RGCI-Control Environment – The Expectations are HugeAs we outlined in Applicability of DFARS Business System Rules to Small Businesses, small businesses are exempt from Cost Accounting Standards and therefore are not subject to the business system rules, based on the requirements for inclusion in the Business System Clauses as set out in DFARS.  DFARS Case 2009-D038 – Defense Federal Acquisition Regulation Supplement; Business Systems-Definition and Administration, final rule issue February 24, 2013 in the Federal Register specifically stated:

“DoD does not expect this rule to have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601, et seq., because contracts and subcontracts with small businesses are exempt from Cost Accounting Standards (CAS) requirements.”

Is DCAA Talking Out of Both Sides of its Mouth?

Apparently disregarding this, the DCAA audit program “Post Award Accounting System Audit at Nonmajor Contractors” clearly states that its purpose and scope is to determine if the contractor is compliant with the accounting system criteria prescribed in DFARS 252.242-7006(c).  The audit program has a section titled “Contracts that Do Not have the DFARS 252.242-7006 Clause” which instructs auditors to apply the DFARS Clause to contractors with no DoD contracts and makes no mention about DoD expectation that small businesses will not be significantly impacted.  Seeing as this can be a self-initiated audit (i.e., no request from the ACO needed) and many of DCAA’s branch offices appear to be looking for work now that the incurred cost back log has been cleared, we believe this will be a new focus area for branch auditors.

Are DCAA Auditors Repeating Contractor Steps?

Now back to the topic at hand.  DCAA’s new Accounting System audit program titled “Compliance with DFARS 252.242-7006 Accounting System Administration Requirements Audit,” for major contractors and non-major contractors with complex accounting systems, has some huge expectations for contractors.  The initial planning meeting with the auditor comes with the delivery of 10 to 12-page fill-in the blank template.  Once the contractor completes all the sections, we have seen these documents exceed 100 pages.  While auditing standards require auditors to document their understanding of internal controls material to the audit they are performing, having the contractor take its knowledge of its own control environment/accounting system and put it into a different format may not accomplish this objective.  Now that the contractor has invested significant time and resources to complete the template, the auditor still has an audit step to get a demonstration – more time and resources.  The audit program also makes it clear that inquiry alone is not enough to obtain an understanding of internal controls, so the auditor is going to perform these additional procedures:

  • inquiries of contractor personnel;
  • observing the application of specific controls;
  • inspecting documents and reports; and
  • performing walk-throughs of the system (including tracing transactions through the various processing steps).

The Control Environment Section

Now the actual detailed fieldwork effort begins covering these major subsections of the control environment section of the audit program:

  1. Communication and Enforcement of Integrity and Ethical Values.
  2. Management’s philosophy and operating style, commitment to competence, and human resource policies and procedures.
  3. Commitment to Competence and Human Resource Policies and Procedures.
  4. Organizational Structure/Assignment of Authority and Responsibility.
  5. Participation of those charged with governance.

We are optimistic that, if a contractor must go down this road, DCAA will invest the necessary resources to accomplish the audits in a timely fashion.  Hopefully history will not repeat itself and these audits will not languish taking years and require retesting to support a current audit opinion.

Reducing Time & Effort in Auditing

Auditors cannot simply rely on the work of others (i.e. internal and external auditors) and must form their own opinion on system controls.  However, based on risk, the DCAA auditors should be able to use the procedures of other auditors and technical specialists (e.g. IT, External Consultants, et al.) to focus and limit the procedures the DCAA auditors will have to perform.  A huge problem with historical DCAA approaches to systems audits has been the repetitive, over-testing of system controls and procedures that the contractor themselves has already invested significant time and effort to evaluating for their own purposes.

In the end, if the audit gets completed, the contractor and Government should have a common understanding of the systems and processes in place to demonstrate the contractor is responsible and data developed by the system can be relied on.  This common understanding of an approved accounting system will hopefully be the basis for future reductions in audit oversight and the foundation of recurring system audits that do not require a complete bottoms-up audit.

Redstone’s DCAA Audit Training & Consulting

Redstone GCI assists contractors throughout the U.S. and internationally with developing policies and procedures designed to withstand audit scrutiny, performing systems assessments, and providing support during business systems audits performed by the Government.  Additionally, we can augment internal risk assessments, internal audit and self-reviews you are performing to enhance compliance with your contractual obligations.

Contact Us for a Consultation

Written by John C. Shire

John C. Shire John is a Director with Redstone Government Consulting, Inc. providing government contract consulting services to our clients primarily related to the DFARS business systems, CAS Disclosure Statements, and DCAA/DCMA compliance preparation, advisory, and defense. Prior to joining Redstone Government Consulting, John served in a number of capacities with DCAA/DCMA for more than 30 years. Upon his retirement, he was based in Texas as an SES-level Corporate Audit Director for DCAA, managing a staff of 300 auditors at one of the largest DOD programs. Professional Experience John began his career in the late 80s working in the Clearwater, FL audit office and over the next three decades he progressed through a number of positions within both DCAA and DCMA with career highlights as DCAA Program Manager at Ft. Belvoir, Chief of Technical Programs Division, Deputy Assistant Director-Policy, Director of the DCMA Cost and Pricing Center, the SES-level Lockheed Martin Corporate Audit Director, and Director of Integrity and Quality Assurance. John’s three decades of experience in performing and leading DCAA auditors and DCMA reviewers provides a wealth of expertise to our clients. John’s role, not only in the performance of audits, but also in the development of audit policy affords him unique insights into the defense of audit findings and the linkage of audit program steps to the underlying regulatory framework. He is an expert in FAR, DFARS, and other agency acquisition regulation, as well as a subject matter expert in the Cost Accounting Standards having reviewed and provided audit feedback on many of the largest and most complex cost accounting practices during his tenure with the DCAA. John’s tenure with DCAA and DCMA came at a critical time during each agency’s history where a number of changes were occurring such as the response to the ICS backlog, development of audit approaches to the DFARS Business Systems and implementation of new audit initiatives as a result of Congressional oversight through the NDAA process. John’s leadership at the DCMA Cost & Pricing center saw oversight of all major DOD pricing actions, leadership of should cost review teams, the Commercial Pricing group and many other areas of strategic value to our clients. His involvement in these and other Agency initiatives is of great value to our clients due to his in depth understanding of DCAA and DCMA’s internal policy directives. Education John holds a Master of Business Administration and a B.A. in Accounting from the University of South Florida. Certifications Certified Information Systems Auditor

About Redstone GCI

Redstone Government Consultants are a team of the most senior industry veterans and the brightest new talent in the industry. Many have held senior government positions including leadership roles in the DCAA. Our new talents bring significant accounting and software experience along with fresh perspectives, inspiration and energy to our team. Through our leadership and combined experience, we provide a unique perspective, bringing both government and contractor proficiencies to bear and ensuring rock-solid government compliance for our clients.

Topics: Compliant Accounting Infrastructure, DCAA Audit Support