prepared to evaluate the validity of any potential opportunities or threats a vendor raises that you had not already thought of.
- Do not get caught up in hype. Information technology offerings are prone to trends and fads, just like anything else. Before you decide you need to have whatever is the buzzword of the day, determine whether it solves a problem you actually have. A new feature may sound great as described in a salesperson’s pitch, but if it does not solve one of those major issues you have identified for your organization, its value may be limited.
- Dig deep. In interacting with vendors, don’t accept vague claims. If something is said to “improve security,” your response should be to ask specifically what the solution improves (confidentiality? integrity? availability?) and how it accomplishes that improvement.
The work does not end
Once you have selected and implemented a contract system, you should try to stay on top of the ever-evolving threat landscape. Apply proactive risk management with a risk assessment and a risk management plan that includes specific actions to mitigate those risks and to react to them if they do occur. Periodically re-examine everything, and re-evaluate against the risks, adjusting defensive measures accordingly.