Tag Archives: Managing Risk

Supply Chain Risks And Your Government Contracting Business

Standard
Image: “Eft.com”

“WASHINGTON TECHNOLOGY” By By Jodi Schatz

An end-to-end approach to supply chain risk management, also called SCRM, examining technology trends, emerging threat vectors, and what vendors new to the federal government must keep in mind to mitigate supply chain risk.

______________________________________________________________________________

“As technology advances, supply chain risk management challenges are going well beyond the world of producing physical products such as IT hardware. While ISO-based standards provide clear guidance on supply chain management in the private sector, federal government suppliers must think more broadly.

To become a trusted supplier to the federal government, vendors must understand supply chain risk management trends affecting manufacturing.

Technology evolution and globalization

As technology has continually evolved from hardware to software, it has introduced new aspects of supply chain management. While software innovation offers new capabilities, it also brings vulnerabilities that are more easily exploited than with hardware. That exploitation introduces supply chain risks (more on this later).

Of course, hardware is still a significant part of infrastructure, including government services. Most hardware is built for a long lifecycle, and once deployed this legacy technology is not likely to be unseated, because of the capex costs tied to its original implementation.

With globalization, the main hardware risk comes through offshore contractors and suppliers. The widespread acceptance of globalization makes it harder to be certain of the integrity of your hardware supply chain.

What’s more, as software attack vectors become more sophisticated, they are also likely to be adapted to hardware. The installed hardware base is large, and therefore attractive to bad actors. The evolution of technology may provide a false sense of security that existing hardware is not susceptible to new forms of supply chain risk.

For federal government agencies, where data security is paramount, vendors will encounter more stringent compliance requirements than in the private sector. The supply chain must be protected to ensure product quality, and to protect against the ever-evolving onslaught of cybersecurity threats.

Shift towards software

With cloud replacing traditional hardware infrastructures, and software becoming more cloud-based, SCRM needs to shift focus from tracking physical components to the programming code used in cloud-based applications.

Cloud service providers all have some form of shared responsibility model for security, in which users are still responsible for securing their individual applications and services; the CSPs are responsible for the security of their infrastructure and the code used in their services.

Without tightly controlling the supply chain, malicious code could be introduced into cloud services. Most software applications, whether cloud-based or not, utilize significant open source code. A strong product development lifecycle ensures that open source code in a CSP’s infrastructure or cloud service offerings will be handled securely.

To that end, there are two best practices to apply to meet security responsibilities in the cloud:

  • Establish a technology import process that allows software to be imported in a trusted manner, and to be used securely in products and service applications. Discovery and inspection processes must deliver a baseline understanding of what the technology is doing, how it is structured, and its level of maturity. Architecture review, code analysis and a security design review are also recommended. These factors would feed into a risk assessment of potential threats, including known vulnerabilities. Only if these threats are deemed acceptable would a piece of technology be pulled into an application or service released to the market.
  • Securely manage risk in software and cloud-based applications with a software bill of materials (BOM). The BOM should outline all components feeding into a software application. Using this documentation, CSPs can list the tools used in their application development – as well as any third-party components. Both the IT and R&D departments therefore can apply software patches and updates more efficiently and effectively.

The four main classes of supply chain threat

With government agency purchases becoming more software-based, associated threats can be harder to recognize. This is particularly true of cloud-based software solutions, where communication channels are truly borderless and information can flow seamlessly from anywhere in the world.

A comprehensive approach to SCRM addresses four classes of threats:

Intentional Threats. These are deliberate actions, intending to be malicious or to gain an unfair competitive advantage. Competitors may inject malware or viruses to undermine your product or to attack your end customer. Prohibited or pirated software may be used to keep production costs down. Black market or counterfeit components may also be used instead of OEM to cut costs and time to market.

Unintentional Threats. These are poor quality control practices or events beyond the vendor’s control. Enforcement of quality standards may be lax. Information with outside contractors may be unclear or incomplete. Human error around data security may make the supply chain vulnerable to future cyberattacks. Poor work conditions could disrupt network operations and throw the process into chaos.

