Read part 2 of this series on solicitation sins here.
Sinful habits die hard. Pious reformers have long prayed over the solicitation sins from parts 1 and 2 of this series — requirements sprawl, fixating on compliance over outcomes, rule pools, insider rewards programs — but change comes slowly. “Culture” is one commonly accused culprit. What does this culture look like? Our last two sins, “Locked In” and “Copycat,” give us a glimpse.
Solicitation sin #5: Locked in
Some solicitations are so laden with sin that they condemn the government to years in the wilderness of questionable contracts. This is the fifth sin, “Locked In,” in which large contracts are unnecessarily awarded to a single vendor for five-plus years.
Most of the U.S. government defaults to five-year-long contracts: one “base” year followed by four “option” years. Five is a nice round number, but today five-year contracts are a cultural artifact. A 1969 revision to the Armed Services Procurement Regulation first introduced five years as a maximum contract length.1 That maximum made its way into part 17 of the Federal Acquisition Regulation (FAR). After decades of inertia, this maximum is getting a second look — but not to make it shorter. The five-year limit isn’t enshrined in a statute passed by Congress, and the Trump administration’s proposed changes to FAR part 17 would remove the limit altogether.
Life moves faster than it did in 1969, though: Bids are uploaded instead of mailed, technology changes month to month, and tasks that would have taken a contractor weeks can now be done in minutes. But contract lengths have stayed the same.
Take the Defense Department’s recent solicitation looking for an “Alerting Service,” which would ping up to 3.5 million staff with updates about “emerging events” based on publicly available information. Interested companies would need to wade through eight different attachments to figure out how to bid. The paperwork is worth it, though, since winning this contract means winning a long-term lottery: The contract can last up to five years and six months.
Or the U.S. Marshals Service’s posting for IT services supporting the Justice Prisoner and Air Transportation System. Software can change quickly, but this contract probably will not, since the potential period of performance comes out to seven and a half years.
Long-term planning can be admirable. Some contracts — say, for construction — will genuinely take five or more years to finish up. Or when vendors need to make huge upfront investments, a long payoff timeline can entice qualified competition.
Locking in five-year tech contracts, however, just allows the solicitation sins of the father to be visited upon their children a decade later: Between now and 2031 (or 2033), needs will change, technology will advance, and the project budgets will rise and fall. Five-year terms mean that the government doesn’t have to reassess these multimillion dollar documents… ever, especially since the default is to renew contracts when they finally do expire. The government can choose each year to cut the contract short by declining to exercise its annual option.2 In practice, agencies almost always exercise option years, given how much work it would be to recompete the contract.
A contract that long hands vendors abundant opportunities to bolster their own prospects for renewal by insulating themselves from competition: hoarding documentation or data that would be lost if the government ended the relationship, for instance, or convincing government buyers that only this particular “alerting system” could ever work for DoD.
Finally, isolating any function from direct management for so long means less pressure to adapt, innovate, and evolve. The camera giant Eastman Kodak outsourced IT to IBM for 10 years, missed the opportunities of photography in the 21st century — and was bankrupt by 2012. As Jennifer Pahlka and Andrew Greenway put it, “If a government is locked into a multi-year contract and a technology we can’t change, then the whole idea of test-and-learn is a non-starter.”
When procurement moves slowly — some contracts take more than a year to award — the temptation to issue long-term agreements grows. Extended contract times offer the allure of stability and predictable prices, even if the biggest savings come from regularly checking if a contract is needed at all, or if a competitor could offer a better option more affordably after just one or two years.
Five-year contracts are a cultural artifact based on a guideline dating back to the 1960s. Just because a contract can last up to five years (or even more if the limit is removed) does not mean that it should. Three-year contracts prompt the government to reassess its needs more frequently, without excessively burdening agencies with constant recompetes or harming the incentives for vendors to bid.
To avoid today’s sin being the next generation’s purgatory, take your five-year contract and make it shorter, not longer.
Solicitation sin #6: Square peg
A sad solicitation secret: The government will often copy terms wholesale from the last contract and paste them into a new solicitation. If it’s page after page of boilerplate being copied, that might not be a problem — even if that boilerplate should be boiled down. Try that with a pricing model, though, and it’s like hammering a square peg into a round hole: You can force it in, but something’s going to crack.
So how do you know which pricing peg fits? Let’s break it down for two common contract types:
The Defense Counterintelligence and Security Agency (DCSA) recently — and unwittingly — published a phenomenal example of when not to use Firm Fixed Price. DCSA’s Industrial Security team makes sure that companies entrusted with confidential information don’t let the nation’s secrets slip out. DCSA wants a company to provide administrative services for anything that might come up. A very limited sample of required tasks includes:
- 5.4.1.2. The Contractor shall provide expert and comprehensive knowledge of DoD and fiscal programs and policy; make recommendations to optimize use of IS funds and allocations; evaluate spending needs; support estimating and forecasting future financial requirements; and assist in monitoring spending to ensure IS remains within allocated budget.
