RGCI-Virtual Audit April Fools Day Blog

Although the COVID-19 Pandemic and its impact on everyone is absolutely serious business, the nature of this “special day” blog is not necessarily serious business.   At times like these we hope that an element of levity will be accepted for what it is and not be misinterpreted as diminishing the serious nature of the pandemic. We also hope that everyone reading this is safe, healthy and adhering to the federal guidelines to limit the spread of COVID-19.

As of the first of March 2020, federal agencies recognized the need to embrace “social-distancing” but also understood the need to keep performing as many day-to-day functions as practicable under these difficult circumstances. DCAA (Defense Contract Audit Agency) already had policies for teleworking (or working from home); however, telework had been the exception because DCAA Management has always preferred face-to-face meetings between auditors and contractor representatives. Now that teleworking has become the default (sole) method for auditing, DCAA has been forced to reconcile some of its audit strategies with the reality of auditing from afar (not to be confused with auditing with the FAR). Thus, DCAA has resurrected the concept of “Virtual Audits” (we say resurrected because in 2012-2013 DCAA had used “virtual audit teams” to somewhat address the incurred cost backlog). There is one slight difference in that the virtual audit teams meant “dedicated to a specific type of audit”, whereas today’s virtual auditing means auditing through remote forms of communications and data transmittal (internet and telecommunications).

Once RGCI (Redstone Government Consulting, Inc.) first became aware of DCAA’s “Virtual Audits” (via clients whose scheduled face-to-face entrance conferences went virtual), we reached out to a DCAA spokesperson (who insisted on anonymity) to gain an understanding of this new method for auditing.  To be honest, this is not entirely new because several DCAA auditors have always preferred to audit from a distance, particularly if getting to the contractor’s office involved driving in heavily congested areas like Washington D.C, or if the contractor’s office failed to provide an environment conducive to efficient auditing (e.g. the auditor had to work in a “bullpen” area versus a private office with a view). At any rate, a few questions and answers (Q&A) from our (RGCI) interview with the “AA” (Anonymous Auditor).

RGCI.  Thanks for taking the time for this telephonic interview.

AA:  You are welcome and a reminder that I am an anonymous source.

RGCI:   Understood, but before we start, how do you spell your last name?

AA:   Johnson; J-O-H-N-S-O-N.

RGCI:  Is that Mr. or MS. Johnson and is that with a “T” after J-O-H-N?

AA:  It is Mr. and no “T”; Johnson, not Johnston.

RGCI: Thanks, and now the first question:  Noting that all contractor records are now obtained electronically, how does DCAA reconcile that with auditing standards and the need to validate the source of the electronic records?

AA:  Good question.   DCAA won’t be issuing any audit reports with audit opinions, instead, we will issue the audit results using an MFR (Memorandum for Record).

RGCI:   What’s the difference noting that the substance of the audit testing and the conclusions stated in the MFR will be eerily the same as those in an audit report?

AA:  Bad question, the difference is obvious, one is an audit and one isn’t.   And the non-audit which concludes with an MFR will have an audit reopener special clause.

RGCI:  What?

AA:   Once things get back to normal and DCAA regains physical access to a contractor facility, DCAA will repeat parts of each non-audit in terms of validating the source of the electronic records; that is requiring the contractor to “pull the same records” while an auditor can observe this activity.

RGCI:   Isn’t that redundant, inefficient and costly?

AA:  No one said that compliance with GAGAS (Government Auditing Standards) comes cheap.

RGCI:  Any other significant changes or strategies?

AA:  One in particular, noting that auditors won’t be present to observe contractor employees during audit inquisitions, I mean inquiries, the auditor will lose the critical advantage of being able to observe the contractor employee’s body language. To address this, during telecommunications DCAA has added a question that the contractor employee describe his or her body language.

RGCI:  What?

AA:  You know, the obvious, when answering a question, is the contractor employee looking away from the phone versus looking at the phone.