Internal Threats. These may be either intentional or unintentional. Disgruntled or turncoat workers may undermine your production from the inside. The same is true of careless workers, through human error or lack of awareness of data security practices. Weak policies and procedures to control access and grant privileges for sensitive data.

External Threats. These deliberate, well-targeted threats come from outside your organization. Downstream supply chain partners may try to steal IP to disrupt production, often prompted by competitors. Individual hackers may find a vulnerability in your supply chain, which could lead to malware, phishing, fraud, extortion, ID theft, and more. You may even be exploited by state-sponsored actors on behalf of hostile governments.

SCRM means balancing cost and supply chain vulnerabilities

The wide range of supply chain vulnerabilities described here adds up to a risk profile that goes well beyond conventional hardware manufacturing. As production of software and software-based hardware becomes more decentralized, the supply chain becomes more complex and convoluted.

Globalization may create cost benefits for vendors, but creates an interconnected ecosystem where supply chain threats can be almost impossible to detect or control. Vendors, therefore, must apply SCRM best practices, balancing the benefits of globalized software production with the attendant risks caused in developing a federal business practice.

In becoming a trusted supplier to federal government agencies, vendors must align with the requirements in NIST’s Cybersecurity Framework. More specifically, for IT decision-makers, vendors need to follow NIST’s Cyber Supply Chain Risk Management processes (https://csrc.nist.gov/Projects/cyber-supply-chain-risk-management). This will help mitigate risk pertaining to data security applications.

Compliance with long-standing ISO certifications does not translate into airtight security with federal government agencies. An end-to-end approach to SCRM will be needed to succeed in this sector going forward.”

https://washingtontechnology.com/articles/2019/09/30/insights-schatz-supply-chain-security-management.aspx

About the Author:

Jodi Schatz is chief product officer of SafeNet Assured Technologies LLC. She can be reached at Jodi.Schatz@SafenetAT.com.



Business Isn’t Just A Numbers Game

Standard
Image: appirio.com

STRATFOR Worldview” By Joel Trammell

Business is only partially a numbers game. More and more, it’s a people game, and the best leaders of the future will act accordingly.

Look no further than Wells Fargo’s notorious 2016 scandal in which employees created over 2 million fake customer accounts in order to game the bank’s incentive structure.

_____________________________________________________________________________

“When I started my first business over 25 years ago, I would’ve told you that business is a numbers game. As a degreed engineer whose father was a college professor, I was exposed to many mathematical concepts and analytical approaches. I thought all you had to do in business was gather the data, apply the math, and voila! There was the answer.

After 25 years of running companies, I will tell you that numbers are mostly just the result of a bunch of little actions people take every day in your company. Business is about people. And most business problems are people problems. Improving a business is therefore accomplished not by looking at numbers but by changing the behavior of people. And that is very hard. My wife moved the drawer where we keep the utensils in our kitchen over a year ago, and I still sometimes reach in the wrong drawer. No wonder it’s such a difficult task to make large-scale changes across an entire organization.

Matt Blumberg, the founder and CEO of Return Path, uses a great metaphor for this concept. He describes knowing all the detailed numbers of the business as the ability to read a map. Knowing how to actually manage human behavior and drive is something different and just as important — it’s like being able to drive the car. Writes Blumberg, “Being right about what roads to take is a lot less important than actually getting yourself to the destination safely and in a timely manner.”

For leaders, especially the technical and left-brained among us, it can take years to grasp this truth. Creating a massive spreadsheet and crunching all the numbers can give us a comforting sense of being in control. But no matter how neat your numbers-driven solution is, people are messy. If the leader can’t drive the car — i.e., can’t lead, manage, and coach people toward the solution — what’s the point? In my experience, it’s almost always on this people side of things that plans break down and strategies go unexecuted.

Even worse, divorcing numbers from people can even lead to catastrophe.  Wells Fargo CEO often repeated the mantra “eight is great,” meaning that employees should strive to sell each customer eight Wells products. For Stumpf and the creators of the incentive structure, this program, encapsulated in a number, must have seemed a logical way to grow revenue. But they didn’t factor in the human side of things. They failed to ensure that this program was positively changing employee behavior on the ground.

