How Government Agencies Can Reduce Contractor Risk

A Roadmap for Public-Sector Success

While there are many elements that contribute to successful open government, there is a global consensus that transparency in spending is one of the critical success factors – and continued technological advances make the process more efficient than ever. This is an area where many governments have made substantial efforts, albeit with varying levels of progress. In 2006, the United States passed the Federal Financial Accountability & Transparency Act (FFATA), leading to the creation of the portal, which reveals details on federal spending for contract, grant, loan, and other financial assistance awards over $25,000. In Canada, the government announced a policy in 2004 requiring mandatory publication of contracts over $10,0001, and added a contract search feature to its new web portal in 2014. The technology-enabled public data access isn’t limited to federal government, in fact, many states and provinces have built world class web portals such as New York’s

With increased transparency comes accountability, and as government agencies seek to optimize performance, many are directing resources towards improving the procurement function. Provided that public sector procurement accounts for nearly one-third of government expenditure globally2, it is clear why there is such a high focus on the public initiatives and commercial entities that receive government money. For this reason, contractor risk management has become a key focus area, as it stands to provide an immediate impact on program integrity and the reduction of fraud, waste, and abuse.

Although the concept of contractor risk management is not new, agencies are still working to strengthen the rigor of their “contractor responsibility determinations” – a specific set of procedures that many acquisition agencies have defined. Legacy database issues, incomplete or outdated contractor information, and disconnected (or siloed) information systems that inhibit visibility are among the many challenges that agencies face. Many agencies are just starting to use available applications and tools that could help automate and standardize the contractor due diligence process. Similar problems can hamper the monitoring of contractors after contract award as well.

Financial constraints have also presented a major obstacle to effective contractor risk management. Many agencies have shortages in their acquisition workforces and lack sufficient resources to meet official oversight goals. At the same time, economic trends such as globalization and an increasingly competitive marketplace have increased the likelihood of business failure, business fraud, and other high-risk activities that can undermine program performance. In short, agencies are being asked to implement more rigorous standards for mitigating contractor risk at a time when resources are strained and business risks are increasing.

The challenge of increasing transparency and oversight capabilities is offset, however, by technology advancements and a marked shift by governments towards leveraging big data and analytics to support decision making.

Best Practices for Government Contractor Risk Management

How can agencies meet their oversight responsibilities? The most cost-effective solutions for strengthening accountability and combating waste focus on identifying and preventing problems before they occur. Unfortunately, there is still substantial progress to be made in this area – and the challenge is evident throughout government organizations across the globe. In the U.S., the Improper Payments Elimination and Recovery Act of 2010 (IPERA) defined a stringent strategy for agencies to reduce improper payments. To emphasize the mounting challenge, when IPERA was enacted in 2009 the tally of improper payments was $110 billion. Today, the number has increased more than 33% to $136.7 billion.3

Effective contractor risk management does just that: it reduces the likelihood of supply chain disruption, fraud and other related problems by addressing them proactively. Contractor risk management processes ensure that potential government contractors are viable, legitimate businesses. These processes also confirm that businesses have the financial capability and operational resources to provide the required services. At the same time, it makes sure that contractors are not engaged in questionable, unethical, or illegal activities. Successful contractor risk management programs save staff time, resources, and money by significantly reducing the number of problems related to contractor non-performance or fraud. It also enables the smooth performance of government programs and functions that otherwise might be disrupted by critical failures on government contracts.

