How risky is your RFP? Scanning docs with compliance check lists
For compliance professionals working large government or commercial contracts, identifying risk factors in the documents is a daily activity; one they must get right. The rule of thumb when reviewing RFPs is ‘trust but verify‘.
If you discover onerous conditions too late, it comes with program delivery risk and cost implications.
I was chatting recently with a couple of people from one of our more recent US customers. This company is a management-consulting firm with over 1000 professionals serving public sector government clients. The company wanted to streamline the risk review process for government issued documents. They deployed VisibleThread in late Q3, 2013.
Jesse is a senior compliance advisor. Jesse and his compliance colleagues vet RFPs and contracts. For example, if they see “cost reimbursement” or “Indirect Cost Rate” they yellow or red flag the instance. Equally, they carefully review terms like “Liquidated damages” or “Salary disclosure”.
If they see enough of these negative indicators in the RFP, they reject it, or at the very least raise concerns. I wanted to share how this compliance team has tightened up their process with VisibleThread. If you conduct risk and compliance checks, you will find the approach interesting.
The Process of risk review
Language checklists form much of the basis for Jesse and his teams review checks. For example, language like ‘cost reimbursement’ in the contract implies risk. This is largely because it is not in line with the preferred business model of Jesse’s government customers.
Prior to VisibleThread, the review process had been manual, time consuming and occasionally, it missed critical risk factors.
Jesse and his team used to spend an average of 2-3 hours reviewing each document. They created reports to share with the team, including; Proposal RFP, Finance and Business Analysts. This report took on average more than a day to prepare.
Now, once a new RFP hits his desk, Jesse uses a pre-canned custom ‘compliance dictionary’ to check for risk indicators. He immediately sends out a VisibleThread compliance report to the project RFP team, finance, business analysts and sometimes the executive team. This takes between 5-15 minutes.
Since deploying VisibleThread, in one 2-month period, they:
- “rejected 3 out of 40 proposals based on VisibleThread reports & analysis”
- “Sped up review time by over 10x“
- and have “avoided disasters” (in Jesse’s own words).
So, how does it all work?
Here are some terms they check. Red bold indicates especially risky terms from the point of view of Jesse’s customers.
|$||Financial Penalties||Liquidated Damages||SAS 70|
|%||First Source Hiring||MBE||Service Level Requirements|
|A-133||Freedom of Information FOIA||Most Favored Nation||Software Maintenance Services|
|Audit||Grant||Office Location||Source Code|
|Board of Compensation||GSA||Opportunity to Cure||SSAE 16|
|CFR||Guaranty||Payment Structure||Subcontracting Plan|
|Code of Conduct||HIPAA BA||Payment Withhold||Subcontractor Agreement|
|Conflict of Interest||Indemnification||Personnel Changes||Subcontractors|
|Cooperative Agreement||Indirect Cost Rate||Pricing||Subrecipient|
|Cost Allocation Plan||Intellectual Property||Renewal||Term|
|Cost Reimbursement||Jury Service Program||Replacement Cost||Trade Secret|
|Covenant||Letters of Credit||Retainage||Warranty Period|
And here is the same dictionary in VisibleThread, after an import from Excel:
Note: new in VisibleThread for Docs version 2.10, is the ability to create dictionaries by importing CSV files. This means you create your list in excel, save as CSV and then suck it into VT in seconds. It’s a big time saver.
What do the reports look like?
For the purpose of this blog post, I took the GSA’s OASIS contract and analyzed the ‘draft unrestricted solicitation’, using the dictionary above. The RFP is available from FedBizOpps (https://www.fbo.gov/ ). You can see the Oasis documents here.
I show below the VisibleThread view with our dictionary items flagged. You can see actual content from the doc in the bottom portion of this screen. The red arrow shows where you can generate a PDF report with a single click.
And here is a sample of the PDF report that Jesse’s team create from VisibleThread. You can see the page numbers and content for each of the occurrences.
For Jesse’s team to produce this report now takes (from start to end) about 5 minutes per doc. This involves uploading multiple docs and generating a PDF report per document.
When we spoke, here’s how Jesse summarized the benefits:
“We can alert our team to issues regarding specific contract terms that increase our risk much faster than before. In fact, it’s saving days of review time. It has also made our review process foolproof and more systematic, since we can apply consistent dictionaries.”
So if you are scanning documents manually today, try using our free trial and see if this approach will work for you.
- If you pursue contracts with terms that expose you to program delivery challenges, the business risk is high.
- Compliance teams spend lots of time reviewing RFPs and contracts manually using term checklists. This takes time and can be error prone.
- You can use automated language checkers like VisibleThread, to substantially reduce your review time and flag risk more systematically.
I hope the post will help you avoid risk. What do you think?
Let me know in the comments.
If you want to see how we scan documents, check out these 3-minute demos to get a good sense.