Certainly, knowing the numbers and doing quantitative analysis is — and will always be — an essential component of running a business. But especially in the era of knowledge work, leaders must factor in the more nebulous, hard-to-control aspect of managing human behavior. As management theorist Douglas McGregor told us decades ago in his brilliant book, The Human Side of Enterprise, “The ingenuity of the average worker is sufficient to outwit any system of controls devised by management.” In other words, even the smartest numbers-centered plan can be derailed if it doesn’t mesh with human actions and motives.

What does this mean for executives? It means, first and foremost, ensuring that your organization has managers up, down, and across the organization who understand the CEO’s goals and have the influence required to encourage their employees to actively support those goals. With that powerful combination —having the map and being able to drive — your business is far more likely to achieve its objectives.”

https://worldview.stratfor.com/horizons/business-development-employee-management-joel-trammell-stratfor-blog

ABOUT THE AUTHOR:

Image result for Joe trammell  khorus software
Joel Trammell

Founder and CEO of Khorus Software, Joel Trammell has spent decades as a startup launcher. He focuses on working with current and future CEO’s to maximize their performance.

Artificial Intelligence And The Potential To Replace The Federal Work Force

Standard
Image: “Irishtimes.com

FEDERAL NEWS NETWORK” By Permission – Jeff Neal

Employees will need new skills. OK. Got that. What new skills will they need? Are we talking about the skills of the tech folks in the agency? Yes. Are we talking about the people who will use the tech? Yes.

Are we talking about the agency’s customers? Yes. So we are talking about the potential retraining of the bulk of the federal workforce over a period of years.

______________________________________________________________________________

“It is hard to avoid seeing articles and studies that talk about artificial intelligence (AI) and how it will provide many benefits and open the door to countless risks. A recent two-part Partnership for Public Service report — “More Than Meets AI” — talked about steps agencies should take to communicate with their employees, ensure they have the right skills, minimize risk and build confidence in systems.

All of those are good things to think about. It is true that the potential for AI is so far-reaching that it will certainly change how employees work, present risks we are only beginning to understand and change how the American people interact with the government. The problem with a lot of what I am reading is that it does not take the promise of AI and present concrete examples of how something we all are used to seeing and experiencing will change.

We have retrained people before. When we started moving from paper to mainframe-based systems, we trained employees how to use the dumb terminals that started appearing in their offices. When the first personal computers started appearing in offices, we taught people how to use them, found ways to use the capabilities of the technology and then gradually transformed the way everyone works.

The transformation in those days was slow and mostly predictable. It was a move from paper and pencil to digital, but much of the work replicated what was already being done. While the change was predictable, it was also far-reaching. As I wrote in October last year, during the 1950s, the federal government employed more than a million clerks. Those jobs were mostly automated out of existence. By 2014, the number was down to 123,000. Now the number is down to 106,000.

The fact that we could replace 900,000 jobs and not have tremendous disruption is partly because it was a gradual transformation, partly because it affected the lowest graded jobs where turnover was traditionally high, and partly because it changed the nature of how the most repetitive tasks were done. But it did not change the fundamental work being done, as much as we might think.

The federal government was part of a much larger move to an economy based on knowledge work. Knowledge workers derive their economic value from the knowledge they bring to the table. Clerical work, much like trade and craft work, brought value mostly because of the labor the employees carry out, not their technical and programmatic skills. As those jobs disappeared, they were replaced with people whose knowledge was their contribution.

That transformation is the reason I have said for a long time that the federal government is actually much larger as a percentage of the population than it was in the 1950s. In 2014, I wrote a post that showed how that happened. At the time, we had 183 U.S. residents for every nonclerical federal employee. In the 1950s, the number was one for every 503 residents.

The change in the federal workforce that was driven by the increased use of technology was enabled by increased government spending and the fact that the number of federal employees appeared to remain relatively constant. In inflation-adjusted dollars, federal spending is almost five times as much per U.S. resident as it was in the 1950s.        Subscribe to Federal News Network’s Morning Federal Report and In Case You Missed It newsletters for the latest federal workforce news.

