As a follow-up to a brief article in our February Newsletter which noted the February 4, 2015 disposition of a business systems proposed rule, “closed without further action”, it’s critical for government contractors to recognize that the proposal would have just added to an existing rule; however, what remains is far more substantial than the proposed changes.
Let’s briefly revisit the proposed changes, the proposed rule (D2012-D042) would have added requirements for contractor certifications and for initial and then triennial independent CPA audits of contractor compliance with three of six systems (Accounting, Estimating, and MMAS/Material Management and Accounting System). “Still standing” is the proverbial elephant in the room (the existing rule) to which the proposed rule would have added an ill-fitting tutu and a yellow umbrella. The overwhelming content was and still is within the pre-existing rule including the DFARS administrative clause, 252-242-7005, and the individual clauses which list the compliance criteria for each of the six business systems. With or without the proposed rule, contractors subject to the rule are required to be compliant with the applicable rules and more importantly, to demonstrate compliance when faced with a comprehensive system review (e.g. CPSR performed by DCMA) or as secondarily demonstrated in application to effected procedures and submissions to the government. As an example, a contractor’s bid proposal in response to a government solicitation will be reviewed or audited primarily as a prelude to negotiating a contract price; however, the government review or audit could incidentally identify business systems deficiencies as a by-product of the bid proposal review or audit. In many cases, a contractor bid proposal will expose three systems to secondary oversight; most obvious, the estimating system, but potentially purchasing or accounting as well, assuming a contractor’s basis for estimates involves procurement files or accounting records.
In fact, for the three systems which would have been subjected to new requirements had the proposed rule survived, all are evaluated by DCAA audits in contrast to the other three that are evaluated by DCMA reviews. Therein is a clear and present danger to government contractors to the extent that DCAA’s former director (Pat Fitzgerald) stated that “DCAA is focusing on identifying business system deficiencies during ongoing audits (e.g. proposal and incurred cost, etc.). Mr. Fitzgerald’s statement is reinforced by DCAA’s “Deficiency Report” audit program (11090) which is “to prepare and issue an audit report on deficiencies/instances of noncompliance with the DFARS criteria in a contractor business system after they are identified in an audit other than business system audit”. Although DCAA’s Annual Program Plan for Fiscal Year 2015 indicates that DCAA does not have the resources to perform business systems audits, that Program Plan indicates that DCAA’s top two priorities are forward pricing audits (bid proposals and/or forward pricing rate proposals) and the indirect cost proposal backlog. Not so coincidentally, DCAA’s top priorities are the two “other than business systems audits” given as examples in Mr. Fitzgerald’s statement related to deficiency reports.
Finally, the pre-existing business systems rules and the system specific compliance criteria have been embraced by DCAA regardless of the applicability of the business systems rule to a particular contract or contractor. This was initially evidenced when DCAA auditors identified “significant deficiencies” while auditing contractor incurred cost proposals which pre-date the May 18, 2011 rule. Although the evidentiary matter (contractor records) clearly pre-dated any possible application of the May 2011 business systems criteria, DCAA cited that criteria in its deficiency reports. DCAA is on the same path within its Accounting Business System audit program, which states that even for contractors who are not contractually required to comply with the DFARS criteria, “nevertheless, the DFARS criteria are suitable standards to use in determining the acceptability of any Government contractor’s system for accumulation and billing of costs under Government contractors”. In other words, if a contractor is subject to contract audits by DCAA, that contractor is expected to comply with regulatory criteria which may or may not be contractually required.
In the context of the quiet death of the proposed rule (2012-D042; more accurately the proposed change to an existing rule), contractors may have won the battle but lost the war. At the very least, there are no peace talks past, present or future with respect to contractors or contracting officers with DCAA and its intentions to find and report at least some of the alleged significant deficiencies. After all, contractor business systems are purportedly the first line of defense against fraud, waste and abuse whether or not DCAA can ever devise a comprehensive strategy for auditing contractors for compliance.
And one last parting comment, although auditing standards implicate gaining an understanding of business systems internal controls in part to rely on those controls to reduce audit resources, as long as DCAA never really performs a business system (internal control) audit, DCAA will never use contractor business systems to reduce DCAA’s audit scope on other audits. Nothing like compounding DCAA’s shortage of audit resources by failing to prioritize audits which could make other audits more efficient.
Mike Steen is a Emeritus Advisor with Redstone Government Consulting, Inc. and a specialist in complex compliance issues to include major contractor cost accounting & business system regulations, financial compliance, resolution of DCAA audit issues, Cost Accounting Standards application, litigation support, and claims preparation. Prior to joining Redstone Government Consulting, Mike served in a number of capacities with DCAA for over thirty years, and upon his retirement, he was one of the top seven senior executives with DCAA. Mike Served as a Regional Director for two DCAA regions, and during that time was responsible for audits of approximately $25B and 800 employees. In October 2001, he was selected for the Senior Executive Service and in 2006 he received the Presidential Rank Award. During Mike’s tenure with DCAA, he was involved in conducting or managing a variety of compliance audits, to include cost proposals, billing systems, Cost Accounting Standards, claims, defective pricing, and then-evolving programs such as restructuring, financial capability and agreed-upon procedures. He directly supported the government litigation team on significant contract disputes and has prepared and presented various lectures and seminars to DCAA staff and business community leaders. Since joining Redstone Government Consulting in June 2007, Mike has developed and presented training and seminars on Government Contracts Compliance to NCMA, Federal Publications Seminars and various clients. Mike also is a prolific contributor of written articles to government contracting publications, as well as to our own Government Insights Newsletter. Mike also serves as the director of our training service offerings, with responsibilities for preparing and developing course content as well as instructing our seminars to clients and general audiences throughout the U.S. Mike also serves as a faculty instructor for the Federal Publications Seminars organization. Education Mike has a BS Degree in Business Administration from Wichita State University. He is also a graduate of the DCAA Director’s Fellowship Program in Management, and has a Masters Degree in Administration from Central Michigan University. Mr. Steen also completed a number of OPM’s management and executive development courses.