RGCI:  What?

AA:  A few other important changes, DCAA has restated (expanded) the requirements in FAR 52.215-2(e) as it relates to a contractor’s contractual requirement to provide records during an audit.   The part we added is underlined:   Availability.  The contractor shall make available at its offices or through electronic transmission at all reasonable times, the records, materials, and other evidence….

RGCI:  DCAA can’t unilaterally change the FAR and in this case a contractual clause.

AA:  Why not, we do it all the time and by the way, I misspoke, we never change the FAR, we just interpret it differently.

RGCI.   Suspicions confirmed.

AA:  What did you say?

RGCI:  Correction confirmed.

AA:  One more very important new audit strategy to enhance the reliability of contractor electronic submissions of contractor records, DCAA will now require a contractor certification that the data submitted is in fact the contractor’s cost accounting data extracted from the contractor’s cost accounting records contained in _________ (system name) on _________ (date) at __________ (time) by _________ (employee name).  A management level contractor representative will make this certification. Additionally, a third contractor employee will concurrently certify through a separate certification that he/she is not aware of any fraud risks related to the data submitted by the employee as certified by the other certification.

RGCI:  Is any of this required by any contractual clause?

AA:  No but yes.

RGCI: What?

AA:  Sorry, but I am out of time and I now must go to my next anonymous interview.  But one last requirement, I need a certification from RGCI that this interview will be published without any unauthorized changes to my statements.

RGCI:  I give you my word.

AA:  I need a certification and it must be on RGCI Letterhead and signed by someone important; actually, by someone real important.

RGCI:  What?       

This blog has been prepared especially for April 1, 2020 (aka: April Fool’s Day)

Written by Michael Steen

Michael Steen Mike Steen is a Senior Advisor with Redstone Government Consulting, Inc. and a specialist in complex compliance issues to include major contractor cost accounting & business system regulations, financial compliance, resolution of DCAA audit issues, Cost Accounting Standards application, litigation support, and claims preparation. Prior to joining Redstone Government Consulting, Mike served in a number of capacities with DCAA for over thirty years, and upon his retirement, he was one of the top seven senior executives with DCAA. Mike Served as a Regional Director for two DCAA regions, and during that time was responsible for audits of approximately $25B and 800 employees. In October 2001, he was selected for the Senior Executive Service and in 2006 he received the Presidential Rank Award. During Mike’s tenure with DCAA, he was involved in conducting or managing a variety of compliance audits, to include cost proposals, billing systems, Cost Accounting Standards, claims, defective pricing, and then-evolving programs such as restructuring, financial capability and agreed-upon procedures. He directly supported the government litigation team on significant contract disputes and has prepared and presented various lectures and seminars to DCAA staff and business community leaders. Since joining Redstone Government Consulting in June 2007, Mike has developed and presented training and seminars on Government Contracts Compliance to NCMA, Federal Publications Seminars and various clients. Mike also is a prolific contributor of written articles to government contracting publications, as well as to our own Government Insights Newsletter. Mike also serves as the director of our training service offerings, with responsibilities for preparing and developing course content as well as instructing our seminars to clients and general audiences throughout the U.S. Mike also serves as a faculty instructor for the Federal Publications Seminars organization. Education Mike has a BS Degree in Business Administration from Wichita State University. He is also a graduate of the DCAA Director’s Fellowship Program in Management, and has a Masters Degree in Administration from Central Michigan University. Mr. Steen also completed a number of OPM’s management and executive development courses.

About Redstone GCI

Redstone Government Consultants are a team of the most senior industry veterans and the brightest new talent in the industry. Many have held senior government positions including leadership roles in the DCAA. Our new talents bring significant accounting and software experience along with fresh perspectives, inspiration and energy to our team. Through our leadership and combined experience, we provide a unique perspective, bringing both government and contractor proficiencies to bear and ensuring rock-solid government compliance for our clients.

Topics: Redstone GCI