When we experience the next wave of AI-enabled changes, can we expect the same thing to happen? Is it likely that we will continue to see federal spending increase at the rate it has in the past 60 years? Will large numbers of federal jobs be replaced with technology, only to reappear in another form? I think the answers to those questions are going to drive federal agency priorities for years to come.

Will federal spending increase? If the recent spending agreement is any measure, absolutely. The last big attempt by Congress to put itself on a fiscal diet was sequestration. Remember that? They put automatic cuts in place so they could force themselves to stop spending. Then they spent trillions. Spending kept going up because politicians will spend money to get votes.

A free-spending Congress means we are likely to see the dollars continue to flow. The fact that 85% of federal jobs are not in the National Capital Region means they are not going to want to see real reductions in the number of federal jobs. So it is safe to predict that the number of federal workers is going to continue to hover around two million. Add the flowing money, desire to protect jobs in congressional districts and the emerging wave of AI, and the result will be a radically transformed federal workplace. The difference this time is that the pace of advances in technology is increasing and the capabilities we will see from AI will replace knowledge workers to a degree we have not seen before.

This post is the first of a series that will look at the impact of AI. Rather than addressing it in broad terms, future posts will take a look at one type of federal job and examine how the work is performed today and what we can expect as technology develops. I will also make some recommendations on how that transition can come about and what will happen to the employees.

I have more than 40 years of experience in human resources, so that is the occupation I will examine. The changes we can expect in HR and how the government can make those changes will translate to other types of work as well. The next post in this series will be in two weeks.”

ABOUT THE AUTHOR:

Jeff Neal is a senior vice president for ICF and founder of the blog, ChiefHRO.com. Before coming to ICF, Neal was the chief human capital officer at the Homeland Security Department and the chief human resources officer at the Defense Logistics Agency.

Managing Small Business Government Contracting Business System Risks

Standard

aecbusiness.com - Copy

Image:  AEC Business.com

“SMALL TO FEDS By Ken Larson

“Most small enterprises must undertake some form of business process augmentation when entering federal government contracting.

There are rules of thumb to insure wise business system development decisions, specific to your company, for managing the associated risks.

The natural inclination for small business is to immediately jump to buying computer software tools or services in an effort to expedite the business system growth process. That propensity is often enhanced by suppliers who maintain their product or service is “DCAA Compliant”, has been “Validated by the Government as an Earned Value Management System (EVMS)” and other similar claims.

Here are cautions and tips regarding an immediate jump to software or services as a means of growing a government contract business system.

UNDERSTANDING THE REQUIREMENTS

The US Government learned decades ago that it cannot impose specific business systems on contractors.  One of the last great attempts to do so was the Program Evaluation and Review Technique (PERT).  It was abandoned in the late 1950’s and early 1960’s and replaced by a set of industry criteria now known as Earned Value Management Systems (EVMS).

Similarly, the Federal Government Cost Accounting Standards Board (CASB) determined that job cost accounting systems could not be imposed on contractors. Over the years they have developed and maintained a set of Cost Accounting Standards (CAS) which governs requirements for accounting on government contracts.

The GSA and similar agencies maintain policies on travel, human resources and wage/rate determinations that are not specific systems, but minimum standards as well.  A small business entering federal government contracting should research the above and similar requirements in such areas as quality assurance, inspection and acceptance and export management.

PROCESS COMES FIRST – MAXIMIZE WHAT YOU HAVE

Given a thorough understanding of the requirements for a government contract business system that fills the need for your specific product or service delivery, the next step is to examine existing processes to determine if they can meet the need or be minimally supplemented to do so.

Finding a need for major process changes or enhancements in the existing business system is the beginning of a requirements analysis to determine the labor, process change, planning, costs and eventual selection of new automated tools that fit the company and that need.