At a recent U.S. House of Representatives hearing on government waste and inefficiency, testifying federal officials agreed that preemptive action is key, emphasizing the importance of moving away from a pay and chase model to one focused on prevention.4

In our experience supporting public and private sector organizations, we are seeing an emerging set of best practices for mitigating contractor risk throughout the acquisition lifecycle:

  1. Establish a standard decision framework for mitigating contractor risk. Having a standardized approach across the agency enables consistency, professionalism and rigor that strengthen decision-making and contractor oversight. As agencies create these processes, they also should select and incorporate the most appropriate software applications and tools for automating this oversight function. Agencies that standardize the oversight process not only reduce contractor risk but also make their decisions less vulnerable to protests and other events that prevent the timely award of new contracts and task orders.
  2. Validate potential contractors with rigorous due diligence during the pre-award phase. Many governments publish specific guidance on this subject as evidenced through Canada’s Supply Manual and the U.S. Federal Acquisition Regulation. Prior to awarding a contract, an agency should verify that prospective vendors (prime contractors and subcontractors) are “responsible” and capable businesses by verifying that the contractors:
    • Accurately represent corporate relationships and beneficial ownership information
    • Have adequate financial resources—or can obtain adequate resources—to perform the contract
    • Can comply with the proposed delivery or performance schedule
    • Have a satisfactory performance record
    • Have a satisfactory record of integrity and business ethics
    • Have the necessary organization, experience, accounting and operational controls, and technical skills—or the ability to obtain them
    • Have the necessary production, construction, and technical equipment and facilities
    • Are qualified and eligible to receive an award under applicable laws and regulations, such as those relating to small business and other set-aside contracts5

    As part of the validation process, agencies should also understand the extent to which a particular prime contractor is dependent on subcontractors to deliver critical products and services. For example, a high-risk subcontractor that provides important products or services could create hazards for an otherwise low-risk prime contractor.

  3. Monitor contractor risk during the post-award phase. After awarding contracts, agencies should continue monitoring the financial and organizational health of their prime contractors and subcontractors. A company’s leadership, operations, profitability, and ability to perform can change rapidly, particularly in the current economic climate. In fact, Dun & Bradstreet’s experience working with government contractor data has shown that, on average, 20 percent of an agency’s database will undergo significant changes during a fiscal year.

    Change can increase potential risks. For example, a contractor with a satisfactory performance record could experience financial or operational difficulties that negatively impact their ability to perform on the contract. Thus, agencies must not only track a contractor’s performance on a particular project, but also monitor the overall health of the contractor and subcontractors to assure continued performance throughout the contract.

    In addition, post-award due diligence should include real-time alerts as well as periodic checks on the financial and operational stability of contractors whose contracts exceed specified dollar thresholds. These thresholds can be determined by agency leaders when they establish a standardized decision framework for mitigating risk.

    With fully automated contractor risk management processes in place, agencies can monitor contractors continuously and, when alerted to potential risks, take proactive steps to avoid problems before they occur.

  4. Adopt a portfolio view that assesses and manages the collective risk of contractors across the entire organization. When monitoring contractor risk, an agency must examine the combined risk of its entire portfolio of contractors and subcontractors. For example, a contractor might be experiencing financial difficulties that would cause moderate concern if that contractor provides services on only one contract. But if that contractor supports several agency programs, then its risk level would be much higher, because the contractor’s financial difficulties could cause major problems throughout the agency.

    Similarly, an agency might have the resources to address moderate to severe risks among, say, 3-5 percent of its contractors; but a higher percentage of contractors at these risk levels would be unmanageable. Thus, the problem isn’t with any one contractor but with the cumulative impact of those representing moderate to severe risks.

    Finally, adopting a portfolio view also means evaluating the risks associated with a contractor’s corporate parent or related corporate entities. For example, the financial troubles of the corporate parent could impact a contractor’s ability to obtain financing, skilled staff, or other resources necessary to perform on a project.

  5. Use automated reporting tools to strengthen management, transparency, and oversight. Agencies must be able to provide detailed information about how funds are spent to demonstrate that they are complying with the goals and policies established by the legislative and executive branches, and agency leadership. In fact, given the rapidly growing proliferation of data and the rapid development of technologies that consume, manipulate, and display data, it is incumbent on agencies to maintain complete records of all contractor transactions.

