Sign In



Recognition Where Due: Tips for Writing Award-Winning Nominations Where Due: Tips for Writing Award-Winning Nominations2022-12-02T17:00:00Z _Banner.jpg, _Banner.jpg _Banner.jpg<div class="ExternalClass958B10607D504B24B72E5AD9CD2D961B">The Department of Defense (DoD) is among the strongest proponents of recognizing outstanding individual and team performance that I have encountered. Whether unit level or team awards, individual decorations, retirement and end-of tour awards, annual awards programs, or other honors and recognition opportunities, I contend that the DoD does it right. The myriad benefits of personal and team accolades include enhanced morale, motivation, recognition, prospects for promotion, feedback, unit cohesiveness, and personal and professional satisfaction.<br> <br> For defense acquisition professionals and for logisticians, product support, and sustainment professionals, numerous Service and DoD-level individual and team award opportunities exist. These include, for example, the Navy’s Admiral Stan Arthur Award, the Air Force’s General Leo Marquez Award of Maintenance Excellence, and the Secretary of the Air Force James G. Roche Product Support Excellence Award, as well as the Army’s Chief of Staff of the Army Combined Logistics Excellence Awards, including the Award for Army Maintenance, Deployment Excellence Award, and the Supply Excellence Award Programs.<br> <br> At the department level, opportunities are just as numerous, including the Defense Acquisition Workforce Individual Achievement Awards, the Secretary of Defense Product Support Manager Awards, Secretary of Defense Performance-Based Logistics Awards, and Secretary of Defense Maintenance Awards Program, as well as the DoD Award for Supply Chain Excellence, DoD Packaging Innovation Excellence Award, and Packaging Production Achievement Award, and the DoD Diminishing Manufacturing and Material Shortages Program Achievement Awards among others.<br> <br> Many of us have authored a nomination, contributed to or had a chance to review one, and in some cases, have been privileged to be a nominee or even a winner of a major DoD or Component-level award. In each case, we should remember that ultimately an individual, a board, or a selection panel reviews, evaluates, scores, identifies, and selects the winning nomination. Over my career, I have written more award nomination packages than I can count, and have participated in many DoD and organizational award selection boards. I have found that strong, winning nomination packages routinely share common attributes. Permit me to offer a few observations and lessons learned that may help both award nominees and those who write their nomination packages to transform deserving submissions into award winners. <h3><strong><span style="color:#B22222;">Step 1. “The Basics” </span></strong></h3> <ul> <li>Review and understand the award criteria before you begin.</li> <li>Begin with the desired outcome in mind. Ask yourself what you’re trying to accomplish. Assuming the answer is to craft an award-winning package, ask yourself what it will take to get there.</li> <li>Follow the instructions. If there is a page limit, don’t exceed it. If there are format requirements, make sure that you meet them.</li> <li>Begin the writing process early. Don’t wait until late in the game to get started.</li> <li>Build in sufficient time needed for internal review, edits, staffing, rework, and approval.</li> <li>Write well. This bears repeating: Write well. Make sure that there are no spelling or grammatical errors. Avoid tense shifts. Use active voice and relentlessly root out passive voice.</li> <li>If the award nomination covers a specific period, ensure that the contributions actually occurred during the specified period.</li> <li>Whether the nomination is for an individual, a team, or an organization, clearly convey why the nominee deserves recognition.</li> </ul> <img alt="Remember the 3 Rs: Results results results" src="/library/defense-atl/DATLFiles/Nov-Dec_2022/NovDec2022_article7_image1.jpg" style="width:100%;" /> <h3><strong><span style="color:#B22222;">Step 2. “Getting Started”</span></strong></h3> <ul> <li>Ask yourself a vitally important question before you begin: Is this nomination truly competitive? You may ultimately conclude that this simply “isn’t our year.”</li> <li>Be cognizant of the scoring and weighting categories and factors outlined in the award instructions.</li> <li>If the nomination award criteria includes multiple categories, don’t put all your eggs (accomplishments) into one basket (a single category). Pay particular attention to the most critical areas without overlooking the seemingly less important ones.</li> <li>As an addendum to the previous observation, don’t ignore the importance of a lesser weighted category. All other things being equal, a so-called less important category may turn out to be the section that ultimately separates the winner from the runner-up.</li> <li>Review previous-year nomination submissions if available. What kinds of information did previous winning packages include?</li> <li>Enlist another set of eyes. Seek subject matter experts, mentors, or trusted colleagues to review the package and provide feedback and suggest improvements. Don’t let pride of authorship cloud your judgement. No matter how good you think it is, the nomination package can always be better.</li> <li>Edit, re-edit, then edit again. Eliminate extraneous words. Avoid “fluff.” Steer clear of unsubstantiated assertions. Don’t embellish, exaggerate, or overstate accomplishments.</li> </ul> <img alt="Constantly ask yourself the hard questions, such as: " src="/library/defense-atl/DATLFiles/Nov-Dec_2022/NovDec2022_article7_image2.jpg" /> <h3><strong><span style="color:#B22222;">Step 3. “Keep in Mind”</span></strong></h3> <ul> <li>Does this award nomination “stand out from the crowd”? Ask yourself what sets the nominee(s) apart? What separates the “very good” from the truly “outstanding?”</li> <li>Put yourself in the shoes of the assessors. More is not always better. Be concise. Get to the point. Brevity is often a force multiplier.</li> <li>Avoid long, flowery, overly detailed verbiage. Avoid unsubstantiated superlatives.</li> <li>Reconfirm that those specific accomplishments listed in the nomination actually occurred within the award period.</li> <li>Think carefully about whether to include accomplishments that began during the award period, but are still “in progress.”</li> <li>Constantly ask yourself the hard questions, such as: “So what?” “Why does it matter?” “Why should the reader care?” “What difference did a specific accomplishment make?”</li> <li>Be specific. Cite particular examples.</li> <li>Don’t assume the assessor will be familiar with the nuances of everything in the nomination. Clarify, explain, or provide additional context as appropriate.</li> <li>Focus on outcomes and quantify benefits. Were they one-time or ongoing improvements over a period? Performance enhancements? Were key metrics achieved or exceeded? Did the nominee simply meet the standard, or did they exceed it? If the latter, by how much?</li> <li>Were there cost savings? If so, how much? Be certain that your numbers are accurate if you cite specific dollar amounts. Be prepared to prove this, if asked. Differentiate between cost savings and cost avoidance.</li> <li>Highlight specific examples of innovation, initiative, creativity, “above and beyond” activities, unique solutions, critical thinking, and leadership</li> <li>Did the nominee contribute to enterprise outcomes that went beyond their own organization, specific programs, or themselves? Did their efforts or initiatives contribute to success of other organizations besides their own?</li> <li>Success begets success. Consider citing credible sources (e.g., senior leaders, Government Accountability Office, Service, or DoD Inspector General, and auditors) who may have spoken about the individual, team, or accomplishment. Solid, hard-hitting quotes from credible source can powerfully reinforce key points in the nomination.</li> <li>Perhaps most importantly, focus on impacts and benefits. Remember the 3Rs: Results, results, results!</li> </ul> <h3><strong><span style="color:#B22222;">Step 4. “Polish the Fenders”</span></strong></h3> <ul> <li>Enlist support from trusted colleagues, supervisors, and mentors to review your work and provide feedback.</li> <li>Be ruthless in culling extraneous information that doesn’t substantively contribute to the ultimate goal of an award-winning package.</li> <li>Remind yourself before submitting the final package that the awards board members will have to read it and draw conclusions based on the content and the criteria. Get to the point. Make every word count.</li> <li>Submit the nomination on time and follow-up to ensure it was in fact received.