Premier Consulting & Integration, LLC

Your Partner In Success

Deltek Costpoint

Timekeeping for Government Contractors

Timesheets are a major component of a government contractor’s accounting system. But why are they so important? See below. 

  • FAR 31.201 –2 (d) reads: A contractor is responsible for accounting for costs appropriately and for maintaining records, including supporting documentation, adequate to demonstrate that costs claimed have been incurred, are allocable to the contract, and comply with applicable cost principles in this subpart and agency supplements.

There are penalties for labor mischarging, requirements to ensure your organization is meeting, policies that need to be in place and more.  Join us for a webinar on 11/1 where we will discuss requirements for employees and managers related to timekeeping and DCAA Audits that focus on timekeeping.

Register here to attend: Webinar: Timekeeping and the Government Contractor

6 Reasons to Attend Deltek ProjectCon

Deltek ProjectCon, formerly known as Deltek Insight, is the destination for project-based business professionals to gather for inspiration, education and collaboration.

This year’s Deltek ProjectCon will take place on November 15-18th at the Gaylord Opryland in Nashville, TN! PCI is excited to participate as a Platinum sponsor at this year’s event!

Check out these six reasons to register for DeltekProjectCon:

  1. Deepen your Product Knowledge – This conference offers hundreds of product educational sessions teaching new skills, tips, and tricks. PCI will be hosting three sessions, listed below. Be sure to add them to your agenda!

CPSPON-13: How to use the MS Word reporting tool in Costpoint

CPSPON-14: Offers and Decisions

CPSPON-15: Do your contracts have CLINs/SLINs/ACRNs? Do your employees complain because they have too many project codes? See how ACRN billing will fix all your problems.   

  • Networking! – Connect with thousands of attendees, Deltek leaders and visit with the PCI team in the Xpo Hall!

  • Ignite Innovation – Hear how companies like yours are leveraging Deltek’s solutions!

  • Certifications – Be sure to take advantage of the complimentary Deltek University certification exams while on-site!

  • Meet 1:1 with Experts – Meet 1:1 with the PCI team, Deltek Customer Care, Solutions Engineering team and more!

  • Enjoy your time! – There are a ton of fun activities planned throughout the conference such as philanthropic activities, special networking events and a customer appreciation party!

We hope to see you there! Register now to attend!

Introduction to FAR & CAS

If you’re a federal contractor, at some point you will be faced with understanding—and complying with—federal regulations regarding acquisitions and accounting: FAR and CAS.

FEDERAL ACQUISITION REGULATION (FAR)

According to the government, FAR is “the primary regulation for use by all Federal Executive agencies in their acquisition of supplies and services with appropriated funds.” The purpose of FAR is to provide a set of consistent, uniform policies and procedures within the federal acquisition process.

COST ACCOUNTING STANDARDS (CAS)

A set of standards and rules established by the federal government to help achieve uniformity and consistency in the cost accounting principles within federal contracting. CAS also sets forth regulations that require contractors to disclose their cost accounting practices, to follow the disclosed practices consistently, and to comply with specified standards.

Learn more around the basics of FAR & CAS and why it’s important for GovCons to understand, in our upcoming webinar – Register Now.

Powering Your Project Lifecycle With Deltek

Deltek delivers software and information solutions that enable superior levels of project intelligence, management, and collaboration. Their industry-focused expertise makes your projects successful and helps you achieve performance that maximizes productivity at every stage of the project lifecycle that fuels your business.

Win – Firms want to identify clients early and pinpoint projects worth bidding for and create effective proposals that position them to win new business. In this space, firms need business analytics and relevant marketing intelligence in order to find the perfect fit and win deals. Deltek GovWin IQ can help you win more business.

Manage – After winning a project, organizations need a good plan to optimize resources, manage costs and risks, and stay on time and budget. With a full team engaged on required work, project management goes beyond a simple checklist. Companies needs to have an optimal schedule across all of their projects, as well as understanding the granular requirements to drive maximum profitability. Learn more about how Costpoint Contract Management can help manage your contract needs.

Develop – A good plan helps to deliver a great project but developing your talent and having the right people in place, truly powers project success. Project based businesses need a modern, integrated, HR and talent management approach to truly track and predict labor costs, forecast recruiting needs as well as develop and monitor employee engagement as part of your comprehensive retention strategy.

Deliver – Project based companies strive to deliver efficiently on their contract obligations while running a smooth and profitable operation. To do this, firms need the capabilities to connect resources and materials back to projects, track cost breakdown, and manage project documentation and assets in a single location. This is where Deltek Costpoint can help you succeed.

