In a recent DCAA audit policy, DCAA makes note of the 2013 NDAA (National Defense Authorization Act) which requires DCAA to track requests and contractor responses for internal audits and to ensure that DCAA does not use contractor internal audit reports for any purpose other than evaluating and testing the efficacy of contractor internal controls and the reliability of associated contractor business systems. The reason the NDAA mentions this “limited use” is to diffuse contractor concerns and allegations that DCAA will misuse access to internal audits for so called fishing expeditions.
In DCAA’s audit policy, they first focus on auditor control of internal audits in the same context as all other contractor proprietary information. After disingenuously discussing contractor internal audits in the context of public disclosures, DCAA then gets to the meat of its policy in terms of the “limited use” component of the NDAA. As we have grown to expect, DCAA concludes that its auditors have access to all contractor internal audits:
“The NDAA states that DCAA can use the internal audit reports for evaluating and testing the efficacy of contractor internal controls and the reliability of associated contractor business systems. Therefore, the law not only allows us to use the internal audits to assess the contractor’s business systems; it allows us to use the internal audits to understand the efficiency of the contractor’s internal controls, which we do as part of our risk assessment in every audit.” (with the exception of the “and” in the first sentence, the emphasis has been added).
If DCAA’s objective were to rely on the contractor internal audits, DCAA would hone-in on those with specific relevance to specific audits. Conversely, if DCAA’s objective is a “fishing expedition”, it would want access to every internal audit in search of audit leads or “what went wrong when”. DCAA’s recent audit policy speaks for itself in terms of DCAA’s objectives.
Mike Steen is a Emeritus Advisor with Redstone Government Consulting, Inc. and a specialist in complex compliance issues to include major contractor cost accounting & business system regulations, financial compliance, resolution of DCAA audit issues, Cost Accounting Standards application, litigation support, and claims preparation. Prior to joining Redstone Government Consulting, Mike served in a number of capacities with DCAA for over thirty years, and upon his retirement, he was one of the top seven senior executives with DCAA. Mike Served as a Regional Director for two DCAA regions, and during that time was responsible for audits of approximately $25B and 800 employees. In October 2001, he was selected for the Senior Executive Service and in 2006 he received the Presidential Rank Award. During Mike’s tenure with DCAA, he was involved in conducting or managing a variety of compliance audits, to include cost proposals, billing systems, Cost Accounting Standards, claims, defective pricing, and then-evolving programs such as restructuring, financial capability and agreed-upon procedures. He directly supported the government litigation team on significant contract disputes and has prepared and presented various lectures and seminars to DCAA staff and business community leaders. Since joining Redstone Government Consulting in June 2007, Mike has developed and presented training and seminars on Government Contracts Compliance to NCMA, Federal Publications Seminars and various clients. Mike also is a prolific contributor of written articles to government contracting publications, as well as to our own Government Insights Newsletter. Mike also serves as the director of our training service offerings, with responsibilities for preparing and developing course content as well as instructing our seminars to clients and general audiences throughout the U.S. Mike also serves as a faculty instructor for the Federal Publications Seminars organization. Education Mike has a BS Degree in Business Administration from Wichita State University. He is also a graduate of the DCAA Director’s Fellowship Program in Management, and has a Masters Degree in Administration from Central Michigan University. Mr. Steen also completed a number of OPM’s management and executive development courses.