DCAA has had MMAS (Material Management and Accounting System) audit cognizance or review responsibility for DOD contractors since the advent of the DFARS Business Systems Rule in 2012. DCAA’s scope of audit is to determine if a contractor’s MMAS complies with the ten criteria or standards set forth in DFARS 252.242.7004.
It appears on the surface that an MMAS audit is just like any other audit in that the auditor requests MMAS related information for review and analysis and if necessary reports deficiencies on an exception basis. Unlike other audits, though, DCAA does not or is not supposed to provide data or information requests during the conduct of the audit so that it can make an assessment of the contractor’s MMAS. Rather the contractor must “demonstrate” its compliance with the ten MMAS criteria by making an initial presentation of activities it performs that meet the governmental requirements.
In addition the contractor must provide documentation at the time of the initial presentation that supports its contentions. DCAA then verifies or validates the veracity of the provided documentation. This process really hasn’t changed since 1989 with the Government’s implementation of the ten MMAS Key Standards which have always focused on explicit requirements for a contractor to demonstrate its compliance with each of the ten standards (now the ten system criteria) which was the Government’s approach to defining expectations for MRP (Material Requirements Planning) software which began arriving around the early 1970s. The primary difference today is the DFARS Business Systems Rule’s rigid withhold requirements due to alleged contractor non-compliant systems.
However, our recent observations at Redstone indicate that DCAA is approaching these audits differently than in the past. The first fundamental difference is that DCAA appears to be performing these audits more in line with all of its other audits. In other words migrating away from an audit that focuses on verification and validation of contractor demonstrations of compliance to the more traditional approach of data request and review or analysis with little or no reliance upon contractor compliance presentations. In the opinion of this writer this indicates that DCAA doesn’t believe the contractor has the ability to satisfactorily demonstrate its compliance. Rather the auditor must begin the audit in a detection mode to disclose what DCAA believes are the “obvious inherent” deficiencies in every contractor MMAS.
But maybe the most pronounced fundamental difference is that DCAA Headquarters Management doesn’t appear to have confidence that its field auditors can competently perform this type of review. Where in the past the responsibility for the audit rested with the local field audit office, DCAA has established the “Uber MMAS Audit Team” obviously comprised of DCAA “Wunderkind” and managed by DCAA Headquarters itself. Furthermore, these Super Audits can last up to several years and incur thousands of hours (which isn’t exactly unique to the MMAS audits).
So, this blog writer, who is a former DCAA Supervisor and Manager who participated in numerous MMAS audits where both the field auditor and the contractor were provided an element of trust and perception of competence, wants to know if the American taxpayer whose interests DCAA purports to protect is really receiving value-added services? Or is this just one more DCAA audit where the pre-designed audit program assumes the worst, thus inclusive of steps which should never be considered if only the audit had been properly focused on the contractor’s demonstration?