Measure – Project based businesses seek to measure both specific project profitability and analyze company level performance in terms of cash flow, people utilization, compliance, and profitability. These KPIs help ensure overall company financial health and shape future pursuits. Companies can look at trends to a more efficient, productive, and profitable company. PCI’s Business Intelligence team can assist you in personalized reports for your business.

The stages of the project lifecycle represent the fundamental workflow of project-based businesses. Helping businesses gain a competitive advantage, automating processes across the project lifecycle.

If you are interested in learning more about how Deltek’s Project Lifecycle can help your business, contact us today.

Introduction to DCAA Compliance

As a Government Contractor it is extremely important to remain compliant with rules and regulations. This blog provides a quick snapshot of DCAA and what compliance should look like for your organization.

Introduction to DCAA

What DCAA Does

  • The Defense Contract Audit Agency (DCAA) provides audit and financial advisory services to the Department of Defense (DOD) and other federal entities responsible for acquisition and contract administration.
  • DCAA provides recommendations to government officials on contractor cost assertions regarding specific products and services.
  • DCAA auditors examine contractor accounts, records, and business systems to evaluate whether contractor business practices and procedures are in compliance with the Federal Acquisition Regulation (FAR), the Defense Federal Acquisition Regulation Supplement (DFARS), Cost Accounting Standards (CAS), and other applicable government laws and regulations.
  • DCAA has the authority to establish final indirect rates.

What DCAA Does Not Do

  • DCAA audits only contractors; it has no internal audit responsibilities in DoD.
  • DCAA has no direct role in determining which companies are awarded defense contracts.
  • DCAA does not negotiate or settle costs directly with contractors.

DCAA has about 230 offices located throughout the United States, Europe, and the Middle East.

  • Headquarters
    • Regional Offices/Field Detachment
    • Corporate Audit Directorates (CAD)
    • Branch Offices
    • Resident Offices

In FY 2020, DCAA had a staff of approximately 3,843 auditors.

What is Compliance?

  • Being compliant means being compliant with ALL contract requirements and applicable regulations (FAR, DFARS, CAS, etc.).
  • DCAA doesn’t certify or issue a formal statement that an organization is DCAA compliant.
  • DCAA doesn’t approve specific software tools as compliant.

Government Contract Rules & Regulations

  • FAR – Federal Acquisition Regulations
  • CAS – Cost Accounting Standards
  • Federal Agency Supplements
    • Example: DFARS – Defense Federal Acquisition Regulations Supplement
  • The Truthful Cost or Pricing Data Statute (formerly known as TINA – The Truth in Negotiations Act)

Pro Tip: The regulations in effect on the date of contract award generally will govern the contract regardless of its period of performance and despite the fact that a regulation might change during the course of the contract.

For more information on DCAA Compliance

Access our On Demand DCAA Compliance for Small to Mid-sized Contractor Webinar or

Contact us today for more information on how PCI can assist your organization.

API Acronyms Uncovered

We live in a world filled with acronyms. For those who are not familiar, an acronym is an abbreviated formed word, formed by letters of other words and pronounced as a word.

The Application Program Interface (API) world is no different when it comes to abbreviations and acronyms. We have outlined some common API acronyms below.

  • API – Application Program Interface
  • WIC – Web Integration Console
  • SOAP and REST– types of API calls that can be made
    • SOAP – Simple Object Access Protocol
    • REST – Representational State Transfer
  • CRUD – Create, Read, Update, Delete
  • SFTP– Secure File Transfer Protocol
  • AWS – Amazon Web Services
  • SSS – Simple Storage Service
  • VPN – Virtual Private Network
  • SQL – Structured Query Language
  • CSV– Comma Separated Values
    • Type of file that can be used if SFTP sites are used
  • JSON and XML– Formats data from API calls can be in
    • JSON– JavaScript Object Notation
    • XML– Extensible Markup Language
  • 200, 400, 500 responses– responses that tell you if the API call was successful or not
    • 200– indicates successful API call
    • 400– indicates an error caused by the user
    • 500– indicates an error caused by the server
  • DNS– Domain Name System
    • Service that enables a link between domain names and the IP addresses with which they are associated
  • IP Address– Internet Protocol Address
    • unique string of characters that identifies each computer communicating over a network
  • SSL– Secure Socket Layer
    • Uses a public key to encrypt data transferred over the connection to communicate securely with the web server
  • TLS– Transport Layer Security
    • Authentication and security protocol widely implemented in browsers and Web servers
  • HTTP– Hypertext Transfer Protocol
    • protocol for information systems that allows users to communicate data on the World Wide Web.
  • HTTPS– Hypertext Transfer Protocol Secure
    • Adds SSL/TLS to the HTTP for added security
  • DB/DBMS– Database/Database Management System
    • Secure system where data is stored
  • SDK– Software Development Kit
    • Collection of software development tools in one installable package
  • CLI– Command Line Interface
    • Processes commands to a computer program in the form of lines of text
  • GUI– Graphical User Interface
    • Type of user interface where users interact with electronic devices using visual representations

We hope you have learned a new acronym or two from this today!