</li> </ul> As the end of the day, submitting your organization, a colleague, or a subordinate for a major award (or a decoration for that matter) is a powerful way to convey the significance of their work ethic, contributions, and demonstrated performance. Recognizing their success is a powerful and tangible means of signaling just how much you and your organization value the individual (or the team members) and their performance. It would follow, therefore, that if a nomination is worth submitting in the first place, it’s worth taking the time to get it right. With that in mind, also remember that competition is likely to be fierce at the Component or DoD level. Every other nomination is likely to have been thoroughly vetted, often at multiple echelons, so ensuring that the nomination stands out from the competition is critical.<br> <br> Finally, and perhaps most importantly, winning a Service or DoD-level award almost certainly will boost the reputation of the organization, prove career-enhancing for the individual nominee or team members and, in some cases, open the door to new and exciting career opportunities. Taking the time to provide recognition where recognition is due by writing an award-winning nomination package is absolutely worth the time, energy, and effort. <hr /> <h3><strong><span style="color:#B22222;">RESOURCES</span></strong></h3> <ul> <li><a href="/acquipedia/pages/articledetails.aspx#!712" target="_blank">DoD Product Support & Sustainment Awards</a></li> <li><a href="" target="_blank">DOD Instruction 5025.13 DoD Plain Language Program</a></li> <li><a href="" target="_blank">DOD Manual 5110.04, Volume 1 Manual for Written Material: Correspondence Management</a></li> <li><a href="" target="_blank">DoD Writing Style Guide and Preferred Usage For DoD Issuances</a></li> <li><a href="" target="_blank">DoD Issuance Style Guide The Official Guide to Writing and Publishing DoD Issuances</a></li> <li><a href="" target="_blank">Air Force Handbook 33-337 “The Tongue and Quill”</a></li> <li><a href="/events-series#Mentoring%20Moments" target="_blank">Mentoring Moments Webinar Series</a></li> </ul> <hr /><strong>Kobren</strong>, the Director of the Logistics and Sustainment Center at DAU, Fort Belvoir, Virginia, has been a certified Department of Defense (DoD) Life Cycle Logistician since 1993. He is the Executive Secretary of the Life Cycle Logistics Functional Integration Team. He has supported myriad DoD human capital and workforce professional development initiatives including the DoD Life Cycle Logistics Back-to-Basics Transformation Task Force, two DoD Logistics Human Capital Strategy development projects, the 2009 DoD Weapon System Acquisition Reform: Product Support Assessment implementation team, two Service-level logistics workforce reconstitution teams, and three life-cycle logistics functional area competency reviews.<br> <br> The author can be contacted at <a class="ak-cke-href" href=""></a>. <h6>The views expressed in this article are those of the author alone and not the Department of Defense. Reproduction or reposting of articles from Defense Acquisition magazine should credit the authors and the magazine.</h6> <hr /><a href="" target="_blank"><img alt="tweet" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/tweetbutton.jpg" style="width:10%;" /></a><a href="" target="_blank"><img alt="subscribe" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/suscribebutton.jpg" style="width:10%;" /></a><a href="/library/defense-atl/DATLFiles/Nov-Dec_2022/Kobren_NovDec2022.pdf" target="_blank"><img alt="print" src="/library/arj/ARJ/ARJ%20101/print_button.jpg" style="width:10%;" /></a></div>string;#/library/defense-atl/blog/Recognition-Where-Due
Accounting Shape Shifters - The Nature and (Mis-) Behavior of Costs Shape Shifters - The Nature and (Mis-) Behavior of Costs2022-11-25T17:00:00Z,<div class="ExternalClass351902B5E5BE4BD1AF8702550DBEC816">Reimbursement of contractor costs can be a problematic exercise, depending upon how the costs are labeled. The compensation allowed may differ under<br> generally accepted accounting principles (GAAP) from that allowed under the Federal Acquisition Regulation (FAR).<br> <br> We routinely cover a topic called “Cost Behavior” in the graduate Management Accounting class I teach. Although intended to describe the subject of fixed and variable costs, the term conjures the sometimes roguish behavior of costs relative to their nature and reporting. For the nature or shape of a cost can occasionally misbehave as it seemingly changes or <em>shifts </em>during its life cycle of occurrence, recording, reporting, and recovery (Figure 1).<br> <br> This shape shifting can happen even for costs appropriately recorded and reported under GAAP. In federal acquisition, costs are reimbursed to contractors subject to their labeling (FAR Cost Principles) according to which five kinds of appropriations are involved. Apparent cost metamorphosis over occurrence, recording, and reporting might be problematic for determining cost reimbursement to the contractor. The purpose and design of a cost accounting system is challenged by the many adjectives assignable to the “cost” during its duration. <h3><span style="color:#B22222;"><strong>GAAP Shape Shifting </strong></span></h3> Costs can shape shift under GAAP. For example, buying a building seems fairly straightforward in that the cost is first reported on the balance sheet as an asset in the amount the buyer pays. The cost is, then, subsequently reported as periodic depreciation expense on the income statement over the building’s useful life.<br> <br> However, the costs of a building can also include such ancillary items as renovation costs, architectural fees, building permits, payments for materials, labor, and other miscellaneous expenditures needed to ready the building for use. In the case of a self-constructed building, interest on money borrowed may be an added cost. These related costs won’t be reported by their nature on the income statement. Rather, since those architectural fees have been rolled into the asset account titled “Building,” they will be reported as depreciation expense over the building’s assumed life.<br> <br> As another example, inventory can include raw materials, direct labor, and a variety of indirect product costs such as utilities, property taxes, rent, insurance, and supervisory salaries. These related costs won’t be reported in terms of their nature on the income statement. Rather, those associated utilities costs will be reported as an inventory expense (Cost of Goods Sold) and only when the inventory is sold.<br> <br> <strong>Figure 1. Gears of Contractor Cost Reimbursement​</strong><br> <br> <img alt="Figure 1. Gears of Contractor Cost Reimbursement" src="/library/defense-atl/DATLFiles/Nov-Dec_2022/NovDec2022_article6_figure1.jpg" style="width:50%;" /> <h5><em>CAS = Cost Accounting Standards<br> FAR = Federal Acquisition Regulation<br> GAAP = generally accepted accounting principles</em></h5> <h6>Source of all figures and tables: The author</h6> <table border="1" cellpadding="3" cellspacing="3" style="width:100%;" summary="Table 1. Federal Acquisition Regulation Costs and References"> <caption> <div style="text-align:left;"><strong>Table 1. Federal Acquisition Regulation Costs and References</strong></div> </caption> <thead> <tr> <th scope="col">FAR Cost</th> <th scope="col">FAR Part 31 Reference</th> </tr> </thead> <tbody> <tr> <td style="text-align:center;">Material</td> <td style="text-align:center;">31.205-26 Material costs</td> </tr> <tr> <td style="text-align:center;">Manufacturing and Production Engineering</td> <td style="text-align:center;">31.205-25 Manufacturing and Production Engineering</td> </tr> <tr> <td style="text-align:center;">Labor</td> <td style="text-align:center;">31.205-6 Compensation for personal services</td> </tr> <tr> <td style="text-align:center;">Other direct and indirect contract costs</td> <td style="text-align:center;">Remaining FAR Part 31 cost principles</td> </tr> </tbody> </table> <br> <strong>Figure 2. GAAP Cost of Goods Sold—Account Analysis​</strong><br> <img alt="Figure 2. GAAP Cost of Goods Sold—Account Analysis" src="/library/defense-atl/DATLFiles/Nov-Dec_2022/NovDec2022_article6_figure2.jpg" style="width:75%;" /> <h3><span style="color:#B22222;"><strong>Why It Matters—Far Shape Shifting</strong></span></h3> The GAAP inventory expense previously discussed or Cost of Goods Sold is not a cost item found in the FAR Part 31 Contract Cost Principles and Procedures. However, the following costs in Table 1 are provided for in the FAR Part 31 Contract Cost Principles and Procedures. If Cost of Goods Sold isn’t provided for in the FAR, where is government reimbursement occurring with these costs? Figure 2 illustrates the composition of GAAP-Cost of Goods Sold.