I recently had the opportunity to present an online CLE for LawLine on Risk Management in Government Contracting. This is my second time presenting a course for LawLine (I previously taught a course on Small Business Compliance).
Risk Management is a broad topic that can mean different things to different people. In this course, I decided to focus on practical steps that contractors can take to develop a corporate Culture of Compliance. There is little value in limiting compliance training to only the upper leadership – employees at all levels must become ethics and compliance watchdogs.
I recommend developing a compliance program in four steps (that not coincidentally track the requirements of FAR 52.203-13):
- Implement a Contractor Code of Business Ethics and Conduct
- Establish a Regular and Robust Training Program for All Employees
- Institute an Internal Control System
- Understand the Difference between Reportable and Non-Reportable Evidence
To be effective, none of these steps are “one and done.” It will not do much good to draft a Code of Business Ethics and Conduct, only to put it in a drawer to collect dust. Your Code should be a living document that your employees read, understand, and utilize often.
In addition to these broad strokes, the course also delves into a few hot button issues relevant to today’s enforcement environment. Most prominently, I discussed the requirements of FAR 52.204-21 and Cybersecurity best practices. It may not have fully hit yet – but I think firms that lag behind in this area will soon find themselves on the wrong side of government enforcement actions.
If you have any questions about this Risk Management presentation, or have other questions you’d like to discuss, I’m happy to connect with you off-line. I’m available by phone (202-696-1460) and email (firstname.lastname@example.org).