Many start-ups and small enterprises find they can crutch their existing job cost accounting system for service contracts with spread sheets instead of buying an expensive, data base oriented, software package or services initially.  As the company grows into government contracting and the number of transactions and associated revenue warrants the expense,  the firm can then evaluate more expensive packaged software tools or services and ease into them with a plan to minimize disruption.

A government contract award drives many things in government business, but small firms cannot wait until that event to position at least the minimal processes necessary to perform, price new business, function lawfully in the human resources area and submit supportable detail in billings.

Please see the following articles for guidance on minimal business system requirements for small business federal government contacting.

What Is A Small Business Federal Government Contractor?

Pricing Small Business Federal Government Contracts

Small Business Job Cost Accounting Basics

Small Business Federal Government Contracting Business System Development

RULES OF THUMB FOR SELECTING AUTOMATED TOOLS

From strategic planning to marketing, from forward pricing to job cost accounting, from subcontracting and vendor/contractor management to human resources policies, the small firm finds itself undergoing a business system design project upon entering the government contracting venue.

Understand the requirements first, review existing processes and tools next, develop a thorough requirements statement of what must be done in the way of enhancements and then consider automating.  While performing your analysis keep the following 5 rules of thumb in mind:

1. An electronic computer software package or service is not a system. One cannot acquire a system by acquiring them.

2. One acquires a system by conducting systems analysis, achieving a design and processes by working with the people who will run the system. This is hard work and time consuming. Processes are improved and made more efficient by modifying user behavior not by automating it.

3. Once system and analysis and system design are complete one can prudently choose tools to assist in running the system. The adequacy of a computer tool or service is driven by the requirements of the most efficient system design.

4. The biggest mistake implementation teams make is to believe they are buying a system when they buy a software tool or service or let the tools drive the systems analysis process. That is like asking a mechanic to drive a wrench from New York to St. Louis. It has resulted in millions of dollars wasted and plummeting efficiency in many organizations, large and small.

5. It is necessary to design a system and processes unique to the company to meet user requirements before going shopping for computer tools or services.  If you do not you will be pigeon-holing your company into becoming a slave to the company that owns the software source code or service. If you want anything changed it costs a big buck. ”

Small Business Federal Government Contracting

 

ABOUT THE AUTHOR:

Ken Fluther - Copy - Copy

Micro Mentor Volunteer Counselor Ken Larson assists many small businesses with their planning and operations processes. Small business owners or prospective owners locate through a background search capability at Micro Mentor.   Ken is a Veteran of 2 tours in the US Army Vietnam and has over 40 years in the Defense Industrial Complex. He spent over 30 years in federal government program and contract management and 10 years in small business consulting. Ken receives many inquiries from small companies wishing to enter or enhance their position in federal government contracting. Volunteer time, books, articles, and resources are 100% free through Small to Feds maintained exclusively for small business.

 

 

 

 

Managing Risk in Small Business Federal Government Contracting

Standard

Image:  Govconadvisors.com

The challenges and difficulties for the small business in government contracting are not so much in the areas of barriers as  they are in lack of knowledge (which I concede is a form of barrier but one that can be dealt with)

Large business and government agencies take advantage of the small enterprise lack of knowledge or make poor assumptions regarding what a small business knows about the Federal Acquisition Regulation (FAR) and associated Cost Accounting Standards (CAS). This leads directly to abusive practices.

A prime example of an abusive practice is large corporations signing  teaming agreements during proposal efforts and then not awarding  subcontracts to the small enterprise as agreed, keeping the majority of work for themselves.

Agencies take forever these days to put in place actual prime contracts after source selections and award to a small business. They do not realize that a small enterprise does not have deep pockets and must have cash flow to sustain a new program with new employees.

Funding levels on IDIQ and Omnibus programs are insufficiently committed and the small enterprise is not adequately informed about limitation of funds and  funding exposure.

http://www.smalltofeds.com/2007/09/limitatoin-of-funds-and-funding.html

I have seen enough small  businesses succeed in the government contracting field that I am  convinced that the government needs more active roles in education of  the small enterprise and more trained contacting officers that understand the limitations of a small business.