<br> <br> Is it appropriate for contractors to be reimbursed at the Purchases line in the composition of goods sold computation rather than the computed Cost of Goods Sold? It generally is, since the purchases were made for and assigned to a specific contract in the contractor’s cost accounting records. The assignment would indicate their descriptive names of material, labor, and indirect cost. Moreover, ending inventory can be determined by a number of GAAP-compliant costing methods (such as First-In, First-Out), which may result in a computed Cost of Goods Sold that differs from the contractor’s purchases.<br> <br> What about other expenses, some of which are provided for in the FAR? Where does cost reimbursement occur for these? Figure 3 might help.<br> <br> Although GAAP-accrued expenses are generally acceptable for FAR reimbursement, the federal government doesn’t normally expect to pay for an expense over-accrual. Mistakes can happen since many accruals are estimated. For that reason, the FAR provides that in most cases for reimbursement to occur, the contractor needs to pay the accrual fairly soon after occurrence.<br> <br> Well, it sounds like GAAP expense should be appropriate, then, for FAR reimbursement, right? Not in all cases.<br> <br> <img alt="coins stacked on a table" src="/library/defense-atl/DATLFiles/Nov-Dec_2022/NovDec2022_article6_image1.jpg" style="width:100%;" /> <h3><span style="color:#B22222;"><strong>Compensation</strong></span></h3> In the case of FAR 31.205-6 “Compensation for personal services,” a maximum reimbursement amount has been incorporated into the cost principle, apparently triggered by political influences. Specifically, and without judgment, Iowa Sen. Chuck Grassley’s web page includes a 2012 quote from California Sen. Barbara Boxer with respect to the history of the FAR compensation cap: “There is simply no reason that taxpayers should fund government reimbursements for private contractor salaries at a rate more than three times what Cabinet secretaries earn.”<br> <br> It’s fairly easy to identify compensation cost when it is expensed and reported as compensation expense (e.g., salaries and wages) on an income statement. However, compensation cost that is capitalized and subsequently GAAP-depreciated or amortized over years can total more than annual FAR-permitted caps.<br> A relatively new GAAP provision issued by the Financial Accounting Standards Board, accounting standards codification (ASC) 340-40, requires capitalization of the incremental costs to obtain a contract. These incremental costs can include commissions, another form of compensation. What amount will be entered into the cost accounting records by contractors? Interestingly, perhaps unintentionally, the only FAR Part 31 cost principle that specifically refers to the term cost accounting records is the one for compensation. Specifically, FAR 31.205-6 (p)(1)(i) states that “Compensation means the total amount of wages, salary, bonuses, deferred compensation … as recorded in the contractor’s cost accounting records for the fiscal year.” (Emphasis added.)<br> <br> Therefore, procurement officials need to ask contractors the fundamental question: What has been entered into the cost accounting records as compensation? The following is a simple example of a possible inadvertent overpayment from relying upon GAAP expense.<br> <br> <strong>Figure 3. GAAP Other Expenses—Account Analysis</strong><br> <img alt="Figure 3. GAAP Other Expenses—Account Analysis" src="/library/defense-atl/DATLFiles/Nov-Dec_2022/NovDec2022_article6_figure3.jpg" style="width:75%;" /> <h3><span style="color:#B22222;"><strong>Unintended Consequences of GAAP Reimbursement</strong></span></h3> The previously mentioned ASC 340-40, Other Assets and Deferred Costs-Contracts with Customers, now requires capitalizing (recording as an asset) incremental costs to obtain a contract. The cost is then subsequently expensed over the contract’s life. The example provided by ASC 340-40 includes commissions—i.e., potential added compensation. These new capitalized commission costs join with the previously discussed labor costs that may be already included in the inventory, property, plant, and equipment asset accounts.<br> <br> Government reliance on GAAP-recorded expense for contract reimbursement might push payment over the FAR 31.205-6 cap. Let’s assume just for illustrative purposes in Tables 2 and 3 that recorded in the “cost accounting records” means GAAP-measured expense.<br> <br> The following tables indicate how inadvertent reimbursement over the compensation cap might occur during the life of a contract when a GAAP-recorded expense is relied upon for reimbursement of compensation cost. <h3><strong><span style="color:#B22222;">What’s in a Name? Costs Versus Expenses </span></strong></h3> Contract reimbursement relies on cost accounting records set up for specific contracts. Generally, cost accounting records are prepared in accordance with the federal Cost Accounting Standards (CAS) issued by the Cost Accounting Standards Board (CASB). The government is attempting to lighten the burden that contractors may experience from CAS compliance since the 2017 National Defense Authorization Act directed that the CASB ensure that CAS rely as much as possible on GAAP. Well, that should solve everything, right? Not so fast. <table border="1" cellpadding="3" cellspacing="3" style="width:100%;" summary="Table 2. GAAP Expensing Prior to ASC 340-40"> <caption> <div style="text-align:left;"><strong>Table 2. GAAP Expensing Prior to ASC 340-40</strong></div> <div style="text-align:center;"><strong>RECORDED IN THE COST ACCOUNTING RECORDS</strong></div> </caption> <tbody> <tr> <td> </td> <td><strong>Year 1</strong></td> <td><strong>Year 2</strong></td> <td><strong>Year 3</strong></td> <td><strong>Year 4</strong></td> <td><strong><strong>Year 5</strong></strong></td> <td><strong>Total</strong></td> </tr> <tr> <td>Salary</td> <td>450,000</td> <td>450,000</td> <td>450,000</td> <td>450,000</td> <td>450,000</td> <td>2,250,000</td> </tr> <tr> <td>Plus: Commission</td> <td>100,000</td> <td>0</td> <td>0</td> <td>0</td> <td>0</td> <td>100,000</td> </tr> <tr> <td>Equals: Subtotal</td> <td>550,000</td> <td>450,000</td> <td>450,000</td> <td>450,000</td> <td>450,000</td> <td>2,350,000</td> </tr> <tr> <td>Less: Disallowed</td> <td>(50,000)</td> <td>0</td> <td>0</td> <td>0</td> <td>0</td> <td>(50,000)</td> </tr> <tr> <td>Equals: Reimbursed</td> <td>500,000</td> <td>450,000</td> <td>450,000</td> <td>450,000</td> <td>450,000</td> <td>2,300,000</td> </tr> </tbody> </table> <table border="1" cellpadding="3" cellspacing="3" style="width:100%;" summary="Table 2. GAAP Expensing Prior to ASC 340-40"> <caption> <div style="text-align:left;"><strong>Table 3. GAAP Expensing After ASC 340-40</strong></div> <div style="text-align:center;"><strong>RECORDED IN THE COST ACCOUNTING RECORDS</strong></div> </caption> <tbody> <tr> <td> </td> <td><strong>Year 1</strong></td> <td><strong>Year 2</strong></td> <td><strong>Year 3</strong></td> <td><strong>Year 4</strong></td> <td><strong><strong>Year 5</strong></strong></td> <td><strong>Total</strong></td> </tr> <tr> <td>Salary</td> <td>450,000</td> <td>450,000</td> <td>450,000</td> <td>450,000</td> <td>450,000</td> <td>2,250,000</td> </tr> <tr> <td>Plus: Commission</td> <td>20,000</td> <td>20,000</td> <td>20,000</td> <td>20,000</td> <td>20,000</td> <td>100,000</td> </tr> <tr> <td>Equals: Subtotal</td> <td>470,000</td> <td>470,000</td> <td>470,000</td> <td>470,000</td> <td>470,000</td> <td>2,350,000</td> </tr> <tr> <td>Less: Disallowed</td> <td>0</td> <td>0</td> <td>0</td> <td>0</td> <td>0</td> <td>0</td> </tr> <tr> <td>Equals: Reimbursed</td> <td>470,000</td> <td>470,000</td> <td>470,000</td> <td>470,000</td> <td>470,000</td> <td>2,350,000</td> </tr> </tbody> </table> <br> <strong>Result: Additional Government Reimbursement Based on GAAP-expense 50,000</strong><br> <br> <em><strong>Assumptions of Tables 4 and 5</strong></em><br> Annual Compensation Cap: $500,000<br> Life of the contract: 5 Years<br> Contractor base salary: $450,000 annually<br> Year 1 “cost to obtain the contract” commission: $100,000 <hr />The FAR 52.216-7 Allowable Cost and Payment clause provides procedures for interim reimbursement to contractors and finalization of the indirect rates. The word cost is used in the clause title. That is, this FAR provision isn’t called Allowable Expenses and Payment. Likewise, the FAR Part 31 cost principles isn’t called Expense Principles. Was there a reason for this? Is there a difference between a cost and expense and, if there is, does it matter? Or is it a distinction without a difference?<br> <br> <strong>Cost: </strong>Both the FAR and GAAP appear to define cost when the term is preceded by an adjective. For instance, the FAR refers to <em>actual, standard</em>, and <em>funded pension costs</em>. GAAP, in turn refers to historical and current cost in Statement of Financial Accounting Concepts No. 5.