Parts 1 and 2 covered reading the buyer and winning the bid. Part 3 is the discipline that determines whether you stay in business after you win. Defense contract pricing is not commercial pricing with bigger numbers. It is a separate financial regime — contract-type-aware, audit-anchored, and unforgiving of casual accounting. Programmes that win awards on attractive bid prices and lose money over the period of performance almost always trace the loss to one of three failures: the wrong contract type for the actual risk, indirect rates that were optimistic on paper and unsustainable in practice, or cost accounting that could not segregate direct from indirect when an auditor asked. Part 3 walks through how each is engineered correctly.
The series pillar is The Complete Guide to Defense Procurement. The RFP-side discipline this part connects to is in From RFP to Contract; the quality-system overlay for NATO programmes is in NATO AQAP-2110 for Software Vendors.
Step 1: Contract Types and When Each Fits
The contract type allocates risk between buyer and vendor. Choose wrong and either you lose money or the buyer overpays — neither outcome supports a second contract. The major types:
Firm-Fixed-Price (FFP). A single price for a defined deliverable. The vendor bears all cost risk above the price; keeps all benefit below. Appropriate when scope is well-defined, technical risk is low, and the vendor has reliable cost history. Inappropriate for R&D, novel integration, or anything where scope can drift. U.S. DoD prefers FFP wherever defensible; EU programmes use it for production runs of mature systems.
Time and Materials (T&M). Labor at fixed hourly rates plus materials at cost. The vendor bears no cost risk on hours, but is capped on profit. Appropriate for support services, sustainment, and consulting where scope cannot be fully scoped up front. Heavily scrutinized by U.S. DoD because of historical abuse — overuse triggers OIG findings.
Cost-Plus-Fixed-Fee (CPFF). The buyer reimburses allowable costs plus a fixed fee that does not vary with cost. The vendor bears no cost risk but earns no upside from efficiency. Appropriate for high-risk R&D where the technical outcome itself is uncertain. DARPA, ONR, AFRL programmes lean on CPFF for early-phase work.
Cost-Plus-Incentive-Fee (CPIF). Like CPFF but with a fee that varies on a sharing formula — under-run costs share with the buyer (vendor earns more), over-run costs share back (vendor earns less). Aligns incentives where R&D risk is real but cost discipline still matters. Common on Lockheed Martin, Northrop Grumman, Raytheon prime R&D contracts.
IDIQ vehicles. Indefinite-Delivery, Indefinite-Quantity contracts give the buyer a pre-priced rate card to issue task orders against. GSA Schedules, OASIS, CIO-SP3, SEWP V in the U.S.; framework agreements at NSPA and OCCAR in NATO/EU. The vendor wins the umbrella and then competes individual task orders.
MAC (Multiple-Award Contracts). Multiple vendors hold the same IDIQ; task orders compete among them. Faster than a fresh full-and-open competition, but vendors must stay engaged or lose share.
The profitability profile varies sharply. A well-executed FFP on a known scope returns 12-18% margin; the same FFP on poorly-scoped work returns negative margin. CPFF returns a regulated fee — typically 6-8% — but with zero cost risk. The contract-type decision is a strategic decision, not a clerical one.
Step 2: DCAA-Compliant Cost Accounting (US)
U.S. defense work that is anything other than commercial-item FFP triggers Defense Contract Audit Agency oversight. The DCAA does not award contracts but recommends to contracting officers whether a vendor's accounting system, rates, and incurred costs are acceptable. A failed DCAA review can suspend payments, claw back prior payments, or disqualify the vendor from future cost-type work.
The expectations are mechanical and they are not negotiable:
Job-cost segregation. Every direct cost — labor, materials, subcontract, travel — is tagged to a specific contract or task order. Pooling direct costs across contracts is disqualifying. The accounting system must produce a contract-level cost report on demand.
Timekeeping discipline. DCAA-compliant timesheets capture all hours worked (not just billable), are recorded daily by the employee, are signed by the employee and supervisor, and cannot be retroactively edited without audit trail. Floor-checking audits — DCAA showing up unannounced to verify employees are charging the contracts they say they are — are a real and ongoing risk.
