Two thirty-second vendor risk checks every capture manager should run before teaming on a federal bid

Every capture manager who's been around for a few years has at least one story about a teaming partner that turned into a problem after the proposal was already submitted. Sometimes the problem is competence. Sometimes it's pricing. But the worst version is the structural risk you should have caught before you committed: the subcontractor who was already barred from federal awards, or the nonprofit partner whose auditor flagged a material weakness that quietly undermined every grant they were touching.

Both of those problems are visible in free, public, official federal data sources. The work to check is genuinely trivial — under a minute per vendor — but almost nobody at small and mid-sized contractors actually does it. We do it for you automatically on every vendor profile. Here's what to look for and why it matters.

Check one: is this vendor on the federal exclusion list?

SAM.gov maintains the authoritative list of every individual and entity that's been formally excluded from receiving federal awards. As of right now there are roughly 8,260 firm-level active exclusions on file. They include companies that were debarred after fraud convictions, suspended pending an investigation, declared ineligible under specific procurement statutes, and entities that voluntarily entered into compliance agreements with restricted award eligibility.

What happens if you submit a proposal that includes an excluded subcontractor or teaming partner? The Federal Acquisition Regulation requires the contracting officer to act when they discover it. Best case: your proposal is rejected and you eat the bid-and-proposal cost. Realistic case: your firm gets flagged for inadequate compliance controls, which travels with you to future evaluations. Worst case: the award is made and then terminated for cause when the exclusion surfaces during contract administration, with all the downstream consequences that brings.

The check itself is two clicks at sam.gov. You enter the vendor's UEI (their twelve-character Unique Entity Identifier) and the search returns either nothing — clean — or the full exclusion record including which agency excluded them, when, for how long, and what kind of comment the excluding officer wrote about the action. That comment matters. There's a difference between “debarred for life” and “ineligible until the terms of the compliance agreement are met,” and the contracting officer evaluating your proposal can see both.

What we surface on a BidSparq vendor profile: when there's an active exclusion, you see a red banner at the very top of the page before you scroll past anything else. Exclusion type, excluding agency, dates, the comment. When there's no exclusion, you see nothing — which is also useful, because it means you can move on. The vast majority of vendor profiles are clean. The ones that aren't, you want to know about immediately.

Check two: does this vendor have a clean audit history?

The second check is narrower in scope but deeper in signal value. Every non-federal entity that spends more than one million dollars of federal awards in a fiscal year is required by the Single Audit Act to file an annual Single Audit. The audits are conducted by independent CPAs under generally accepted government auditing standards. The reports get submitted to the Federal Audit Clearinghouse, where they're public.

Single Audits are extraordinarily useful for capture decisions because they reveal four things in a structured, comparable way:

• Material weaknesses — severe internal-control problems where there's a reasonable possibility a material misstatement of the entity's federal-award financial reporting won't be prevented or detected. This is the worst common finding. A vendor with material weaknesses three years running is a vendor with chronic control problems.
• Significant deficiencies — less severe than material weaknesses but still reportable. A single significant deficiency in one year isn't damning; a pattern of them year over year is a flag.
• Questioned costs — the auditor identified spending that may not be allowable under federal regulations. The dollar amount matters; so does whether it's a one-time anomaly or a repeat pattern.
• Going-concern doubts — the auditor doesn't believe the entity will continue operating for at least another twelve months. This is a five-alarm signal. A teaming partner with a going-concern opinion is a teaming partner who may not be around to perform on the contract you're about to win.

The audit opinion itself also matters. Unmodified is clean. Qualified means the auditor found something material enough to call out but the rest of the financials are fair. Adverse means the financials are materially misstated. Disclaimer of opinion means the auditor couldn't get enough evidence to form an opinion at all — usually a sign of severe record-keeping problems.

What this matters for, practically: nonprofits, universities, state and local governments, tribal organizations, and large grant-recipient firms (including a lot of health-care and research contractors) almost all file Single Audits. If your teaming partner is one of those, their FAC record gives you CPA-vetted intelligence on whether they can actually administer federal awards or whether they have systemic problems. Commercial-only contractors rarely file, so this check returns nothing for most for-profit primes — that's fine; the check is targeted.

What we surface on a BidSparq vendor profile: we pull the entity's full FAC history and compute an auto risk tier. High means recent material weaknesses, going-concern doubt, or worse-than-qualified audit opinion. Medium means recent significant deficiencies or questioned costs. Low means clean recent audits with minor historical findings only. Clean means no findings on any audit on file. Each level shows the specific report years, opinion language, and finding counts, with one-click access to the official report on fac.gov. Like the exclusion check, this only renders when the entity has FAC submissions — commercial primes typically don't, and the panel just doesn't appear.

A capture workflow: thirty seconds, three steps

Here's the workflow we'd recommend you run on every teaming-partner candidate, every subcontractor under consideration, and every joint-venture target. It's thirty seconds.

1. Pull their vendor profile. On BidSparq, navigate to /vendor/[their UEI]. If you don't know their UEI off the top of your head, the directory search at /vendor finds them by name.
2. Check for a red banner. If there is one, the vendor is on the federal active-exclusion list. That's a stop-immediately signal — there's no proposal where adding this partner makes you better off. Move on.
3. Check the FAC risk tier. If the panel shows high tier, you need a serious conversation with this partner about their internal controls before you commit any proposal time. Medium means slow down and read the specific findings. Low or clean means proceed normally.

Across the average capture team's pipeline, the volume of vendors getting evaluated is in the dozens per month. Spending thirty seconds per vendor on this check is genuinely cheap insurance against the kind of structural risk that gets a contract terminated.

Why most procurement tools skip this

The two enterprise-tier procurement-intelligence platforms (you know which ones) both include some flavor of vendor-risk content in their highest-cost tiers. The reason most platforms below the enterprise tier don't surface this data isn't that it's hard to get — it's free — but that connecting it cleanly to other vendor data is tedious. UEI matching against SAM exclusions is one join. UEI matching against FAC submissions is another join. UEI matching against the rest of the procurement data (awards, vehicles, NAICS, set-asides) is a third. And different sources use slightly different identifier conventions, so the joins need to handle the edge cases.

We did the joins. The result is two free signals on every vendor page, surfaced automatically, with no manual lookups required.

Related reading

• How to read a federal contractor like a Wall Street analyst — using SEC 10-K filings, Treasury budget data, and NIH research grants for capture decisions
• Task-order velocity + per-SIN schedule pricing — the contract-vehicle data layer underneath
• How to spot a wired contract — six signals the procurement is already locked, complementing the vendor-risk checks
• All BidSparq features