<br> <br> <strong>Expense: </strong>While the FAR uses the term “expense,” FAR Parts 2 and 31 do not appear to provide a definition for “expense.” GAAP, however, does define expense in the December 2021 Statement of Financial Accounting Concepts Number 8, Chapter 4, as “Outflows or other using up of assets of an entity or incurrences of its liabilities (or a combination of both) from delivering or producing goods, rendering services, or carrying out other activities.”<br> <br> The Merriam-Webster Dictionary doesn’t provide much help in clarifying the difference between cost and expense. Cost is defined as the “amount or equivalent paid or charged for something”. However, the dictionary defines an expense as a cost. One term is circularly defined by the other. How can GAAP be relied upon without a clear understanding of what constitutes a cost versus a GAAP-expense? Furthermore, the CAS, GAAP, and the FAR Part 31 cost principles are confusingly interrelated.<br> <br> It might be of some comfort to realize this struggle with definitions is not new. Professor Lawrence J. Benninger, chairman of the former committee on cost accounting concepts, wrote in his article, “Development of Cost Accounting Concepts and Principles” in the January 1954 issue of <a href="" target="_blank"><em>The Accounting Review</em></a>: “There was particular gnashing of teeth and tearing of hair concerning some of the definitions.”<br> <br> Let’s instead, try some simple questions. Are all costs GAAP-expenses? It would appear they are not. Although once permitted, GAAP no longer allows the cost of goodwill to be amortized as an expense on the income statement, unless it has been “impaired.” Likewise, GAAP doesn’t permit the depreciation of the cost of land. Certainly, “opportunity cost,” a well-known managerial cost concept, doesn’t appear on either a GAAP-balance sheet or income statement. FAR 31.205-10 “Cost of money” is an imputed cost that doesn’t exist under GAAP.<br> <br> Well then, are all GAAP-expenses costs? This statement appears more defensible in light of the Merriam-Webster definition that expediently defined an expense as a cost. But why is the term cost used more often than expense by the FAR? Is it because a cash outflow by the contractor is a prerequisite for a cost? It doesn’t appear so. For instance, the FAR provides for “usage” costs per FAR 31.205-37 “Royalties and patent cost” and FAR 31.205-11 “Depreciation for fully depreciated assets.”<br> <br> Figure 4 illustrates the sequential relationship of the three terms.<br> <br> <strong>Figure 4. Relationship of Cost, Expense, and Payment</strong><br> <img alt="Figure 4. Relationship of Cost, Expense, and Payment" src="/library/defense-atl/DATLFiles/Nov-Dec_2022/NovDec2022_article6_figure4.jpg" style="width:25%;" /><br> To ensure that little throbbing in our heads continues, both the FAR and CAS also refer to Internal Revenue Code (IRC) guidance as indicated in Tables 6 and 7. So, let’s try questions regarding the interrelated nature of CAS, FAR, and GAAP, shown in Tables 6 and 7.<br> <br> <strong>Question 1:</strong> Based on a word count (give or take a few instances), how many times do the two FAR sources below refer to CAS, IRC, and tax, or generally accepted accounting principles (GAAP) indicated by the terms GAAP, expense or accrue? (Table 4)<br> <br> <strong>Question 2: </strong>How many times does CAS, in turn, refer to the two FAR sources, the IRC, and GAAP? (Table 5) <h3><span style="color:#B22222;"><strong>More Cost Shape Shifting</strong></span></h3> In addition to GAAP, CAS, and FAR terminology concerning cost, expenses, or payments, we deal with other terms that describe cost, such as <ul> <li>Variable-Fixed</li> <li>Direct-Indirect</li> <li>Product-Period</li> </ul> There is a temptation, at times, to assume that variable, direct, and product cost are synonymous. However, these terms are not interchangeable. As Robert S. Kaplan, considered the father of activity-based costing, explained in his 1988 influential <a href="" target="_blank"><em>Harvard Business Review</em></a> article, “One Cost System Isn’t Enough,” whether costs are fixed or variable depends on a time horizon: “In the short run, virtually all costs are fixed: materials have been acquired, utilities have been turned on, and the workers have showed up for the day. Over a long period, however, costs become variable: machines and plants can be retired or sold, supervisors transferred.”<br> <br> Well, then, is a direct cost always a product or service cost? While maybe not in all cases, this is more often the case with respect to the definitions FAR provides for <em>direct cost, cost objective</em>, and <em>end-product</em>.<br> <br> FAR Part 2 Direct cost means “Any cost that is identified specifically with a particular final cost objective.”<br> <br> FAR Part 31 Cost objective, in turn, means “… function, organizational subdivision, contract, or other work unit for which cost data are desired and for which provision is made to accumulate and measure the cost of processes, <em>products</em>, jobs, capitalized projects, etc.” (Emphasis added.)<br> <br> Finally, FAR Part 2 End-Product means “Supplies delivered under a line item of a Government contract. …”<br> <br> Aside from showing the interrelated nature of FAR, CAS, and GAAP, the relatively greater instances in which CAS refers to GAAP (613 times) seems to indicate an achievable alignment of CAS with GAAP. However, at least as previously discussed concerning compensation, reimbursing costs based on GAAP measurement may conflict with FAR provisions.<br> <br> So, while it does appear that a direct cost is most often a product, service, or contract cost, a product cost is not always direct. That is, indirect costs are also allocated to products, services, or contracts. <table border="1" cellpadding="3" cellspacing="3" style="width:100%;" summary="Table 4. FAR References to CAS, IRC, and GAAP"> <caption> <div style="text-align:left;"><strong>Table 4. FAR References to CAS, IRC, and GAAP</strong></div> </caption> <thead> <tr> <th scope="col">FAR Sources</th> <th scope="col">CAS</th> <th scope="col">IRC or Tax</th> <th scope="col">GAAP</th> </tr> </thead> <tbody> <tr> <td style="text-align:center;">FAR Part 31 Cost Principles</td> <td style="text-align:center;">47</td> <td style="text-align:center;">31*</td> <td style="text-align:center;">62</td> </tr> <tr> <td style="text-align:center;">FAR 52.216.7 Allowable Cost and Payment</td> <td style="text-align:center;">1</td> <td style="text-align:center;">1</td> <td style="text-align:center;">18</td> </tr> </tbody> </table> <table border="1" cellpadding="3" cellspacing="3" style="width:100%;" summary="Table 5. CAS References to FAR, IRC, and GAAP"> <caption> <div style="text-align:left;"><strong>Table 5. CAS References to FAR, IRC, and GAAP</strong></div> </caption> <thead> <tr> <th scope="col"> </th> <th scope="col">FAR Part 31</th> <th scope="col">FAR 52.216-7</th> <th scope="col">IRC or Tax</th> <th scope="col">GAAP</th> </tr> </thead> <tbody> <tr> <td style="text-align:center;">48 CFR 9904 CAS</td> <td style="text-align:center;">2</td> <td style="text-align:center;">0</td> <td style="text-align:center;">85</td> <td style="text-align:center;">613</td> </tr> </tbody> </table> <h5>*Excluding FAR 31.205-41 Taxes</h5> <h3><span style="color:#B22222;"><strong>Direct Versus Indirect FAR Cost</strong></span></h3> In the 1950s, Benninger advised that, to the greatest extent possible, costs should be identified as direct. Of a cost accounting principle under consideration at that time, he said, “In order to achieve a more useful costing of an object, <em>costs should be directly traced, where possible</em>, to the object to be costed.” (Emphasis added.)<br> <br> Today, both the Defense Federal Acquisition Regulation Supplement (DFARS) and FAR indicate the same preference for direct cost. DFARS 252.242-7006 Accounting System Administration requires that an acceptable accounting system provide for segregating direct costs from indirect costs. FAR Part 42.7, in turn, discusses indirect rate limitations and ceilings as well as cautions about wide fluctuations in indirect cost rates.<br> <br> The ability to identify more costs as direct costs infers the occurrence of technology-based cost accounting improvements for tracing cost to contracts. Instead, what some contractors attempt is to simply, and erroneously, relabel indirect cost as direct. Why is this wrong? Well, when it comes to definitions, one is grateful to encounter any hard numerical metric in authoritative literature. On indirect cost, the FAR did include such a metric. Specifically, FAR Part 2 states, “An Indirect cost means any cost not directly identified with a single final cost objective, but identified with two or more final cost objectives or with at least one intermediate cost objective.” (Emphasis added.)