The most common traumatic situation I encounter is with newly  established businesses who have won their first government contract and  have no CAS compliant job cost accounting system in place to bill it  out. The government has assumed that capability will materialize and  when it does not they audit the bills, find no backup and shut down the  cash flow until the system is fixed. At that point the business can fail. The company should have been educated much earlier in the process about these requirements.

http://www.smalltofeds.com/2012/09/what-small-business-should-know-about.html

The number of poorly performing SETA contractors in roles not suited  to them in contract administration support is increasing in federal  agencies. These firms need to be vetted and better managed for the  omissions and commissions they contribute to the above.

http://www.smalltofeds.com/2012/07/is-small-business-federal-government.html

Not every small enterprise can get  into a class on government contracting at George Washington University,  The Defense Acquisition University or send their personnel to lengthy  and costly seminars conducted by organizations like the National Contract  Management Association. These are  great education sources but do not  come close to filling the complete requirement and they cost time and money.

The contracting officer and his staff as well as larger enterprises need to be upgraded in the skills necessary to guide – not abuse – the small business in federal government contracting.

Homeland Security Must Manage Risk – Not Events

Standard

homeland_security

“THE HILL”

“The department’s mitigation programs, relationships with states and localities, and emerging analytic capability make it the ideal hub for a risk management mission.

The DHS isn’t doing its job because it doesn’t know what its job is.

Rather than combating terrorism, the department should refocus its mission around combating risks of all kinds.

It was created as a mishmash of 22 disparate agencies in the rush to respond to the Sept. 11 attacks. Congress and the president created the department with the explicit mission of preventing terrorism, but they included unrelated agencies that needed a home, while other important terrorism- or disaster-related agencies were left out.

Today, the department’s management spends much of its precious time responding to the headline of the day across multiple missions of protecting the border, preparing for natural disasters, and managing airport screeners. Its frontline employees don’t fare any better — the agency routinely tops the list of worst places to work in government. Fortunately, the department can do better. Public administration scholars have found that one of the best ways to improve job satisfaction is to make missions and goals more clear and less ambiguous.

Fixing the department requires jettisoning the holding company model and leaving the job of curbing terrorist threats to the Department of Justice, which houses the FBI. Without terrorism at the center, the agency can refocus on assessing and reducing an array of risks for natural and technological disasters. For any particular threat, such as terrorism or hurricanes, risk is a function of the probability of the threat multiplied by the potential consequences.  That sounds simple enough, but if done correctly it could transform how we prepare for disasters and make the country safer.

Right now, the DHS manages siloed programs to prepare for many different kinds of threats. But it is difficult to prioritize investments across different threats over time. A reformed department would compare the risks posed by hurricanes, forest fires, tornadoes, radiological “dirty bombs,” and cyber attack. Some defenses, such as concrete barriers, can reduce the damage caused by both floods and terrorism. The department could also assess risks over time. Investing in mitigation, or reducing the damage caused by disasters before they happen, is cheaper than coming to the rescue after a disaster. A report from the Multihazard Mitigation Council found that mitigation saves society an average of $4 saved for every $1 spent. It is difficult to convince politicians and department leaders to spend  money on mitigation, however, because they cannot easily take credit for helping to prevent a disaster that never happened, or that might not happen on their watch.

The DHS’ disaster management arm, FEMA, already offers grants to states and localities to build mitigation programs. But these programs are modest, and FEMA employees make up less than two percent of the department. Extending the mission of FEMA’s modest mitigation directorate would reorient the department around illustrating what risks society faces and what investments would reduce them. There is much work to be done. Convincing cash-strapped jurisdictions to spend money on mitigation requires evidence that the cost is worth it.

Some department officials say that they are already doing risk management. When compared with the careful forecasts of the National Oceanic and Atmospheric Administration or the exhaustive reports of the General Accountability Office, however, DHS products come up short. Building on analytic capacity from other agencies and the privacy sector could make the DHS the government face for information about risk.

For all the complaints that cities make about the department, the DHS has closer ties to cities and states than do most of the expert science agencies in the federal government. DHS border agents work closely with state and local police, and FEMA operates grant programs with every state and many counties. The department’s connections to the street level could be significantly enhanced with a sharper focus on risk management that leverages these existing relationships.

