The question of when and how DCAA will again perform audits for non-DoD agencies remains open, irrespective of that agency’s proposed reauthorization by the FY 2017 National Defense Authorization Act (NDAA). When, because among other things we have not yet seen final passage of the FY 2017 NDAA. And how, because we wonder if non-DoD agencies will allow DCAA to follow their own internal guidance for selection of annual incurred cost submissions for audit (or more controversial, those deemed low-risk and not audited). Of course, selection of submissions to be audited is not entirely at DCAA’s discretion since non-DoD audits are requested and funded by the non-DOD agency. However, once requested, DCAA may or may not reject requests based upon factors to include risk and dollar thresholds. From a budgetary and funding standpoint, since all non-DoD audits are subject to reimbursable funding to DCAA, it doesn’t make sense to reject any non-DOD requests for audit(s). But, for discussion purposes, let’s assume DCAA honors all requests without any limitations.
The key question is: will non-DoD agencies send requests to DCAA if they have other options? If allowed to do so, why wouldn’t these agencies use non-Government auditors if said auditors are less costly than DCAA, and if they can perform GAGAS-compliant audits at a much faster (and predictable) pace?
Let’s assume that these non-DOD Agencies are headed up by prudent business persons and will request audits by external auditors as the Department of Energy and NASA have. What should you, as a Government contractor, expect? To answer, I’ll use our experience at Redstone GCI. You should expect the external auditors to perform the audits much like a DCAA auditor. They will adhere to the same audit standards, GAGAS, to include, among other things, independence, working paper documentation, adequate supervision, reporting standards and even continuing education requirements. External entities will develop guidance, direction, and audit programs that will most likely follow DCAA’s publicly accessible guidance (regulatory interpretations as well as direction to its auditors). Most importantly, the auditors will ensure that contractor submissions meet and comply with all Government requirements to include FAR, CAS, and any internal agency’s supplemental direction.
What will the primary difference be between DCAA audits and those performed by external parties? Speed. These audits will be completed without a “start and stop” mentality that impacts many DCAA audits. In other words, work on the audit for a day and leave and not return for several weeks, over and over again. This “DCAA model” is an inefficient and ultimately cost prohibitive methodology which will not be used by others whose audit engagements are often fixed price. Although external audits are required to have an adequate risk assessment, you will not see the auditors hamstrung with burdensome and overly complex systems of assessment, which add very little to an audit, but manage to suck up the majority of available hours and elapsed days.
However, you should not expect these audits to be any easier or require less time to support if there are legitimate challenges to your claimed costs. Rather, you should see a more effective and efficient use of your time as well as the auditors; however, in some cases that will mean more timely notification of a cost allowability issue.
I referred earlier to our experience at Redstone. We have prepared for and have performed GAGAS and IIA compliant audits and reviews based on Agreed Upon Procedures. Our staff includes both former DCAA and Independent Party Auditors. Most are CPAs who meet all continuing education requirements by their various state boards of accountancy and are subject to peer review and Federal Government requirements. Lastly, although Redstone’s history primarily consists of quality consulting engagements, we stand ready to demonstrate our audit independence and our avoidance of conflicts of interest, not only by perception but also in fact.