DFARS 252.242-7006(c)(8) specifically requires management reviews or internal audits of the system to ensure compliance with the contractor’s established policies, procedures.

One of the first things a DCAA auditor looks at when auditing a contractor’s accounting system is its policies and procedures. Policies and procedures represent control activities that are essential for an adequate system of internal controls. Good policies and procedures help ensure consistent operations in accordance with management objectives. DCAA cites policy and procedure inadequacies or the failure to comply with policies and procedures in virtually every deficiency report it issues related to internal controls.

Unfortunately, DCAA does not apply this same standard to itself!

Ask any DCAA auditor where guidance for audits can be found, and almost invariably they will cite the CAM (Contract Audit Manual). However, DCAA has completely stopped updating the CAM. So what is the auditor to do?

The current process is undocumented (typical DCAA), but appears to be comprised of the following:

Step 1:

The expectation appears to be that the auditor start with the CAM guidance. If the guidance is current, the auditor is held responsible for complying with it; however, the auditor can’t assume the guidance is current.

Step 2:

Check to see if any MRDs (Memorandum for Regional Directors) have been issued that changed the guidance. The list of MRDs is only supposed to be the MRDs that are still open. Some of the MRDs go back to 2004.   If an MRD is found, the auditor is still expected to continue the search because there may have been an even earlier MRD that changed the guidance and the most recent MRD may not have changed all of that guidance.

Step 3:

Rather than MRDs, a significant amount of guidance comes in the form of presentations delivered by the agency quality staff. There is no index for this guidance. DCAA apparently believes that all of the auditors will either memorize all of this guidance, have the location of the guidance in the multiple presentations they receive each year memorized or search through all of the presentations to find the guidance.

Step 4:

Check the “audit guides” that DCAA management said they were going to issue because they just can’t manage to update the CAM. Oh sorry, that was a year ago but none have been issued (at least nothing is showing up on:

Step 5:

Get guidance from the supervisor, manager, region, or headquarters. This of course assumes the auditor realizes guidance changed and that they “know what they don’t know.” You can also imagine how much time it will take an auditor to actually get an answer.

If the auditors are really following this kind of decision making process, is it any surprise they can’t complete a timely audit?

Want to know why different auditors give you different answers and what was acceptable one year is not acceptable the next? You need look no farther than this lack of internal controls.

Imagine the deficiency report a contractor would receive if it had this kind of a system!

A basic tenet of any internal control system is that, at some level, management can override internal controls. The lack of written guidance provides DCAA management with “plausible deniability”. It makes it easier for management to blame errors and inconsistencies on poor auditor judgment or auditor misinterpretations and avoid responsibility.

Contractors want to comply with government contract requirements and auditor expectations. Unfortunately, the lack of published guidance and poor DCAA internal controls makes it very difficult to determine exactly what those expectations are. The predictable result is unnecessary compliance costs and inefficiencies for both the contractor and the auditor.

Don’t blame the DCAA auditor because this is clearly a DCAA management problem. This issue is at the root of many of DCAA’s problems. Sadly, with all of the scrutiny DCAA has received from the DoD-IG and GAO over the past several years, this major issue seems to have been completely overlooked.

White paper: DCAA Rejection of Incurred Cost Proposal Download Now

Written by Robert Eldridge

Robert Eldridge Robert (Bob) Eldridge is a Director with Redstone Government Consulting Inc. He provides Government Contract Consulting services to our Government contractors primarily related to compliance with Federal Acquisition Regulations and Cost Accounting Standards, equitable adjustment claims, and business systems. Prior to joining Redstone Government Consulting, Bob served in a number of capacities with DCAA for over 32 years. Upon his retirement, Bob was a Regional Audit Manager with DCAA. Bob began his DCAA career in 1981 as an auditor-trainee with the Pratt & Whitney Resident Office in West Palm Beach, Florida. Bob served two three year tours at the Defense Contract Audit Institute teaching multiple contract audit courses including “Auditing Internal Controls”, “Technical Management of Audits”, and “Advanced Cost Accounting Standards” and writing Agency courses on Cost Accounting Standards and Equitable Adjustment Claims. He returned to the Eastern Region in 1999, holding various audit positions before ultimately becoming a Regional Audit Manager in February 2007. As Chief of the Eastern Region Quality Assurance Division, Bob was heavily involved in developing DCAA guidance related to auditor consideration of internal controls and risk assessment preparation. In 2012, Bob was assigned to the U.S. Senate Committee for Homeland Security and Governmental Affairs, serving as a subject matter expert on a wide range of federal contract and grant matters for Senator Susan Collins. During Bob’s tenure with DCAA, he had overall management responsibility for audits performed by over 200 employees. He was directly involved in conducting or managing a wide variety of compliance audits, including: forward pricing proposals, incurred cost submissions, business system internal controls, Cost Accounting Standards, claims, and defective pricing. Bob was also directly involved in complex quantitative methods applications, particularly regression analysis and improvement curve applications. Bob currently specializes in assisting clients with more complex DCAA audit issues related to business system internal controls and Disclosure Statements and with developing and maintaining government compliant accounting and estimating systems. Bob also provides expert advice on compliance with FAR cost principles and Cost Accounting Standards and assists with the more complex forward pricing proposals and equitable adjustment claims.

About Redstone GCI

Redstone Government Consultants are a team of the most senior industry veterans and the brightest new talent in the industry. Many have held senior government positions including leadership roles in the DCAA. Our new talents bring significant accounting and software experience along with fresh perspectives, inspiration and energy to our team. Through our leadership and combined experience, we provide a unique perspective, bringing both government and contractor proficiencies to bear and ensuring rock-solid government compliance for our clients.

Topics: Government Compliance Training, DCAA Audit Support