A reinvigorated DHS would leave chasing terrorists to better equipped agencies, jettisoning the ostensible reason for the department’s creation. Its new and expanded mission of assessing, illustrating, and reducing risks of disasters of all kinds is better suited for the 21st century. The world may not be more dangerous than it was in the last century, but it is more complex.”

http://thehill.com/blogs/congress-blog/homeland-security/294132-a-new-mission-for-homeland-security-managing-risk?utm_source=Sailthru&utm_medium=email&utm_campaign=EBB%2009.02.16&utm_term=Editorial%20-%20Early%20Bird%20Brief

What is a Government Contract Stop Work Order?

Standard

Image: Eybeam.org“SMALLTOFEDS”

“During the Federal Government Shutdown of 2013 many enterprises received stop work orders on contracts.

Stop work orders are serious matters and require special handling to comply with government direction and to manage risk.

This article specifies the purpose of a stop work order, actions that must be taken upon receipt of the order and the relationship of the order to resumption of effort, funding constraints, contract terminations and associated business risk.  It also discusses the principal options and equitable adjustment terms and conditions available to you if you undergo a stop work on a government contract.

Continuing effort on a contract after receipt of a stop work is high risk.

Astutely managing your options is a far better approach.

The purpose of a stop work order is to immediately bring to a halt the effort on a contract and any further performance and related cost against that contract.

It is usually necessary when unforeseen circumstances necessitate the action, such as the government shutdown or similar exigencies.

A stop work order is to be taken literally.  Under a stop work order the government makes no guarantees it will take any further deliveries whatsoever, regardless of the contract type. A stop work order means just that.  Stop work and stop incurring cost.

Upon receipt of a stop work order you have no guarantee of payment for any transaction date-stamped in your accounting system after the date of the stop work order (or the commencement date of a stop work order specified in a Contracting Officer’s Letter).

I suggest clients receiving these orders close the charge numbers applicable until the stop work order is lifted with an order to resume effort and immediately notify any effected suppliers and subcontractors to do the same.

To the degree the government has made progress payments or has any other form of payment invested in the product to date it has ownership rights in the product. If that is the case treat the physical material work-in-process as government owned, store it as such without performing any more effort on it and await further disposition.

To the degree the government has not paid anything on the contract or delivery order they have no ownership rights to the product and you are free to complete it and sell it to another customer (commercial or government) that has not stopped work. If the government recommences the order, quote a new price and delivery from ground zero.

At the bottom line a stop work is blunt and to the point.  Treat it as if you will never hear from this customer again to manage the risk.

To the degree you do hear from the CO again and he or she has the funding to recommence work, be prepared to submit a proposal for what it will take to start the effort and a realistic delivery schedule to complete the it, but do not build any retroactive costs incurred during the stop work period into your logic and expect to bill them; they may not come to payment fruition.

Hypothetically at some future date the government could terminate the  contract without taking delivery and the contractor will then submit a termination proposal for recovery of costs and disruption.

http://www.smalltofeds.com/2011/08/federal-government-contract.html

When a stop work order is lifted  the contract or the delivery order is open to negotiation on both price and delivery under the equitable adjustment and changes clauses in the FAR provisions of the contract.

At that time, you should inform the government that you are pleased to resume work, but under revised price and delivery conditions as specified in a proposal for equitable adjustment

You should not resume work until a contract or work order amendment is received granting the price and delivery relief to contract requirements commensurate with negotiation results under your proposal for equitable adjustment.

In short, time is money.

If your contract was adequately funded and remains so when work commences and assuming you negotiate acceptable terms and conditions you can proceed with low risk.  If the funding on the contract is low at the time of recommencement, it is recommended you request additional funding and handle that matter in accordance with the article linked below.”

http://www.smalltofeds.com/2007/09/limitatoin-of-funds-and-funding.html

http://www.smalltofeds.com/2013/11/what-is-government-contract-stop-work.html