How risky is your RFP? Scanning docs with compliance check lists

Fergal McGovern

CEO & Founder

3 min read
Proposal Review - How risky is your RFP

For compliance professionals working on a large government or commercial RFP, identifying risk factors in the documents is a daily activity; one they must get right. The proposal review rule of thumb is  ‘trust but verify‘.

If you discover onerous conditions too late, it comes with program delivery risk and cost implications.

I was chatting recently with a couple of people from one of our more recent US customers. This company is a management consulting firm with over 1000 professionals serving public sector government clients. The company wanted to streamline the risk proposal review process for government-issued documents. They deployed VisibleThread in late Q3, 2013.

Jesse is a senior compliance advisor. Jesse and his compliance colleagues vet RFPs and contracts. For example, if they see “cost reimbursement” or “Indirect Cost Rate” they yellow or red flag the instance. Equally, they carefully review terms like “Liquidated damages” or “Salary disclosure”.

If they see enough of these negative indicators in the RFP, they reject it, or at the very least raise concerns. I wanted to share how this compliance team has tightened up their proposal review process with VisibleThread. If you conduct risk and compliance checks, you will find the approach interesting.

The process of risk review

Language checklists form much of the basis for Jesse and his team’s review checks. For example, language like ‘cost reimbursement’ in the contract implies risk. This is because it is not in line with the preferred business model of Jesse’s government customers.

Prior to VisibleThread, the proposal review process had been manual, time-consuming, and occasionally, it missed critical risk factors.

Jesse and his team used to spend an average of 2-3 hours reviewing each document. They created reports to share with the team, including; proposal RFP, finance, and business analysts. This report took on average more than a day to prepare.

Now, once a new RFP hits his desk, Jesse uses a pre-canned custom ‘compliance dictionary’ to check for risk indicators. He immediately sends out a VisibleThread compliance report to the project RFP team, finance, business analysts, and sometimes the executive team. This takes between 5-15 minutes.

Since deploying VisibleThread, in one 2-month period, they:

  • “rejected 3 out of 40 proposals based on VisibleThread reports & analysis”
  • “Sped up review time by over 10x
  • and have “avoided disasters” (in Jesse’s own words).

So, how does it all work?

Here are some terms they check. Red bold indicates especially risky terms from the point of view of Jesse’s customers.

$Financial PenaltiesLiquidated DamagesSAS 70
%First Source HiringMBEService Level Requirements
A-133Freedom of Information FOIAMost Favored NationSoftware Maintenance Services
AuditGrantOffice LocationSource Code
Board of CompensationGSAOpportunity to CureSSAE 16
CFRGuarantyPayment StructureSubcontracting Plan
Code of ConductHIPAA BAPayment WithholdSubcontractor Agreement
Conflict of InterestIndemnificationPersonnel ChangesSubcontractors
Cooperative AgreementIndirect Cost RatePricingSubrecipient
CostInsuranceProfitTask Order
Cost Allocation PlanIntellectual PropertyRenewalTerm
Cost ReimbursementJury Service ProgramReplacement CostTrade Secret
CovenantLetters of CreditRetainageWarranty Period
Damage(s)LicenseWBESalary Disclosure

And here is the same dictionary in VisibleThread, after an import from Excel:

Proposal review - risky docs

Note: new in VTDocs version 2.10, is the ability to create dictionaries by importing CSV files. This means you create your list in excel, save as CSV, and then suck it into VT in seconds. It’s a big-time saver.

What do the reports look like?

For the purpose of this blog post, I took the GSA’s OASIS contract and analyzed the ‘draft unrestricted solicitation’, using the dictionary above. The RFP is available from FedBizOpps. You can see the OASIS documents here.

I show below the VisibleThread view with our dictionary items flagged. You can see actual content from the doc in the bottom portion of this screen. The red arrow shows where you can generate a PDF report with a single click.

proposal review - risky pdf docs

And here is a sample of the PDF report that Jesse’s team create from VisibleThread. You can see the page numbers and content for each of the occurrences.

proposal review - VT Docs

For Jesse’s team to produce this report now takes (from start to end) about 5 minutes per doc. This involves uploading multiple docs and generating a PDF report per document.

When we spoke, here’s how Jesse summarized the benefits:

“We can alert our team to issues regarding specific contract terms that increase our risk much faster than before. In fact, it’s saving days of review time. It has also made our review process foolproof and more systematic since we can apply consistent dictionaries.”

So if you are scanning documents manually today, try using our free trial and see if this approach will work for you.


  1. If you pursue contracts with terms that expose you to program delivery challenges, the business risk is high.
  2. Compliance teams spend lots of time reviewing RFPs and contracts manually using term checklists. This takes time and can be error-prone.
  3. You can use automated language checkers like VisibleThread, to substantially reduce your review time and flag risk more systematically.

Book a Demo