    Given the diverse nature of work performed across the public sector, reporting mechanisms and language vary; nevertheless, the core objective here is to provide insight into where money is going. For example, the U.S. Agency for International Development (USAID) publishes the annual “U.S. Overseas Loans and Grants” report, a publication specifically prepared for Congress. In Canada, the “Contracting Activity Report Analysis” is published as part of Health Canada’s Departmental Dashboard.

    Reporting tools with dashboards to display spending, compliance, progress toward completion, and other relevant measures are an integral part of contractor risk management—because they provide agency leaders with visibility into their entire portfolio of contractors.

Diagram 1: Managing Portfolio Risk

An agency should monitor the level and type of risk that contractors pose to the agency. The example below illustrates how two of Dun & Bradstreet’s predictive indicators, the Supplier Evaluation Risk (SER) Rating and the Supplier Stability Indicator (SSI), can be used to estimate portfolio risk.

estimating contractor risk chart

Effective Contractor Risk Management with Dun & Bradstreet

Most government officials are familiar with the D-U-N-S® Number, which is Dun & Bradstreet’s unique means of identifying and tracking an entity globally throughout all phases of its life. Dun & Bradstreet has leveraged the D-U-N-S® Number – and the databases that support it to create powerful tools for mitigating contractor risk. These tools present contractor data and risk analyses in web portals, dashboards, and agency-proprietary systems that enable decision makers to quickly assess and manage contractor risks.

For many agencies, a good place to start is with a Contractor Checklist that standardizes and guides due-diligence during both pre- and post-contract award phases. If the collected information raises “red flags” regarding a contractor, agencies can take steps to address potential risks. Some organizations create more-detailed decision trees to guide these steps. The Contractor Checklist is a simple yet valuable tool—if the contractor information is reliable. Consequently, many organizations use Dun & Bradstreet’s patented DUNSRight™ process to ensure that their information is timely, accurate and complete. For example, all of the information in the sample checklists below (Diagram 2) can be obtained using the DUNSRight™ process.

Diagram 2: Contractor Checklist

Use of a standardized checklist can help procurement professionals across the agency conform to government guidelines and mitigate risk.

Confirmation of Legal Business Name and Address Address/Facilities Change
Verification of Business Existance ("Proof of Right" Evidence) Merger or Aquisition
Validation of Years in Existence/Under Current Management Control Management Turnover
Confirmation of Capacity to Perform Confirmation of Capacity to Perform
          - Annual Revenue           - Annual Revenue
          - Number of Employees           - Number of Employees
          - Size and Location of Facilities           - Size and Location of Facilities
Active Operating Status  
Executive or Management Team Background Check Executive or Management Team Background Check
SIC or NAICS Relevancy Check  
Low Risk Scores Negative Trend in Risk Scores
Secure Financing Financing Challanges
Positive Payment Trends Negative Payment Trends
Payment History Compared to Industry Negative Payment History Compared to Industry
Business Solvency Ratios Weakening Business Solvency Ratios
Efficiency Ratios Weakening Efficiency Ratios
Profitability Ratios Weakening Profitability Ratios
Satisfactory Performance Record Unsatisfactory Performance Record
Absence of Suspensions/ Debarment Presence of Suspensions/ Debarments
Absence of Suits, Liens or Judgements Presence of Suits, Liens or Judgements
Absence of Evidence of Criminal or Fraud Activity Evidence of Criminal or Fraud Activity


Many organizations also bolster their Contractor Checklists with rigorous financial risk assessments using Dun & Bradstreet’s predictive analytics. The predictive indicators, which are a key component of the DUNSRight process, use advanced analytic techniques to provide risk insight about contractors and their future behavior, such as their likelihood of failure or ability to make payments. Many agencies use the predictive analytics to perform due diligence during pre-award selection and post-award monitoring of contractors.

