I recently had the opportunity to present an online CLE for LawLine on Risk Management in Government Contracting. This is my second time presenting a course for LawLine (I previously taught a course on Small Business Compliance).
Risk Management is a broad topic that can mean different things to different people. In this course, I decided to focus on practical steps that contractors can take to develop a corporate Culture of Compliance. There is little value in limiting compliance training to only the upper leadership – employees at all levels must become ethics and compliance watchdogs.
I recommend developing a compliance program in four steps (that not coincidentally track the requirements of FAR 52.203-13):
-
Implement a Contractor Code of Business Ethics and Conduct
-
Establish a Regular and Robust Training Program for All Employees
-
Institute an Internal Control System
-
Understand the Difference between Reportable and Non-Reportable Evidence
To be effective, none of these steps are “one and done.” It will not do much good to draft a Code of Business Ethics and Conduct, only to put it in a drawer to collect dust. Your Code should be a living document that your employees read, understand, and utilize often.
In addition to these broad strokes, the course also delves into a few hot button issues relevant to today’s enforcement environment. Most prominently, I discussed the requirements of FAR 52.204-21 and Cybersecurity best practices. It may not have fully hit yet – but I think firms that lag behind in this area will soon find themselves on the wrong side of government enforcement actions.
[View source.]