<br> <br> Therefore, a direct cost is one that can be specifically identified or traced to one, single, final cost objective.<br> <br> For estimating and, in some cases, accounting purposes, some federal contractors address the preference for direct cost by simply and erroneously relabeling indirect cost as direct. Specifically, these contractors will pool multiple costs, divide by an allocation base, allocate to “two or more final cost objectives” (contracts), and subsequently (mis-) label the cost as direct contract cost. This activity is sometimes undertaken under the guise of a formidably named “CER” (cost estimating relationship). However, the use of pools and bases characterizes indirect cost assignment while specific tracing typifies direct cost identification. Use of CERs may improve indirect cost allocation, but their application doesn’t change a cost from indirect to direct.<br> <br> This contractor practice proves especially troublesome because the Part II direct cost section of the CASB Disclosure Statement doesn’t provide for a description of pools and bases of the mislabeled indirect cost, further confounding appropriate government review.<br> <br> <img alt="scales weighing coins" src="/library/defense-atl/DATLFiles/Nov-Dec_2022/NovDec2022_article6_image3.jpg" style="width:100%;" /> <h3><span style="color:#B22222;"><strong>Conclusion</strong></span></h3> In 1954, Benninger pondered on the necessary difference between GAAP and cost accounting. He believed that cost accounting represented the more <em>progressive </em>sector of accountancy and, for that reason, advanced the need for a flexible definition of cost. In turn, he believed that for cost accounting to make progress, it needed to remain relatively free from the conventions of general accounting. In other words, cost accounting should not always reflect GAAP. If this philosophy prevails for federal cost accounting, contracting officers will need to be aware of the shape shifting of GAAP and CAS-measured cost, and the extent to which the FAR refers to either. <hr /><strong>McClure-Nelson </strong>is an assistant professor at Embry-Riddle Aeronautical University, an intermittent professor at DAU, and a former audit manager with the Defense Contract Audit Agency. She holds a Certified Public Accounting Certificate, a DBA from Wilmington University, an MBA from the University of Delaware, and a BBA-Accounting from Temple University.<br> <br> The author can be contacted at <a class="ak-cke-href" href=""></a>. <h6>The views expressed in this article are those of the author alone and not the Department of Defense. Reproduction or reposting of articles from Defense Acquisition magazine should credit the authors and the magazine.</h6> <hr /><a href="" target="_blank"><img alt="tweet" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/tweetbutton.jpg" style="width:10%;" /></a><a href="" target="_blank"><img alt="subscribe" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/suscribebutton.jpg" style="width:10%;" /></a><a href="/library/defense-atl/DATLFiles/Nov-Dec_2022/McClureNelson_NovDec2022.pdf" target="_blank"><img alt="print" src="/library/arj/ARJ/ARJ%20101/print_button.jpg" style="width:10%;" /></a></div>string;#/library/defense-atl/blog/Accounting-Shape-Shifters
Prioritize Medical S&T Investments and Fulfill Capability Gaps Medical S&T Investments and Fulfill Capability Gaps2022-11-18T17:00:00Z _Banner.jpg, _Banner.jpg _Banner.jpg<div class="ExternalClass5311266993F941138FC495501B99828C">The Army’s medical research program faces challenges from budgetary constraints and a reorientation to conform with broader defense priorities.<br> <br> The U.S. Army Medical Research and Development Command (USAMRDC) is responsible for conducting research, development, and acquisition of materiel solutions for the medical force. The Science and Technology (S&T) portfolio is quite broad, encompassing combat casualty care, infectious diseases, and operational medicine. <p>While most of our S&T investments were historically aligned to initial capability documents (ICDs), they were generally bottom-up driven, based on ideas generated by the S&T community but not necessarily validated as being needed by the capability developer.<br> <br> During the “Night Court” spending reviews by Army leadership in 2017, USAMRDC lost a significant amount of funding to other Army efforts because our investments were determined not to be aligned to Army modernization priorities. In addition, the establishment of the Army Futures Command (AFC) in 2018 resulted in a significant reset of how research in USAMRDC was planned. Planning changed to more of a top-down process, tied to providing required capabilities to support Multi-Domain Operations (MDO) by 2030 as part of the Army Strategic Portfolio Analysis and Review process.<br> <br> Establishing a time-constrained horizon on providing capabilities changed the paradigm for planning our S&T investments. In addition, the assimilation of USAMRDC with our capability developer, the Medical Capabilities and Integration Directorate (MED CDID), afforded the opportunity to work more closely with them to ensure our S&T investments were aligned to MDO priorities. Those priorities were identified in recently issued guidance documents—such as the AFC Concept for Medical 2028 and the Army Medical Modernization Strategy—and validated through wargaming and experimentation events.<br> <br> The big challenge was defining a process for aligning S&T investments with those priorities that was traceable and defensible to senior leaders.</p> <h3><strong><span style="color:#B22222;">Start With the Gaps</span></strong></h3> <p>The MED CDID established a set of validated gaps through an assessment process. In some cases, these gaps were fairly specific; in many cases, they were defined so broadly that it was difficult to discern specific functional capabilities needed by the user. An operational risk level was assigned to each gap and was defined as described in Table 1. The risk levels define the operational risk of the gap to the combat effectiveness of units.<br> <br> We used these operational risk levels to inform the prioritization of our S&T investments. Ultimately, we focused our S&T investments on gaps defined as high risk or extremely high risk. This excluded a majority of the gaps, which were defined as having moderate or low risks. It was agreed that our limited resources should be invested in high-risk gaps until they were mitigated. This helped inform S&T priorities, to some degree, but the gaps alone were insufficient to provide more granularity in our investment priorities. We needed a structure and taxonomy to further prioritize our investments.</p> <table border="1" cellpadding="3" cellspacing="3" style="width:100%;" summary="Gap-Based Operational Risk Priorities"> <caption> <div style="text-align:left;"><strong>Table 1. Gap-Based Operational Risk Priorities</strong></div> </caption> <tbody> <tr> <td><strong>EXTREMELY HIGH RISK</strong></td> <td>The Gap will very likely occur in all operations (ranging from likely to frequent occurrence), and the Army has lost the ability to accomplish the mission as a result. It is deemed that it is not possible to mitigate the gap, given the fielded and programmed DOTMLPF solution set available, on the spot with tactical procedural changes or addition of other resources.</td> </tr> <tr> <td><strong>HIGH RISK</strong></td> <td>The gap is likely to occur (ranging from seldom to likely) in one or more of the mission sets represented by the scenario. The Army’s ability to accomplish the mission is severely degraded requiring one or more drastic adjustments in tactical procedures and techniques and commitment of additional resources, given the availability of fielded and programmed DOTMLPF solution sets, to mitigate the gap.</td> </tr> <tr> <td><strong>MODERATE RISK</strong></td> <td>The gap occurs infrequently (ranging from unlikely to seldom) in one or more of the mission sets represented by the scenario. The Army can accomplish the mission with the existing fielded and programmed DOTMLPF solution set available but requires adjustment of tactical procedures and techniques and reallocation of existing resources to mitigate the gap.</td> </tr> <tr> <td><strong>LOW RISK</strong></td> <td>Expected losses have little or no impact on accomplishing the mission. Injury, damage, or illness are not expected, or may be minor and have no long-term impact or effect.</td> </tr> </tbody> </table> <h6>Key: DOTMLPF= doctrine, organization, training, materiel, leadership and education, personnel, and facilities<br> Source: AFC Futures and Concepts Center Writer’s Guide, Dec. 10, 2021.