COR certification — what's the hardest part of the contracting process?
I'm a program analyst at a civilian federal agency and I've been designated as a COR for a new IT services contract worth about $2.8M annually. This is my first formal COR designation and I'm required to complete the FAC-COR Level II training within 60 days of designation. I have the DAU training courses queued up but I'm looking for additional prep.
The areas I'm most uncertain about are invoice review and approval (specifically confirming contractor deliverables match the PWS), and what my documentation obligations are when a contractor underperforms. I know I have to maintain a COR file but I've never built one from scratch.
My contracting officer is stretched thin and told me to handle day-to-day contractor oversight independently. That's a significant responsibility and I want to make sure I'm not creating problems for the agency through documentation gaps or missed obligations.
What are the most common mistakes first-time CORs make, and what should I prioritize setting up in the first 30 days of the contract?
Invoice review is genuinely the hardest part early on. Make sure you have the PWS in front of you when reviewing every invoice and that you're confirming specific deliverables were received — not just that work was done. First-time CORs often approve invoices based on the contractor's word rather than verified deliverables. That creates audit problems later.
When a contractor underperforms, document it immediately using the CPARS process and coordinate with your CO before taking any corrective action. CORs can't issue cure notices or show-cause letters — only the CO can. Your job is to document, report, and recommend. Acting beyond your authority is one of the most damaging mistakes a COR can make.
In the first 30 days: set up your COR file structure, establish a monthly contractor performance report template, hold a kick-off meeting with the contractor to clarify deliverable timelines, and get a copy of the contractor's QCP if one is required. All of this should happen before you're deep into performance monitoring.
First-time COR here — I've been doing this for 18 months. The most common mistake is treating COR duties as administrative rather than legal. Your contemporaneous documentation protects the agency in disputes. Document every contractor interaction: emails, meeting notes, site visits. If it's not written down it didn't happen from a legal standpoint.
Quick update since I posted here a few weeks ago -- I just hit 78% on a practice test yesterday and honestly felt a lot better about where I'm at. The contracting process questions were still tricky but the performance monitoring stuff is starting to click. I've been doing maybe 20-30 questions a night after work which isn't glamorous but it's working.
I'm planning to sit the actual exam in about three weeks once I finish the DAU modules on contract administration. If you're in the same boat, don't sleep on the contractor surveillance sections -- those questions are way more nuanced than they look at first glance.
Failed my first attempt at the FAC-COR Level II exam and honestly wasn't surprised in hindsight. I'd gone through the DAU modules pretty quickly and figured the contracting process stuff would click from my day-to-day work, but the exam hit me with scenarios I'd never actually dealt with — things like invoice approval timelines and what exactly triggers a formal modification versus just a COR memo. The gap between "I know what a COR does" and "I can answer a timed question about contractor surveillance plans" is way bigger than I expected.
Second time around I spent two weeks drilling specifics. I used a mix of the DAU content and some free cor contract management fundamentals practice questions to actually test whether I understood the material or just recognized it, which is a different thing entirely. The biggest shift was slowing down on the performance monitoring and documentation questions — those tripped me up the first time because I'd skim them and pick the "close enough" answer. If you're coming from a program office background like me, don't assume your hands-on experience covers you. Learn the actual regulatory logic behind each step.