- 5.4.1.5. The Contractor shall update the Acquisition and Budget Management (ABM) Tool weekly to report funding activities such as travel and GPC expenditures. The Contractor shall have knowledge of workflow processes and ability to export data to PowerPoint to create approximately 4-5 slides monthly (emphasis added).
- 5.5.14. The Contractor shall monitor SAP group email boxes daily, respond to various SAP questions, log responses into One Note or successor system, and assign to ISP SAP action officers as needed. Estimated workload for this requirement is 15–20 emails weekly (emphasis added).
- 5.6.29. The Contractor shall analyze cyber-relevant information in industrial security, counterintelligence, Cyber-threat, Cybersecurity reports, DoD policy documents, and statutes to recommend security, policy, and technical interpretations of the material analyzed to strengthen safeguarding classified information held by cleared contractors.
DCSA adds that “there is a current contract under which these services are being performed, and the contract type is firm fixed price (FFP).” Costs for the current contract have gone past $49 million in three and a half years, approaching the contract’s maximum allowed spending of $53 million. Under FFP, those costs do not depend on how much work — or what type of work — the vendor actually has to do. In other words, the government is paying a company $10 million a year in case these tasks are needed. It would make much more sense to pay the defense budget wizard (5.4.1.2), PowerPoint maven (5.4.1.5), email monitor (5.5.14), or cyber czar (5.6.29) based on how much they actually do. DCSA should be using T&M. Instead, DCSA printed a square peg, mashing this requirement into an FFP contract.
Contracting giant General Dynamics (GDIT) benefitted from a mirror-image square peg with a $36 million sole source award for biometric identification services: Department of Homeland Security issued a T&M contract when FFP could have given better value.
The sole source announcement on its own should set your concrete boat senses tingling. GDIT has worked on this biometric identification project for 10-plus years, according to the notice. The company’s “expert knowledge” of “often-undocumented business logic” and an automation tool GDIT itself built make it indispensable:
They possess unique knowledge of the entire set of complex and highly sensitive business rules and data access security controls that are required to manage data sharing between stakeholders.
Translation: DHS doesn’t understand the system, and bad documentation means no other company would, either. So everything would fall apart without GDIT.
But DHS claims that there’s light at the end of the tunnel. This new contract supposedly has a clear scope: decommission one legacy system and bring the replacement online by September 2026. GDIT knows the system inside and out. Since it’s already doing the work, the government can accurately estimate how expensive it will be to finish the job. While the sole source might not be ideal, GDIT’s experience is essential to completing the project “on schedule and within budget.”
A fixed-price contract makes sense to finish this long-running project. DHS has clear goals, well-founded cost estimates, and an aversion to uncertainty. Unfortunately, the new contract is a round hole for DHS’s square peg. As with the old contract, this new sole-source job will be T&M. Despite clear goals, DHS is paying GDIT based on how many hours it works, and not whether it hits its timeline. The contractor has every incentive to work slowly. DHS employees trying to use the contract to meet the September 2026 deadline will be frustrated to find that their T&M round hole doesn’t give them much leverage. There’s no evidence that this vendor is overcharging the government — but if it was, the contract doesn’t make the problem easy to address.
Concrete boats can be built on any contract type. But the government needs to think through how each contract type can blow up. T&M will turn into a boondoggle when contracted employees aren’t using their time well — you pay a lot for people doing the wrong jobs. FFP contracts sink when you ask for the wrong deliverables — like buying meetings and emails instead of an answer to your problem — or you misestimate how much it will cost to get there.
Contracting officers juggling a dozen projects will go with what they know, so it’s not surprising that familiar pricing schemes get reused, even if they don’t fit the need. Smart decisions about contract type rely on thoughtful planning and clarity about what a contract’s goals are. Otherwise, it may not be clear whether the peg is round or square.
But the government should never guess. When $40 million contracts are on the line, “we’ve always done it this way” is not absolution for this solicitation sin.
- Vernon J. Edwards, “The Five-Year Limit on Government Contracts: Reality or Myth?,” WiFCON.Com, March 2003, https://www.wifcon.com/anal/analfiveyear.htm.
↩︎ - A five-year contract is typically made up of one “base” year followed by four consecutive one-year “options.” Each year, the government can decide whether or not to exercise the option year, i.e. extend the contract one more year. ↩︎