</h6> <h3><strong><span style="color:#B22222;">A Taxonomy Structure</span></strong></h3> I remembered a technology roadmapping course I took more than 15 years ago; it was taught by Irene Petrick, when she was at Pennsylvania State University. She now is Director of Industrial Innovation at Intel. The roadmapping technique was called GOTChA, which stood for Goals, Objectives, Technical Challenges, and Approaches. It was intended to do just what AFC was pressing S&T to do; plan backward the work needed to get to the time-constrained end-state goals. We looked at how we could adapt this methodology to meet our needs. Starting with the gaps, we defined the structure and taxonomy shown in Figure 1. This structure also provided a mechanism for traceability of our S&T investments back to the gaps that they supported.<br> <br> Our S&T portfolio managers worked with the MED CDID and our medical acquisition partners to develop a set of gap-specific Research and Development (R&D) Strategic Plans that used the taxonomy structure to identify the capabilities (e.g., functional objectives) to mitigate the gap. The plans also summarized the gap, provided some operational context of the problem, discussed a notional concept of use, as well as some notional key performance parameters (KPPs) to help inform the R&D community about technical options that might be pursued. Generally, in the early planning stage, there is limited information on KPPs and the concept of use; but the more these can be defined up front, the more likely S&T will identify a viable capability. These R&D Strategic Plans are meant to serve as living documents that are expanded and refined as more information is gleaned on the specific capabilities needed. <h3><span style="color:#B22222;"><strong>Prioritize Capabilities</strong></span></h3> As stated previously, some of the gaps were defined extremely broadly, which didn’t provide much clarity on specific capabilities required to mitigate them. This had posed a problem for S&T in the past, as we invested in certain capabilities independent of capability developer input, only to find out years later that they were not viewed as providing a required capability. Using the functional objectives defined in the R&D Strategic Plans, the MED CDID developed a rubric for assessing their notional impact on mitigating the gap. The rubric that the MED CDID used is shown in Table 2 (Source: MED CDID). This rubric has been refined over two cycles of use in S&T planning, and it will probably continue evolving in the future.<br> <br> The assessments provided by the MED CDID enabled us to prioritize investments that would mitigate the gap. The use of these scores increased our confidence that there was an actual need for the capabilities S&T proposed to develop. We were able to make informed trade-off decisions while planning our Program Objective Memorandum (POM), thereby ensuring that our investment enabled an R&D pathway to deliver high-impact capabilities. At present, many of these impact assessments may not be based on any formal experimentation. However, we expect more analytical rigor on future assessments as medical experiments increase in number over time.<br> <br> We now had a way to prioritize our investments based on specific needed capabilities, but we still had one more key question to tackle: What specific technologies should we invest in?<br> <br> <strong>Figure 1. R&D Strategic Plan Structure​</strong><br> <img alt="Figure 1. R&D Strategic Plan Structure" src="/library/defense-atl/DATLFiles/Nov-Dec_2022/NovDec2022_article5_figure1.jpg" style="width:100%;" /> <h6>Source: The author and USAMRDC</h6> <h3><span style="color:#B22222;"><strong>Technology Options</strong></span></h3> For materiel products, several different technological approaches typically could be used to provide the capability needed. However, in a resource-constrained environment, we cannot pursue all possible options. In addition, in the past S&T sometimes invested in a technology for several years only to find, when it came time to transition it, that the technology was either not considered the best solution by Acquisition or that the capability developer did not support the claim that it actually met a requirement. S&T needed a way to improve our “shots on goal” regarding materiel product transitions.<br> <br> Again, I remembered a course taught by Jay Paap, of Paap Associates, on Customer-Focused Technology Planning, which he developed while teaching at the Massachusetts Institute of Technology (MIT). (See this author’s previous article in the May-June 2006 issue of Defense AT&L magazine). A key tenet was to develop a technology landscape map (TLM) to systematically consider all the potential technology options available that might provide the needed capability and how well they align to the notional KPPs desired.<br> <br> Other considerations include cost, usability, and technical maturity, among others. We engaged the MED CDID, the user representative, the acquisition program manager (PM), and S&T to conduct these TLM workshops and ensure that all key stakeholders agreed on which technologies to focus. In some cases, technologies identified may already be available and sufficiently mature for the acquisition program to transition, obviating the need for any S&T investment. In other cases, there may be no sufficiently mature, available solutions, thereby requiring S&T investments.<br> <br> While these TLM workshops are labor-intensive, they provide valuable insights into the technology options available, and which are likely to provide the needed capability to secure buy-in from the entire enterprise. This mitigates the later risk that either the Requirements Community or the acquisition PM does not support the technology option pursued by the S&T PM. <table border="1" cellpadding="3" cellspacing="3" style="width:100%;" summary="Table 2. Medical Capabilities Assessment Rubric"> <caption> <div style="text-align:left;"><strong>Table 2. Medical Capabilities Assessment Rubric</strong></div> </caption> <thead> <tr> <th scope="col">Criteria</th> <th scope="col">Scoring</th> </tr> </thead> <tbody> <tr> <td>Will the Functional Objective (FO) provide a new capability to solve a validated, identified Army requirement?</td> <td> <ul> <li>The FO will provide a new capability that could solve an existing gap = 4 points</li> <li>The FO will improve on an existing capability = 3 points</li> <li>This FO will replace an existing capability but will not be an improvement = 2 points</li> <li>The FO will provide redundant capability = 1 point</li> <li>No gap exists = 0 points</li> </ul> </td> </tr> <tr> <td>Does the FO support a required capability or S&T need from the Army Medical Concept?</td> <td> <ul> <li>Supports a specific required capability or S&T need from the concept = 3 points</li> <li>Indirectly supports a required capability or S&T need from the concept = 2 points</li> <li>No = 0 points</li> </ul> </td> </tr> <tr> <td>Will the FO improve the ability to clear the battlefield via improving Return to Duty (RTD) rates?</td> <td> <ul> <li>Scores from 0 to 3 with 3 awarded for a definite “yes” and O for a definite “no”</li> </ul> </td> </tr> <tr> <td>Will the FO improve the ability to clear the battlefield via improving MEDEVAC (medical evacuation)?</td> <td> <ul> <li>Scores from 0 to 3 with 3 awarded for a definite “yes” and O for a definite “no”</li> </ul> </td> </tr> <tr> <td>Will the FO improve the capacity of the operational Army Health System (Point of Injury to Role 3)?</td> <td> <ul> <li>Scores from 0 to 3 with 3 awarded for a definite “yes” and O for a definite “no”</li> </ul> </td> </tr> <tr> <td>Will the FO improve the ability to resupply the operational Army Health System (Point of Injury to Role 3)?</td> <td> <ul> <li>Scores from 0 to 3 with 3 awarded for a definite “yes” and O for a definite “no”</li> </ul> </td> </tr> <tr> <td>Is military research necessary to accomplish the FO?