DCAA’s Auditing More than ICS & Proposals?

Over the last few years, we have often written on the changing landscape of contractor business system audits.  Specifically, the fact that the DCAA has invested considerable resources into the audit of incurred cost proposals and proposals for most of the past decade, which has led to an inability to routinely audit contractor business systems, conduct routine post-award (TINA) defective pricing audits and other audits that should be a routine part of doing business with the government in a flexibly-priced environment.  The change in audit focus has been apparent since the end of 2018, but we are just now starting to see the true impact of the Agency’s adaptation to an audit world without a large volume of incurred cost audits. 

The language in the 2017 NDAA Sec 831, stating “Performance-based payments shall not be conditioned upon costs incurred in contract performance but on the achievement of performance outcomes …” has finally been incorporated into the DFARS (DFARS Case 2019-D002) with an effective date of April 8, 2020.  The rule removes restrictions in DFARS 232.1001(a), DFARS 252.232-7012(b)(i), and DFARS 252.232-7013(b)(i) that limited performance-based payments to amounts not greater than costs incurred up to the time of payment.  However, the rule does not alter the requirement for subcontractors/vendors to report costs incurred when requesting performance-based payments.  The rule also removed the requirement of the subcontractor/vendor’s accounting system to comply with Generally Accepted Accounting Principles, as evidenced by audited financial statements.

Section 880 of the National Defense Authorization Act (NDAA) included provisions restricting the use of the Lowest Price Technically Acceptable (LPTA) source selection criteria to only procurements where:

Per DFARS 252.204-7012, Contractors were to implement NIST SP 800-171 by 12/31/2017 “Safeguarding Cover Defense Information and Incident Reporting”. However, Contractors self-certification has not gone as well as the Department of Defense (DoD) had hoped.  They have even included it as part of 2019 Contractor Purchasing System Reviews (CPSR) for the Defense Contract Management Agency (DCMA) to evaluate Contractors monitoring of subcontractor’s self-certification.  In the meantime, DoD has shifted gears and is developing the Cybersecurity Maturity Model Certification (CMMC) to help strengthen the DoD supply chain's cybersecurity at all levels of the supply chain, from the prime Contractor on down to the lowest subcontractor. 

Future Supply-Chain Rules to Be Implemented Under Executive Order 13873, and Under Sections 889(a)(1)(B) and 889(b) of the 2019 NDAA

There have been several recent developments in U.S. law, relating to non-tariff restrictions on foreign-origin information technology and telecommunications equipment, with a focus on Chinese-origin products. This is the third installment of a three-part series on this topic.

Supply-Chain Rules from Section 889(a)(1)(A) of the NDAA for 2019 (Implemented by FAR Subpart 4.21)

There have been several recent developments in U.S. law, relating to non-tariff restrictions on foreign-origin information technology and telecommunications equipment, with a focus on Chinese-origin products. This is the second installment of a three-part series on this topic.

Supply-Chain Rules Under DFARS Subpart 239.73

In the ongoing trade war between the U.S. and China, the U.S. Government’s Section 301 tariffs on Chinese-origin goods has received most of the attention, and rightfully so. Effective September 1, 2019, these tariffs generally impact all Chinese-origin goods imported into the United States, including all information technology and telecommunications equipment (“Equipment”). However, there have also been several recent developments in U.S. law, relating to non-tariff restrictions on foreign-origin Equipment, with specific focus on Chinese-origin products.

The Federal Acquisition Regulation (FAR) implemented Section 822 of the Fiscal Year 2017 National Defense Authorization Act (NDAA) which requires contactors to submit additional certified cost or pricing data when only one offer is received in response to a competitive solicitation.  Certified cost and pricing data is required when the following three criteria are met:

Recently, there has been much discussion around comments made by Katie Arrington, the special assistant to the Assistant Secretary of Defense for Acquisition for Cyber in the Office of the Under Secretary of Acquisition and Sustainment in DoD.  She made the following statement before a roomful of vendors at the PSC meeting in Arlington, VA.

It has been years since the contract period of performance has ended, DCAA has finally concluded their audit or review of your incurred cost proposal, and you have received the final indirect rate letter from DCAA. Now what? By design, the contract closeout process begins in earnest.   Typically, the Administrative Contracting Officer (ACO) is responsible for initiating administrative closeout of the contract after receiving evidence of its physical completion.