DCAA Audit Support Redstone Government Consulting

On November 12, 2014, the U.S. Government Accountability Office (GAO) issued its report on the results of its review of DCAA actions to comply with section 832 of the National Defense Authorization Act (NDAA) for Fiscal Year 2013, regarding requests for company internal audit reports.   The purpose of the GAO review was to assess the extent DCAA’s revised guidance “(1) complied with the act, and whether selected requests for company internal audit reports were documented in accordance with requirements, and (2) contains safeguards to help ensure that companies’ internal audit reports are used only for authorized purposes.”

GAO found significant inconsistency and compliance failures in DCAA’s implementation of the revised guidance as well as inadequacies in the guidance itself.  The most significant GAO findings are summarized below:

Documentation of Need:

None of the 8 randomly selected requests for company internal audit reports contained adequate documentation of how the internal audit requested was connected to ongoing DCAA work related to evaluating internal controls or risk assessment and why DCAA access was necessary.

Safeguards Against Unauthorized Use:

The GAO noted that DCAA’s audit policy only addressed physical safeguards which was clearly not the focus of the restrictions (appropriate safeguards) written into section 832 of the 2013 NDAA.  Specifically, the GAO found that DCAA guidance did not include appropriate safeguards and protections to ensure that the internal audit reports are not used for purposes unrelated to evaluating and testing the efficacy of internal controls and the reliability of business systemsas required by the act (emphasis added).   In fact, the GAO found that the DCAA guidance did not provide examples of authorized use or describe or define  unauthorized use.

Stay Tuned!

Redstone’s November newsletter will include more specific information regarding the specific requirements of section 832 of the 2013 NDAA, recent Redstone experience related to DCAA requests for contractor internal audits (including DCAA’s misrepresenting the requirements of section 832), and recommended actions (including alternatives) when a DCAA request for internal audit is received.  

Written by Redstone Team

About Redstone GCI

Redstone GCI is a consulting firm focused on fulfilling the needs of government contractors in all areas of compliance. With a singular mission to help contractors through the multiple layers of “red tape,” we allow contractors to focus on what they do best – support their mission with the U.S. Government. We are home to a group of consultants made up of GovCon industry professionals, CPAs, attorneys, and retired government audit and acquisition professionals.

Our focus and knowledge of audit and compliance functions administered by DCAA and DCMA will always be at the heart of what we do. However, for the past decade, we’ve strategically grown to support other areas of the government contractor back-office with that same level of focus and expertise. We’ve added expertise in contracts management, subcontract administration, proposal pricing, various software systems, HR and employment law, property administration, manufacturing, data analytics/reporting, Grant specialists, M&A, and many other areas. When we see a trend in the needs of contractors, we act to ensure we can provide the best expertise in the market to fulfill those needs.

One thing our clients can be certain of is that with the Redstone GCI Team in your corner, there is no problem too big and no issue too technical for our team to tackle.

Topics: Compliant Accounting Infrastructure, DFARS Business Systems, DCAA Audit Support