DCAA’s Auditing More than ICS & Proposals?
Over the last few years, we have often written on the changing landscape of contractor business system audits. Specifically, the fact that the DCAA has invested considerable resources into the audit of incurred cost proposals and proposals for most of the past decade, which has led to an inability to routinely audit contractor business systems, conduct routine post-award (TINA) defective pricing audits and other audits that should be a routine part of doing business with the government in a flexibly-priced environment. The change in audit focus has been apparent since the end of 2018, but we are just now starting to see the true impact of the Agency’s adaptation to an audit world without a large volume of incurred cost audits.
“New” Audit Initiatives and Our Observations
A few observations our team has noted are below.
- Year-over-year, our support of DCAA’s contractor business systems audits with our clients has more than doubled, both in quantity of engagements and hours invested by our team.
- DCAA is responsible for the audit of estimating, accounting and material management accounting systems (MMAS) of the DFARS business systems clauses. Perhaps not surprising to most, the accounting system area has been the most active, followed closely by MMAS and estimating systems.
- Lead time is generally pretty good. Most contractors know when they are on the schedule for a review of a business system and “surprise” audits of entire systems are exceedingly rare and typically driven by a concern noted in other areas, such as a contractor struggling to submit an adequate proposal, which results in a scheduled estimating system audit.
- Routine risk assessment type reviews appear to be occurring with more frequency. The past several years has seen an uptick in routine voucher examinations and the depth to which auditors go when performing those examinations. We are now seeing increased frequency of labor floor checks and other mandatory annual audit requirements (MAARs), which have been anything but mandatory for the past 6-8 years. These MAARs are driving findings which can impact the adequacy of related business systems and frequently result in significant corrective action processes much like what a contractor would experience as a result of findings in the course of a full business system audit.
- Third-party assessments/audits (TPA) remain common for non-DOD contractors, though we have yet to see a true businesses system audit conducted by a TPA. Most commonly, we are seeing NASA and DOE utilizing TPAs to conduct limited scope reviews on contractor’s accounting and purchasing systems. These reviews tend to be at a much higher level and require nowhere near the level of detail to support as a comparable review/audit by DCMA or DCAA.
- Increasing use of commercial items, OTAs and more streamlined vehicles like GSA’s OASIS is making working with the government easier, but each of these areas have their own unique challenges. Redstone GCI has brought on a new consultant specifically to deal with the commercial item area because of the recurring need we have seen by our clients. Lynne Nalley joined the team in June after 35-years with both DCAA and DCMA. Prior to her retirement Lynne spent the last 5-years of her career guiding the conduct of commercial item determinations as a part of DCMA’s Commercial Item Group.
- Post-Award Defective Pricing audits have increased dramatically. Prior to FY 2020 our role in assisting with these audits was limited to very large contractors, but recently we are seeing inquiries being made at contractors of all sizes. Again, this is largely driven by DCAA available resources shifting from an ICS focus to more system or preventative maintenance type audits.
- Auditor approaches to business systems, TINA/Defective Pricing and even MAAR audits vary. Auditors who joined DCAA in the past decade have minimal experience with these types of audits because the Agency placed so much focus on ICS and proposal audits for so long. There is absolutely a learning curve and working with auditors requires a strong understanding of the audit objectives and limits to not turn into a huge time sink for client staff.
Does More Auditing Mean Less Auditing?
One of the primary purposes of the DFARS Business Systems clauses was to allow for routine review and allow reliance on contractor business systems. With DCAA now investing considerable resources into the audit of contractor accounting and estimating systems, one would hope that this would result in a lowering of risk associated with the more routine audits like voucher examinations, incurred cost submission audits and proposal audits. At this stage it is too early to tell if there will be efficiency gains to the more routine audits/examinations. However, the fact that most ICS audits are now being conducted by TPAs will make that linkage more difficult. If you do have adequate system(s) and are working with a TPA it is important to advise them of this and ask how that impacts their risk assessment and ultimately the amount of testing.
What Can YOU Do to Prepare Your Company?
Additionally, because most contractors have not routinely undergone defective pricing audits it is critical to advise your proposal team and business development group on this emerging risk. The risk has always been there, but it is quickly becoming the “flavor of the month.” Refresher training on the topic and simply making sure that you have good linkages between estimating, accounting and purchasing functions to ensure the currency and accuracy of data submitted as part of proposals subject to TINA is critical. Further, if you are lucky enough to receive the knock at the door from DCAA, it is important to remember this is not always a bad thing. While some audits are initiated as a result of leads, many of the inquiries are just fishing expeditions, where DCAA will do probe testing, a desk review and move on. This is where having evidence of recent training, current policies and procedures and well documented estimating packages are critical to avoiding more costly and time-consuming audits.
Finally, an increasing number of our clients are reaching out for guidance and assistance in developing or participating in recurring internal audit engagements specifically focused on the risks we are working with every day. Our role places our team in a unique position to understand audit risks based on the decades of experience held by our team and our daily interactions with DCAA, DCMA and other agency auditors. We have found that our approach to internal audits, which are based on current and relevant risks, can streamline your internal audit team’s approach and ensure a wider coverage of areas representing true risks to your organization.