Potential risks among the vast majority of contractors are neither obvious nor constant. When conducting contractor due diligence, agencies typically uncover a combination of data points that are contradictory and difficult to evaluate. For example, a contractor might have a solid payment history but a large number of pending judgments or liens. It may have an outstanding performance record but very few customers. Agency decision makers may wonder: What do these “red flags” mean for this particular contractor in this particular industry— and for our particular program?

Dun & Bradstreet’s predictive scores are based on a wealth of historical data and finely-tuned algorithms which can place the red flags in their proper context and accurately assess the risk based on a multitude of variables.

The predictive analytics include a variety of scores that can be used individually or in combination with one another to measure financial and operational risks. The different scores are:

  • Supplier Evaluation Risk (SER) Rating: Predicts the likelihood of a supplier ceasing operations or becoming inactive within the next 12 months based on depth of predictive data available about the supplier.
  • Supplier Stability Indicator (SSI): Predicts the likelihood that a business will experience significant financial or operational instability over the next 3 months.
  • Delinquency Predictor Score (DPS): Predicts the likelihood that a business will pay its bills in a severely delinquent manner within the next 12 months or seek legal relief from creditors.

At the most simplistic level, agencies can adapt the scores to a scaled approach for evaluating contractors (See Diagram 3). That is, agencies can determine in advance which scores merit approval (Low Risk), caution (Medium Risk), or potential rejection (High Risk) in the context of a responsibility determination.

Diagram 3: Contractor Risk Scorecards

Using scores such as Dun & Bradstreet Supplier Evaluation Risk (SER) Rating, agencies can implement a scaled approach for evaluating contractors.

How might an agency use this approach? The agency would quickly approve a potential contractor with a “Low Risk” score. Likewise, the agency could quickly reject a small business that was placed in the “High Risk” category because it had no record of income in the previous fiscal year, no record of a business license in its state or province of operation, and two department of taxation liens totaling $175,000. On the other hand, a large consulting firm that has filed for bankruptcy but is continuing to work for both commercial and government customers—and has a substantial pipeline of work—might yield a “Medium Risk” rating. In this case, the agency might decide to continue the investigation or monitoring of this company.

The predictive indicators can also generate web-enabled dashboards that provide detailed snapshots of each contractor’s risk profile (see Diagram 4). This allows agencies to “drill down” and view specific areas of potential risk. Used together, the risk dashboards and scorecards can significantly streamline the due-diligence process in both the pre- and post-award phases of a contract.

Diagram 4: Web-Enabled Due Diligence, Pre- and Post-Award

A web-enabled dashboard can provide a snapshot of a contractor’s financial and operational stability.

Once the information and processes are in place for creating the scorecards and dashboards, agencies can also create automated alerts to inform them of significant changes within their contractor portfolios, such as notifying them when a contractor moves into the “High Risk” category. For example, a Dun & Bradstreet customer with 23,000 global suppliers was able to increase the percentage of suppliers it monitors from 5 percent to 100 percent for issues such as financial stability, quality and delivery, debarment, suits, and environmental and safety compliance. In one instance, the organization was able to predict the bankruptcy of a key supplier with a six-month lead time.

As shown in Diagram 5, Dun & Bradstreet’s alerts can provide significant advance notice of pending trouble with a supplier, enabling agencies to take steps to mitigate the potential risk. While agencies can usually anticipate problems with large companies, supplier alerts are extremely valuable for tracking small to mid-size companies whose problems might not become apparent until it’s too late to take corrective action.

Diagram 5: Supplier Alerts

D&B insight allows companies to take action before suppliers declare bankruptcy.

sample report

In addition to providing tools for mitigating contract risk, Dun & Bradstreet delivers custom-tailored, mission-centric consulting services. Throughout engagements with small municipal offices and large federal departments, Dun & Bradstreet consultants have helped agencies determine their risk tolerance, establish a risk strategy, and adapt best practices for contractor risk management to meet their unique mission challenges. Initially, this includes the development of standardized processes, then moves on to the selection and implementation of the requisite tools needed to conduct rigorous due diligence during pre- and post-contract award. And, of course, Dun & Bradstreet also works with agencies to customize their reporting tools so they can respond effectively to new federal requirements for improved accountability and oversight.