Allowable vs unallowable costs. FAR Part 31 enumerates costs that cannot be charged to government contracts even when legitimately incurred: alcohol, entertainment, lobbying, bad debt, certain executive compensation above a published cap. Unallowables must be segregated in the accounting system and excluded from indirect cost pools that hit government work.
The SF 1408 accounting system audit. Before award of a first cost-type contract, the DCAA performs a pre-award accounting system survey using Standard Form 1408. The vendor demonstrates that the system can produce the required reports. A vendor that has never been through SF 1408 is treated as high-risk; budget six to twelve months to prepare.
Mature primes — Lockheed, RTX, BAE, General Dynamics — have entire accounting organizations devoted to DCAA compliance. New entrants underestimate the build. The shortcut does not exist.
Step 3: NATO/EU Equivalents
Outside the U.S., the audit machinery is different but the discipline is similar.
AQAP-2110 and ISO 9001 cost recordkeeping. AQAP-2110 (NATO's quality publication for design and production) does not specify cost accounting directly, but its configuration-management and traceability requirements force the same kind of job-level cost record that DCAA expects. ISO 9001 layers the management-system overlay. NATO procurement assumes both.
EU Financial Regulation compliance. Contracts funded under the European Defence Fund, PESCO projects, and EDA mechanisms are governed by the EU Financial Regulation. Cost eligibility rules look DCAA-ish in shape: direct costs traceable to the action, indirect costs allocated on a documented basis, unallowables excluded. Audit is by the European Court of Auditors and the relevant national authority.
UK MoD commercial assurance. The Single Source Regulations Office (SSRO) sets the framework for non-competitive UK MoD contracts and reviews vendor cost data. Allowable Cost guidance is the UK analogue to FAR Part 31. The audit is performed by MoD commercial staff with SSRO methodology.
Germany's BAAINBw cost reviews. The Bundesamt für Ausrüstung, Informationstechnik und Nutzung der Bundeswehr (BAAINBw, the successor to BWB) performs cost reviews on non-competitive procurement. The methodology references the LSP regulation (Leitsätze für die Preisermittlung) which dictates how allowable costs and profit are computed.
France's DGA cost reviews. The Direction Générale de l'Armement performs equivalent reviews on French national programmes, with methodology codified in successive instructions. Cost models are reviewed at the bid stage and again post-award.
The common thread: any non-competitive cost-type or non-fixed-price work, anywhere in NATO, will be audited on a methodology that expects DCAA-shaped discipline. Build it once; reuse it everywhere.
Step 4: Indirect Rate Engineering
Indirect rates are where margins are made and lost. The structure that most U.S. defense vendors use:
Fringe. Employee benefits — health insurance, retirement contributions, payroll taxes, paid time off — allocated as a percentage of direct labor. Typical range: 25-40%.
Overhead. Costs that support production but are not direct to a contract — engineering management, facility, equipment depreciation, indirect labor. Allocated on a base (often direct labor plus fringe). Typical range: 50-110%.
G&A (General and Administrative). Corporate costs that support the entire business — executive, finance, HR, legal, business development. Allocated on a base (often total cost input). Typical range: 8-20%.
The math compounds. Direct labor of $100 plus fringe at 30% ($30), overhead at 80% on labor-and-fringe ($104), G&A at 12% on total cost input — the loaded labor cost is roughly $260. A vendor who quoted on $200 because they forgot a layer evaporates the margin before profit is even applied.
Provisional vs final rates. Provisional rates are the vendor's forecast for the current year; final rates are the audited actuals once the year closes. The gap is settled through rate adjustments on cost-type contracts. Provisional rates that consistently exceed finals trigger DCAA scrutiny and may force forward-pricing adjustments.
Forward-Pricing Rate Agreements (FPRA). A multi-year agreement between vendor and DCMA on indirect rate forecasts. Once an FPRA is in place, proposals use the agreed rates without per-proposal negotiation. Large primes universally hold FPRAs; mid-tier vendors should pursue one as scale justifies.
Step 5: Price-to-Win Analysis
Pricing the bid is a synthesis of three calculations.
Bottoms-up estimate. Detailed buildup of labor hours by skill mix, materials, subcontract, travel, ODCs (other direct costs), loaded with indirect rates, plus fee. This is the would-cost — what it actually takes to deliver. Mandatory for cost-type proposals; required as backing data even for FFP.