</td> <td> <ul> <li>Civilian efforts in the field are minimal, no work will be done without the military = 5 points</li> <li>Civilian efforts in the field are ongoing, but require military support = 3 points</li> <li>Civilian efforts exist and will continue to do so regardless of military support = 0 points</li> </ul> </td> </tr> </tbody> </table> <h6>Source: MED CDID</h6> <h3><span style="color:#B22222;"><strong>A Governance Structure</strong></span></h3> Historically, the governance structure used to inform our investments was heavily biased toward S&T. While S&T-informed input is critical to defining our strategy, other voices were either missing or drowned out, but were essential for ensuring that the technologies we invested in remained the best available. We revamped our existing governance structure to align it by gap and to ensure that there was balanced representation from the Requirements, User, S&T, and Acquisition Communities. We also reframed the discussions to focus less on the science and more on whether the investments would provide the capabilities to mitigate the gap. These discussions have been helpful in providing azimuth checks with criteria generally missing in our previous governance forums. This does not obviate the need for a separate forum for evaluating the quality and progress of the science conducted, but it does involve a different focus with different subject-matter experts. <h3><strong><span style="color:#B22222;">Map Investments Back to the Gap</span></strong></h3> Using the R&D Strategic Plan taxonomy and structure that we defined, we mapped our POM investment plans back to the functional objectives. This allowed us to identify how much funding we should invest in a specific capability and the broader gap. This taxonomy involves more detail and did not neatly align to the Financial Project/Task structure commonly used for POM planning. We were able to roughly align this taxonomy to the existing financial structures, but much of this information is maintained separately from that in existing U.S. Army financial systems. We used this taxonomy as a basis for soliciting proposals, which allowed us to track and manage progress of research projects, and any relevant Transition Agreement (TA) deliverables, toward mitigating the gap. It also made our investments transparent and traceable for Army senior leaders and enabled our MED CDID to articulate to AFC leadership that they understood how our investments were aligned to their gaps and modernization priorities. <table border="1" cellpadding="1" cellspacing="1" style="width:100%;" summary="Table 3. Three Levels for Prioritizing Medical S&T Investments"> <caption> <div style="text-align:left;"><strong>Table 3. Three Levels for Prioritizing Medical S&T Investments</strong></div> </caption> <tbody> <tr> <td><strong>Requirements Prioritized:<br> COCOM-, Service-Informed</strong></td> <td>1: Threat/Capability Gap: Relative Operational Risk Level<br> 2: Specific Capability: Impact on Mitigating Gap</td> </tr> <tr> <td><strong>S&T Prioritized: Requirements, Acquisition, & User Informed</strong></td> <td>3: Technology Options</td> </tr> </tbody> </table> <h6>COCOM = Combatant Command<br> Source: The Author and USAMRDC</h6> <h3><strong><span style="color:#B22222;">Summary and Final Thoughts</span></strong></h3> We ultimately identified three levels of prioritization that were needed to ensure our S&T investments were appropriately aligned to medical modernization priorities (Table 3).<br> <br> The first level of prioritization focused on validated gaps defined by the Requirements Community. We used these operational risk categories to ensure that S&T addressed the highest identified future risk gaps. The second level of prioritization identified the specific capability needed, which addressed the problem that many of the gaps were very broad.<br> <br> While S&T proposed the capabilities to be worked on, the capability developer provided an assessment of the potential impact of the capability on mitigating the gap. This information was very helpful in shaping our investments. The final level of prioritization focused more on materiel solutions, rather than knowledge products, but it involved using TLM to identify the most promising technology. While the first two levels of prioritization depended heavily on the involvement of our capability developer, the last level of prioritization involved input from our Requirements, User, S&T, and Acquisition Communities to ensure all agreed that the technology being invested in was the best decision we could make.<br> <br> I have described the process that USAMRDC Medical S&T currently uses to prioritize our investments based on alignment to Capability Gaps. The process has provided greater objectivity in how investment decisions are made, allowing traceability to the validated gaps and specification of the needed capabilities. It has enabled us and other stakeholders within the medical enterprise, AFC, and the Army to understand and defend how our S&T investments align with medical modernization priorities. It also has established a way to measure progress toward providing these capabilities. A possibly missing piece of the puzzle involves metrics to assess whether the new capabilities have sufficiently mitigated the gap so that we can turn our attention to other needs.<br> <br> <img alt="two scientists working in a lab" src="/library/defense-atl/DATLFiles/Nov-Dec_2022/NovDec2022_article5_image1.jpg" style="width:100%;" /><br> <br> Implementing these processes has not come without cost, and there is an increased workload for S&T portfolio managers in developing and sustaining this model. It also requires frequent and active engagement with our MED CDID partners, for whose input we are extremely grateful. A potential risk of pivoting toward a top-down approach, could be an inadvertent constraint on intellectual freedom within our S&T laboratory enterprise. However, in this model, scientific input becomes more critical in working upfront with our capability developers to shape concepts and to inform the “art of the possible” through experimentation and other means in which medical S&T previously was not greatly involved. These contributions ultimately will translate into our scientists’ work and ensure that the capabilities they develop align with the medical community’s priorities.<br> <br> Finally, this model has facilitated greater dialogue between the Requirements, S&T, and Acquisition Communities, forming a common vision across the medical enterprise of the capabilities provided and a consensus on how to achieve our goals. This approach may serve as a model for future prioritization of Joint Medical S&T investments as USAMRDC transitions to the Defense Health Agency by the end of this fiscal year. <hr /><strong>Dertzbaugh </strong>is the Principal Assistant for Research and Technology in the U.S. Army Medical Research and Development Command at Fort Detrick, Md. He received his Ph.D. in Microbiology and Immunology from Virginia Commonwealth University and completed his postdoctoral training at the University of Alabama at Birmingham.<br> <br> The author can be contacted at <a class="ak-cke-href" href=""></a>. <h6>The views expressed in this article are those of the author alone and not the Department of Defense. Reproduction or reposting of articles from Defense Acquisition magazine should credit the authors and the magazine.</h6> <hr /><a href="" target="_blank"><img alt="tweet" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/tweetbutton.jpg" style="width:10%;" /></a><a href="" target="_blank"><img alt="subscribe" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/suscribebutton.jpg" style="width:10%;" /></a><a href="/library/defense-atl/DATLFiles/Nov-Dec_2022/Dertzbaugh_NovDec2022.pdf" target="_blank"><img alt="print" src="/library/arj/ARJ/ARJ%20101/print_button.jpg" style="width:10%;" /></a></div>string;#/library/defense-atl/blog/Prioritize-Medical-Investments-Capability-Gaps
Cybersecurity Zero Trust—The Time is Now Zero Trust—The Time is Now2022-11-11T17:00:00Z,<div class="ExternalClass4DE99D4103074CF185E5992539E10D36">I was first introduced to cybersecurity (formerly information assurance) in the early to mid-2000s, while working for a major defense contractor.<br> <br> I began scheduling, then reviewing, security documents, then making site security visits and helping write security reports in Department of Defense (DoD) locations across the continental United States. This was done as part of an organization working toward full operational capacity and hoping to be authorized to operate via the DoD Information Technology Security Certification and Accreditation Process (DITSCAP).<br> <br> During that time, I worked with some of the most competent and technically knowledgeable people I’ve ever met, and the team had some major accomplishments as well as some highly disappointing setbacks. A most memorable moment came when our team discovered some very detailed pictures and what appeared to be complex information about our program. We were unable to understand much of the writing because it was written in Chinese. Needless to say, we worked to get the website taken down immediately.<br> <br> Since then, my appreciation for the need for cybersecurity at all levels has deepened. I’ve seen major breaches that have crippled networks and organizations, and minor breaches, errors, and acts of stupidity that often bring into question the concept of the trusted insider. The common thread has been that, despite having some highly competent people and working hard to make major improvements, the sheer number and scope of the threats seem to grow daily. <blockquote> <p style="text-align:center;"><em>“…our adversaries are getting better at penetrating our systems at an even greater rate.”