Agencies also can merge their contractor data with Dun & Bradstreet’s business intelligence and implement automated online solutions that are customized for their specific contractor risk management needs (see Diagram 6). The various risk measures and analyses are presented in dashboards that allow decision makers to view, sort, and analyze contractor and spending data in a wide range of categories, such as industry, geography, spending amounts, and diversity classification. Agency officials can quickly generate reports that reveal which contractors have the highest dependency on the agency for their revenue, which contractors are at risk, whether they are critical contractors, and where the agency’s risk is located (by industry, spend category, geographic region, and business unit).

For many years, contractor risk management was more art than science. Agencies would make risk assessments by combining anecdotal and quantitative information—if available—in an ad-hoc manner. But today, government organizations can take a scientific approach, one that is not only continuous and proactive, but also holistic and thorough. Predictive analytics, which are learned over time, provide accurate insight and information, as well as industry–specific support and analysis.

Diagram 6: Automated Reporting

This online reporting tool shows the risks associated with an agency’s contractors, both individually and in aggregate.

online reporting tool screenshot


The demand for increased transparency and accountability can place a great strain on agency staff and resources. Moreover, the rapid expansion of government spending and programs magnifies oversight challenges, particularly those related to mitigating contractor risks. Ultimately, government efforts to improve transparency and oversight will lead to greater operational efficiencies and lower costs by reducing fraud, waste, and abuse. The challenge facing agency leaders is in finding the most cost-effective path to achieving these goals, in both letter and spirit.

The best practices for contractor risk management provide such a roadmap. Agencies that have embraced these practices have significantly improved their ability to mitigate contractor risks. By taking advantage of new tools and technologies, agencies have been able to automate oversight processes and become more proactive in managing contractors, identifying risks, and preventing problems before they occur.

Dun & Bradstreet Enables Better Government by Uncovering Truth and Meaning from Data

For 90 years, we have adapted our proprietary data and analytics into high-impact public sector solutions – delivering maximum taxpayer value. Dun & Bradstreet enables better outcomes for government organizations across the globe, partnering with many federal, state, and provincial agencies including all 15 U.S. Cabinet- level departments, the European Commission, and the United Nations – as well as nearly 90% of Fortune 500 companies.

From the largest federal agencies to the smallest state and provincial jurisdictions, Dun & Bradstreet Government works with agencies in every facet of government operations providing timely and critical information to support national security, improve government operations, drive economic growth, and reduce fraud, waste, and abuse.

To learn how Dun & Bradstreet can help to advance your unique mission objectives call us at (800) 424-2495 or email to speak with a government solutions consultant.


  1. Government of Canada, Treasury Board of Canada. “Disclosure of Contracts Over $10,000 - Overview,” October 29, 2004.
  2. Size of Public Procurement.” In Government at a Glance, 136–37. Organisation for Economic Co-operation and Development, 2015.
  3. Office, U.S. Government Accountability. “Improper Payments: CFO Act Agencies Need to Improve Efforts to Address Compliance Issues,” no. GAO-16-554 (July 11, 2016).
  4. House Hearing on the Government Accountability Office’s 2016 Duplication Report, § House Oversight and Government Reform Committee (2016). In his testimony to the House Oversight & Government Reform Committee, Dr. Patrick Conway, Chief Medical Officer of the Center for Medicare and Medicaid Services underscored the fact that his organization realizes the importance of prevention, stating that “today we have analytic technologies, fraud prevention systems to identify investigative leads to protect the Medicare program from inappropriate billing.” He went on further to highlight that within the first three years of implementing the new approach the organization prevented $820 million in inappropriate payments.
  5. “Federal Acquisition Regulation, Subpart 9.1: Responsible Prospective Contractors, 9.104-1, General Standards.” Accessed February 3, 2017.