PCI offers cutting-edge solution integrations to complement and enhance your Deltek product investments. Our consultants help to identify and bridge gaps between various business systems, offering several third-party integrations into Deltek Costpoint and Deltek WorkBook. Our API capabilities include data pulls and custom-built integrations.

To learn more about API integrations, visit our LINK API Integration page.

Why You Should Use GovWin IQ As A Federal Contractor

The federal government contracting market is vibrant and healthy with the top opportunities for FY 2022 alone valued at more than $250B. Within this favorable & lucrative environment, contractors can win more business by using GovWin IQ.

GovWin IQ serves contractors that are selling to the federal government by providing the earliest awareness of new opportunities, deep planning intelligence, potential teaming partnerships, and the strategic insight that businesses need to get ahead of the competition and win more federal government contracts.

HOW TO COMPETE

Understanding the federal market is key to being successful at federal government contracting, whether you are an experienced vendor or a new entrant. GovWin IQ provides key insights and opportunities to help you navigate this complex, cumbersome world.

BENEFITS

PLAN BEYOND THE PROPOSAL

Discover opportunities months, or even years, before they go to bid in the form of forecast pre-RFP intelligence.

FIND A QUALITY PARTNER

Identify quality teaming partners in a specific location, level of experience, or set-aside category in our exclusive GovWin Network™ of contacts.

CAPTURE MARKET INSIGHTS

Detect market potential based on data analysis conducted by our research support team along with easy-to-use data breakdown tools within GovWin IQ.


NEXT STEPS

Looking to grow your sales with federal agencies in 2022? Master the ins and outs of this complex but lucrative market with this free guidebook. Guide: Federal Contracting 101: The Basics

Learn more about how the leading market intelligence platform can help you win more federal government contracts by contacting us today.

The Basics of CMMC

The content in this blog has been repurposed from our partner, Deltek.

Cybersecurity Maturity Model Certification (CMMC) compliance is a combination of various cybersecurity standards and best practices. The model’s creation was supported by the Department of Defense (DoD) and built upon existing regulations where compliance is based on trust and a verification component. The primary objective of CMMC is the protection of sensitive information. The origins of the compliance framework can be found in special publications from the National Institute of Standards and Technology (NIST) – NIST SP 800-171 and NIST SP 800-53 – and constructed with existing regulations, such as Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012.

CMMC addresses the protection of FCI and CUI data:

  • Federal Contract Information (FCI) – Information not intended for public release. It is provided by or generated for the government under a contract to develop or deliver a product or service to the government. FCI does not include information provided by the government to the public.
  • Controlled Unclassified Information (CUI) – Information the government creates or possesses, or that an entity creates or possesses for or on behalf of the government, that a law, regulation, or government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.

HOW WILL CMMC IMPACT GOVERNMENT CONTRACTORS?

Most organizations receiving funding from the DoD will need to be certified to qualify for future Department acquisitions, with the potential exception for commercial items. Prior to defining CMMC, the federal agencies and systems integrators required cloud service providers to meet Federal Information Security Management Act (FISMA) or Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP) requirements, including auditing of performance.

Achieving Federal Risk and Authorization Management Program (FedRAMP) authorization was the first major shift where the government began to mandate its contractors use cloud technologies for efficiency and cost savings. In addition, it became a requirement to select a cloud provider that is trusted and has been vetted by the government to help keep data secure. Not only was this mandate a major change, but for the first time government contractors now had to prove they were meeting these controls and requirements on a regular basis.

The pairing of the Cloud First Mandate and FedRAMP controls as the building blocks for CMMC compliance provided a real opportunity for government agencies to trust commercial entities to host civilian and even DoD workloads. Government contractors committed to designing, operating and reporting their results on a monthly basis will have the opportunity to achieve authorization. Those who fail to maintain their security and compliance posture could have their authorizations suspended.

UNDERSTANDING CMMC REQUIREMENTS

The CMMC includes 17 capability domains, 43 capabilities, 5 processes across five levels to measure process maturity and 171 practices across five levels to measure technical capability.