</em></p> </blockquote> Numerous studies from industry, the DoD, and the federal government confirm that we’re getting better at cybersecurity, but our adversaries are getting better at penetrating our systems at an even greater rate. In other words, we are not keeping up. The 2018 Government Accountability Office “High Risk” series report, <a href="" target="_blank">Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the Nation</a> (GAO-18-622) emphasizes that we must do better. The report states that unless cybersecurity issues throughout the federal government are addressed, “information and systems will be increasingly susceptible to the multitude of cyber-related threats that exist.”<br> <br> Given this discouraging news, we must ask hard questions about our current cybersecurity approach. <ul> <li>Is the current rate of improvement compared to our enemies good enough?</li> <li>If our adversaries keep on improving more than we are, when will we reach a point where nothing is secure? Have we already reached this point?</li> <li>What else can we do that can lead us down a more effective path?</li> </ul> Pondering the last question has led me down a path to look for better cybersecurity solutions. Earlier this year I began an assignment with the DoD Zero Trust Portfolio Management Office (ZT PfMO). There is no one simple solution or silver bullet that solves all of our problems. But after about 120 days learning about and developing curriculum on Zero Trust, I am convinced that Zero Trust is the more effective path that the DoD and the federal government are seeking. It is a new paradigm, a new mindset, and a completely different but realistic approach to protecting our vulnerable systems. It holds greater promise for the cybersecurity battlefield than anything we’ve tried since the term cyberspace was first coined by William Gibson in 1982 in one of his many science-fiction short stories.<br> <br> The origins of Zero Trust don’t reach back quite as far as 1982, but the Zero Trust crescendo has been building since 2004. Along with being the first year since 1918 that the Boston Red Sox won the World Series, 2004 was the year that the Jericho Forum was formed. The Jericho Forum is an international group formed in reaction to the onset of cloud computing and the trend toward deperimeterization (limiting implicit trust based on network location and the limitations of relying on single, static defenses over a large network segment).<br> <br> Among its many work products, the group produced a set of 11 commandments, many of which remain highly consistent with a Zero Trust approach. The next major milestone came in 2010 when John Kindervag, a Forrester Research analyst, started widespread use of the term “Zero Trust,” which focused on verifying all network connections before granting access. Since that time, the implementation of zero trust in both the public and private sector has grown significantly.<br> <br> One of the challenges of implementing Zero Trust is knowing exactly what it is and the effects of implementation on an organization. <a href="" target="_blank"><em>NIST Special Publication 800-207</em></a> (August 2020) defines it as “an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.”<br> <br> Randy Resnick, Senior Advisor, DoD Zero Trust Portfolio Management Office, elaborates: “Zero Trust is not a capability or device you buy, rather it is a security framework, an architectural approach, and a methodology to prevent malicious actors from accessing our most critical assets and reducing existing attack surfaces.”<br> <br> In other words, given the multiple ways to penetrate networks, especially in a cloud environment, if someone gets inside the network perimeter, we can’t assume that his or her intent is benevolent. Identity should be verified, and access should be questioned at every step along the way. Cybersecurity should not be about simply protecting the network, but should focus on protecting the data within those networks. With these things in mind, the Zero Trust Reference Architecture (v. 2.0, July 2022) identifies five major tenets as building blocks for Zero Trust. These tenets include: <ol> <li>Assume a hostile environment.</li> <li>Presume breach.</li> <li>Never trust, always verify.</li> <li>Scrutinize explicitly.</li> <li>Apply unified analytics.</li> </ol> In May 2021, President Biden signed <a href="" target="_blank">Executive Order (EO) 14028</a> (Improving the Nation’s Cybersecurity). This EO further validates that organizations implementing zero trust throughout the federal government are headed in the right direction and mandates that all federal agency heads, including the DoD, develop a zero-trust implementation plan. It states that the federal government must adopt best practices for security and “advance toward Zero Trust Architecture.” It also calls for cloud computing environments to embrace Zero Trust Architecture and explains Zero Trust in the following way:<br> <br> The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses. In essence, a Zero Trust Architecture allows users full access but only to the bare minimum they need to perform their jobs. If a device is compromised, zero trust can ensure that the damage is contained. The Zero Trust Architecture security model assumes that a breach is inevitable or likely has already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity.<br> <br> In response to this EO and numerous policies and guidance directing the DoD to a more effective cybersecurity approach, the Pentagon established the DoD Zero Trust Portfolio Management Office (PfMO) in February 2022. The PfMO is led by Randy Resnick (Zero Trust PfMO Senior Adviser) and reports to Deputy DoD Chief Information Officer for Cybersecurity Dave McKeown. The mission of this office is to “Provide strategic guidance, synchronize efforts, and prioritize resources to accelerate Zero Trust adoption and implementation throughout the DoD.”<br> <br> <img alt="people sitting in a command center" src="/library/defense-atl/DATLFiles/Nov-Dec_2022/NovDec2022_article4_image1.jpg" style="width:100%;" /><br> <br> To accomplish this mission, the DoD Zero Trust Strategy is expected to be signed in early Fiscal Year 2023. The <a href="" target="_blank">DoD Zero Trust Reference Architecture</a> was signed in July 2022. The team is working on a comprehensive training plan and collaborating with the military Services, organizations, and industry partners across the DoD. The final outcome of this effort is to “Establish a cohesive Zero Trust execution plan across the DoD Enterprise and accelerate ZT implementation to defeat APTs [advanced persistent threats] and malicious adversaries.”<br> <br> Zero Trust is not one technology or software package that will solve all of our cybersecurity problems. However, when systems are designed with Zero Trust in mind using a systematic, comprehensive approach to improving cybersecurity based on Zero Trust principles, the future holds great promise.<br> <br> Now is the time to start learning about, designing, and implementing Zero Trust. The Zero Trust Portfolio Management Office, in concert with the Services, industry, and academia will provide a roadmap, resources, and training for the DoD with milestones along the way. Implementation will not be easy, but the consequences of inaction and continuing to lose ground to our cyber adversaries are much greater. <hr /> <h3><span style="color:#B22222;"><strong>Resources</strong></span></h3> <ol> <li><a href="" target="_blank">Visioning White Paper. What is Jericho Forum? February 2005</a></li> <li><a href="" target="_blank">Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the Nation” (GAO-18-622)</a></li> <li><a href="">Executive Order 14028, Improving the Nation’s Cybersecurity, May 2021</a></li> <li><a href="" target="_blank">NIST SP 800-207, Zero Trust Architecture, August 2020</a></li> <li><a href="">Zero Trust Reference Architecture v 2.0, July 2022</a></li> </ol> <hr /><strong>Denman </strong>is temporarily assigned to the Department of Defense Chief Information Officer in the Zero Trust Portfolio Management Office. He is also the DAU Cybersecurity Learning Director.<br> <br> The author can be contacted at <a class="ak-cke-href" href=""></a>. <h6>The views expressed in this article are those of the author alone and not the Department of Defense. Reproduction or reposting of articles from Defense Acquisition magazine should credit the authors and the magazine.</h6> <hr /> <a href="" target="_blank"><img alt="tweet" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/tweetbutton.jpg" style="width:10%;" /></a><a href="" target="_blank"><img alt="subscribe" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/suscribebutton.jpg" style="width:10%;" /></a><a href="/library/defense-atl/DATLFiles/Nov-Dec_2022/Denman_NovDec2022.pdf?Web=1" target="_blank"><img alt="print" src="/library/arj/ARJ/ARJ%20101/print_button.jpg" style="width:10%;" /></a></div>string;#/library/defense-atl/blog/Cybersecurity-Zero-Trust—The-Time-is-Now

Chat with DAU Assistant
Bot Image