RGCI - Why are Policies and Procedures so Important for Government Contractors

Well – besides being the first thing your friendly DCAA auditor will ask you for, they should be something your employees use and rely on daily. The last thing you want is one of your employees telling an auditor they have never seen or read the company’s policies and procedures. The joy that will come across the auditor’s face will be truly shocking – and – the sadness that will come across your face when the Business System Deficiency Reports start to arrive, requiring endless responses and corrective action plans, will be just as shocking. This fairytale has no happy ending, at least not for you and your company – just a drain on your resources and more audit oversight.

Policies vs. Procedures

Before we get too far into this subject, I want to discuss the difference between a policy and a procedure.

A policy is usually a higher-level document outlining specific expectations – dare I say internal controls (yes, the rules). For example, an Accounts Payable Policy should require a three-way match before a vendor invoice is paid. The matching of the invoice received from the vendor to the purchase order from the procurement department and then to the receiving documentation from the receiving department.

There should be a structured process for reviewing and updating policies, including management approval. This is because the critical controls within the policy allow management to rely on the data within its systems and ensure company operations are being performed as expected.

A procedure is likely to be more task-specific regarding how an employee accomplishes a function supporting the controls within a policy. For example, the receiving department would have a procedure that all items that come across the receiving dock are opened, inspected, counted, and verified to the vendor’s packing documents, and then enter the results into the receiving system before moving the items to inventory.

When it comes to reviewing and updating procedures, that should be left to the department responsible for the tasks and functions outlined in the procedures, with only departmental management approval needed to make a change. Allowing the department the freedom to change procedures allows for creativity and increased efficiency and effectiveness. Procedures often become outdated and not relied on daily when the department is not empowered to maintain its procedures.

The DCAA Viewpoint

Without a written set of rules, no system of internal controls can possibly function. Besides, almost every audit program DCAA has includes at least one preliminary step to review the contractor’s policies and procedures. An auditor is required to understand the contractor’s systems and controls to appropriately develop audit procedures to arrive at an opinion on the subject matter of the audit – whether that be a price proposal, incurred cost submission, or business system. DCAA has historically struggled with this requirement, but that is a problem for DCAA to resolve. In my opinion, much of the struggle comes down to DCAA auditors with little to no general business knowledge. That said – if your policies and procedures have enough detail – meat on the bone – it should be a benefit to both you and DCAA.

So, Why Should Policies and Procedures be Important to You?

Besides the potential benefits of getting you through an audit – let’s see.

Have you ever had a new employee join your team? Having a good set of procedures outlining the tasks and functions that the employee will be performing will go a long way to helping that employee become fully functioning in their new position. Of course, on-the-job training and your mentorship will still be necessary. However, a good set of procedures should significantly reduce the number and frequency of questions.

Have you ever had to justify the staffing level of your department? Having policies that tie to contract compliance requirements (e.g., an adequate accounting system for supporting cost-type contracts) will likely make this a more accessible and productive discussion for you.

At the end of the day, all companies need to have a control structure in place – regardless of whether it is a requirement within their Government contracts. Policies and procedures are the backbone of your control structure, providing the established expectations (i.e., internal controls) to ensure the company operates efficiently and effectively.

What about for a Small Business?

A one-person band does not need policies and procedures – Right?

While critical controls like segregation of duties are complicated, if not impossible, to demonstrate, it is still essential to have a minimum set of policies outlining the compliance requirements of your Government contracts. This gives the poor band leader a clear understanding of everything that must be accomplished – even if it will be overwhelming. A small business getting its first cost-type Government contract needs to know the requirements and look for opportunities to outsource essential requirements – until it is appropriate to grow its internal staff.

So, How can Redstone help?

Redstone GCI has policy templates that a company can easily tailor. Redstone GCI can assess your current policies and procedures to identify gaps and assist with corrective actions. Redstone GCI also has compliance, accounting, purchasing, and subcontract management staff that can augment your team as your requirements expand with the growth of your government business.

Our Takeaway

The benefits of policies and procedures far outweigh the cost of implementing and maintaining them. Redstone GCI assists contractors throughout the U.S. and internationally with understanding the Government’s requirements and implementing adequate systems, including the necessary policies and procedures. We would be happy to be part of your team.

Learn More About Our Learning Management System Courses

Written by John C. Shire, CPA

John C. Shire, CPA John is a Director with Redstone Government Consulting, Inc. providing government contract consulting services to our clients primarily related to the DFARS business systems, CAS Disclosure Statements, and DCAA/DCMA compliance preparation, advisory, and defense. Prior to joining Redstone Government Consulting, John served in a number of capacities with DCAA/DCMA for more than 30 years. Upon his retirement, he was based in Texas as an SES-level Corporate Audit Director for DCAA, managing a staff of 300 auditors at one of the largest DOD programs. Professional Experience John began his career in the late 80s working in the Clearwater, FL audit office and over the next three decades he progressed through a number of positions within both DCAA and DCMA with career highlights as DCAA Program Manager at Ft. Belvoir, Chief of Technical Programs Division, Deputy Assistant Director-Policy, Director of the DCMA Cost and Pricing Center, the SES-level Lockheed Martin Corporate Audit Director, and Director of Integrity and Quality Assurance. John’s three decades of experience in performing and leading DCAA auditors and DCMA reviewers provides a wealth of expertise to our clients. John’s role, not only in the performance of audits, but also in the development of audit policy affords him unique insights into the defense of audit findings and the linkage of audit program steps to the underlying regulatory framework. He is an expert in FAR, DFARS, and other agency acquisition regulation, as well as a subject matter expert in the Cost Accounting Standards having reviewed and provided audit feedback on many of the largest and most complex cost accounting practices during his tenure with the DCAA. John’s tenure with DCAA and DCMA came at a critical time during each agency’s history where a number of changes were occurring such as the response to the ICS backlog, development of audit approaches to the DFARS Business Systems and implementation of new audit initiatives as a result of Congressional oversight through the NDAA process. John’s leadership at the DCMA Cost & Pricing center saw oversight of all major DOD pricing actions, leadership of should cost review teams, the Commercial Pricing group and many other areas of strategic value to our clients. His involvement in these and other Agency initiatives is of great value to our clients due to his in depth understanding of DCAA and DCMA’s internal policy directives. Education John holds a Master of Business Administration and a B.A. in Accounting from the University of South Florida. Certifications Certified Information Systems Auditor State of Alabama Certified Public Accountant

About Redstone GCI

Redstone GCI is a consulting firm focused on fulfilling the needs of government contractors in all areas of compliance. With a singular mission to help contractors through the multiple layers of “red tape,” we allow contractors to focus on what they do best – support their mission with the U.S. Government. We are home to a group of consultants made up of GovCon industry professionals, CPAs, attorneys, and retired government audit and acquisition professionals.

Our focus and knowledge of audit and compliance functions administered by DCAA and DCMA will always be at the heart of what we do. However, for the past decade, we’ve strategically grown to support other areas of the government contractor back-office with that same level of focus and expertise. We’ve added expertise in contracts management, subcontract administration, proposal pricing, various software systems, HR and employment law, property administration, manufacturing, data analytics/reporting, Grant specialists, M&A, and many other areas. When we see a trend in the needs of contractors, we act to ensure we can provide the best expertise in the market to fulfill those needs.

One thing our clients can be certain of is that with the Redstone GCI Team in your corner, there is no problem too big and no issue too technical for our team to tackle.

Topics: Contracts & Subcontracts Administration, Government Regulations, Federal Acquisition Regulation (FAR)