Parametric estimate. Top-down estimate using cost-estimating relationships (CERs) calibrated on prior programmes. Useful as a sanity check on the bottoms-up. Tools like SEER-SEM, PRICE-H, COSYSMO underpin parametric work in defense.
Should-cost analysis. What the buyer believes the work should cost based on their own independent government cost estimate (IGCE). The vendor does not see the IGCE but reverse-engineers it from RFP indicators, comparable programmes, and competitor intelligence.
The price-to-win is the lowest defensible price that meets must-win requirements and clears the should-cost bar without undercutting your own profitability. Competitor pricing intelligence — sourced legally from public award notices, FPDS-NG, TED in Europe, and lost-bid debriefs — calibrates the bid. The must-win analysis weighs strategic value against margin sacrifice. Some bids are priced thin deliberately because the contract opens a market segment; others are priced for margin because the segment is already secured.
Step 6: Open-Book vs Closed-Book Pricing
Open-book pricing means the buyer sees the cost buildup. Closed-book means they see only the price.
EU defence programmes — particularly EDF and PESCO co-funded work — increasingly require open-book pricing for collaborative phases. The justification is co-financing accountability: the EU pays a share, the EU sees the cost basis. Open-book also supports the Member State auditors who validate national co-financing.
U.S. FFP procurement is closed-book by default — the price is what was bid, and the cost basis is the vendor's private knowledge. Cost-type contracts are inherently open-book because cost is what is reimbursed.
The ITAR overlay complicates open-book: cost detail on ITAR-controlled products may itself be export-controlled. Disclosing labor categories, vendor sources, or technology breakdowns to a foreign buyer can trigger licensing obligations. The pricing team coordinates with the export-control function before open-book disclosure. The detailed treatment is in ITAR-Free Defence Software.
The trust posture differs. Open-book demands that the vendor's cost discipline be presentable to a sophisticated buyer; the cost story has to defend itself. Closed-book lets the vendor protect its competitive position but forces the price to clear must-win on its own.
Key insight: Defense pricing is not a markup exercise. It is a calibration between three numbers — would-cost, should-cost, must-win — performed inside a compliance regime that audits the calibration after the fact. Vendors who treat the bid as a number and the compliance as paperwork eventually meet the auditor who treats it the other way around.
Step 7: Surviving the Audit
Three audit events define the lifecycle. Each has a defensive posture.
Pre-award accounting system audit. Before the first cost-type award, DCAA or its equivalent confirms the accounting system can produce required reports. The defense is preparation: SF 1408 mock audit, time-and-attendance system in production for at least one full close cycle, indirect rate structure documented and traceable. Vendors that pass on the first attempt have rehearsed; those that fail are usually trying to qualify and bid simultaneously. Battle-Tested vs Lab-Tested covers the related operational-readiness posture.
Post-award incurred-cost audit. Annually, DCAA reviews the vendor's incurred-cost submission — the actual costs charged to government contracts for the closed fiscal year. The defense is integrity: time records match payroll, payroll matches journal entries, journal entries match the indirect cost pools, the pools match the rate calculation, the rate calculation matches what was billed. Each link broken is a finding.
Defective pricing claims. Under the Truth in Negotiations Act (TINA) and its U.S. analogues, certified cost data submitted in support of a negotiated contract must be current, accurate, and complete. A finding that the data was defective — that the vendor knew of lower costs and did not disclose — supports a clawback claim with interest and penalty. The defense is documentation: the cost data submitted is timestamped, sourced, and traceable to the underlying system extracts on the day of certification.
The discipline that prevents the post-contract pricing nightmare is the discipline that was built before the bid was submitted. Retrofit is rarely successful.
What's Next
Part 3 has covered the financial regime. Contract type as risk-allocation choice, DCAA-compliant cost accounting and its NATO/EU equivalents, indirect rate engineering, the three-number price-to-win calibration, open-book vs closed-book disclosure, and the audit posture that survives the lifecycle.
Part 4 closes the series with post-award execution: earned value management, programme reviews, change-control discipline, subcontract management, and the operational rhythm that turns a won contract into a profitable, renewable, reference-grade programme.