  • Level 1 – Basic cyber hygiene, includes 17 practices, no processes.
  • Level 2 – Intermediate cyber hygiene, includes an additional 55 practices and introduces two processes.
  • Level 3 – Good cyber hygiene, includes an additional 58 practices and additional process.
  • Level 4 – Proactive, includes an additional 26 practices and additional process.
  • Level 5 – Advanced/Progressive, includes an additional 15 practices and additional process.

In 2020, the DoD began implementing requirements for CMMC. All Companies that do business with the DoD will have to fully certify their CMMC compliance by October 1, 2025, passing an audit performed by a DoD accredited auditor.

  • Level 1 is where the DoD expects most firms to be currently, with select practices being documented where required.
  • Level 2 is meant to be a stepping stone to Level 3, where firms get into the practice of documenting each practice involving CUI.
  • Level 3 is a managed state where a policy has been put into place and maintained to cover all activities, with all CUI practices documented.
  • Level 4 is a higher level of cybersecurity for limited incidences of highly sensitive information, where activities are reviewed and measured for effectiveness.
  • Level 5 is the optimized zone, with a tested and standardized, documented approach seen across all applicable organizational units.

IMPORTANT CMMC TERMS YOU NEED TO KNOW

Assessors: Individuals who have successfully completed the background, training and examination requirements as outlined by the CMMC Accreditation Body (AB), and to whom a license has been issued. Assessors are not employed by the CMMC AB and may or may not be employed by the Certified Third Party Assessment Organization (C3PAO).

Certified Third Party Assessment Organization (C3PAO): An entity with which at least two assessors are associated and to which a license has been issued to engage with organizations seeking certification (OSC) to complete their associated CMMC assessment.

CMMC Accreditation Body (AB): The accreditation body that establishes and oversees a qualified, trained and high-fidelity community of assessors that can deliver consistent and informative assessments to participating organizations against a defined set of controls/best practices within the CMMC program.

Organizations Seeking Certification (OSC): The organization that is going through the CMMC assessment process to receive a level of certification for a given environment.

HOW TO GET CMMC CERTIFICATION

Government contractors should take into account the following steps for CMMC compliance readiness.

  • Step 1 – Understand the maturity level your firm needs and identify the gaps that could prevent achieving certification
  • Step 2 – Build internal support and buy-in while building a plan to close the certification gaps
  • Step 3 – Formalize processes and controls for documenting compliance
  • Step 4 – Confirm compliance through certification then maintain and monitor compliance and lend audit support

Leveraging cloud service providers can be a solid strategy for addressing many aspects of CMMC; for instance, the controls implemented in the Deltek Cloud support DFARS 252.204-7012 and NIST SP 800-171 controls which were adapted to form the basis of the CMMC framework. However, simply moving into the cloud does not automatically make a firm compliant. But it does reduce the compliance lift and can assist with getting to certification quicker and with less cost.

SELECTING A CLOUD SOLUTION FOR CMMC

Here are 4 key considerations for government contractors when looking at a vendor for a cloud solution:

  1. Does the cloud vendor have a strong government contractor client base?
  2. Can the cloud vendor demonstrate that those practices that they will perform on your behalf meet the requirements of National Institute of Standards and Technology (NIST) 800-171?
  3. What are the vendor plans are for CMMC, and what level do they strive to be? It’s important to remember that Level 3 is required to store CUI with that vendor’s solution.
  4. Does your vendor have plans to achieve Federal Risk and Authorization Management Program (FedRAMP) certification or have they already secured it?

HOW DELTEK SUPPORTS GOVERNMENT CONTRACTORS WITH CMMC

The Department of Defense (DoD) has mandated that all government contractors who complete contracts for DoD must be CMMC certified by October 1, 2025. That said, many government contractors are planning ahead, making it a top priority to find a cloud service provider (CSP) that offers a solution that can support their CMMC compliance requirements, as well as NIST mandates, FedRAMP Moderate requirements and ITAR controls.

Deltek is dedicated to protecting user data by ensuring our capabilities meet the constantly changing security landscape. We are continuously making improvements to our suite of products to better support your cyber posture by increasing investments in security, compliance and supporting technologies.

Deltek’s cloud solutions provide benefits beyond what a traditional on premise or hosting solution can provide. Businesses of all sizes can easily prepare for the ever-changing regulations of CMMC, while confidently and securely accessing data within a secure cloud environment that is continuously adjusted to meet the most up-to-date governmental and agency standards.

For more information and support around CMMC, contact us today.