If you are a Federal contractor providing “staff augmentation” services to government agency customers, you are likely overpaying for your ISO 9001 and other audits. And it may be by a lot.
Staff Augmentation
Staff augmentation is where the Federal government requires a contractor to provide personnel as part of the contract. These persons, often called “direct staff,” are hired by the contractor and “placed” into the government’s site as a sort of contract employee. The direct staff work for your company, but they perform the work on a daily basis at the government customer’s site. You pay them, you manage their work, you hire and fire them; but these direct personnel don’t really fall under your company’s quality management system since they may never actually show up at your company at all.
The cruder terms for staff augmentation include “headhunters,” “body shops,” and companies who “put asses in seats.” These contracts are extremely problematic because of FAR clause 37.104, which deems most such hiring arrangements a “personal services contract,” and then goes on to nearly always prohibit them. Despite most of these being illegal under the FAR clause, the Federal government continues to engage in them, ignoring its own FAR clause. I will have another article on that point in the future, however, so bear with me as we all just ignore the fact that everyone is already breaking the law with these things.
Soylent Green is People
Under ISO 9001, the direct staff you hire solely to fulfil a contract requirement are considered your product, not your employees. This is an interesting, if somewhat dehumanizing, way of thinking about it, and I call it the Soylent Green Effect. Let’s unpack that.
Say the Veterans Administration (VA) puts out a request for proposal (RFP) asking for ten full-time Java programmers. Your company has the resources to find those programmers, so you bid on the job and win the contract. Now you go out and hire ten programmers; one of those is named Jane. You will provide typical company onboarding for Jane, going over her employment terms, company rules, timecard requirements, health benefits, etc. But then Jane will report to work at the VA and never step foot in your company again. She won’t be working under your QMS, but technically under the QMS of the VA office she reports to every day. She has to follow their rules, not yours, for things like performance of work, document control, hours of operation, and even quality expectations. Training Jane on your company’s QMS policies and procedures has no meaning for Jane, since she has to abide by the customer’s policies and procedures.
But Jane’s work is critical to your quality. If she shows up late, falsifies her time card, provides really bad Java programming, that reflects poorly on your company. Jane is the product, and when her work is deficient, she is the nonconforming product per ISO 9001 clause 8.7. She’s the spoiled batch of soylent green. Creepy, but stick with me.
So you would apply corrective action to Jane’s performance, perhaps counseling her, training her, or even firing her. (Under the FAR, the VA wouldn’t be able to do any of that, and it’s entirely on you.)
Then, when you measure your QMS overall effectiveness, one metric becomes the quality of services delivered. So you review the performance of Jane as well as all the other nine programmers you hired for that contract. Instead of tracking part defects, as a machine shop might, you trend and track the direct employees’ performance.
Ka-Ching, Baby
So how does this save you money? When requesting a third party ISO 9001 conformity assessment – and this works for ISO 20000-1 and various other standards, too — you don’t include the direct personnel in your employee count. Again, they are your chief product, and do not fall under a requirement to abide by your QMS.
Think about it. If an ISO 9001 certification body auditor were to interview Jane, what would she be able to tell them? She only falls under your control for things like payroll and benefits, and those are out of scope of the QMS. Next, would the CB auditor demand to audit Jane at the VA office? The auditor cannot because the VA is not about to give permission for some random auditor to start walking around their building asking questions.
No, you leave them out of the employee count when requesting CB certification services, and that’s where the savings come in. Audit duration is governed by IAF Mandatory Document 5 (MD5), and the primary factor in calculating audit days is employee count. For this, you only total up indirect staff: all your overhead staffers, full- and part-time employees, and anyone who works at your building under your QMS’ rules. You do not count direct staff who exist solely to fulfill a contract and who, when that contract concludes, would have to be let go or transitioned to a new contract.
Here’s the chart from MD5 for QMS audit duration for an initial ISO 9001 audit:
The CBs can then finagle this a tiny bit, raising or lowering the duration a tad based on risk, the complexity of what you do, number of sites, etc. But this gives you a general idea.
But many IT consulting firms and government contractors who provide staff augmentation may only have five or ten direct staffers, while managing 100+ indirect. For those companies, they would apply the audit duration for the lower number of employees, thus saving as much as five days of CB auditing. At a rate of around $1,500 to 2,000 per day for CB audit, that’s a lot of money saved. That then lowers the number of days for annual surveillance audits, as well.
Now, if you have an indirect staffer who also provides some work as a direct staffer, they count. For example, your company’s VP of Engineering also provides Java programming on that contract alongside Jane. The VP is part of your QMS since they have feet in both camps, and you need to include them in your employee count.
I want to emphasize that this is not cheating. This is actually being honest and accurate. The direct staff don’t work under your QMS, so cannot be included in an audit anyway.
And, again, most of this violates the FAR, but so long as the Federal government keeps handing out these contracts — often requiring ISO 9001 as a condition to bid on them — we have to deal with this as best we can.
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world
