DCAA Pulls Back the Curtains
DCAA auditors have been given the green light to access the internal audit reports of contractors. The Government Accountability Office (GAO) issued report GAO-12-88 in December 2011 stating that “DCAA’s access to and use of internal audit information from reports and workpapers is limited.” The GAO report recommended that “DCAA take steps to facilitate access to internal audits.”
As a result, the DCAA issued Memorandum for Regional Directors (MRD) 12-PPS-019(R) on August 14, 2012. The guidance sets forth criteria for accessing internal audit reports during audits of major and non-major contractors. For major contractors, the DCAA must establish “a central point of contact” to monitor the internal audit reports of the contractor and determine those that need to be reviewed. For non-major contractors, a formal tracking process and central point of contract is not mandatory. The revised audit procedures for DCAA auditors to follow have been updated and documented in DCAA Contract Audit Manual (CAM) Section 4-202. The criteria for major contractors is located in CAM 4-202c(1) and (2); and the criteria for non-major contractors is located in CAM 4-202c(3). It is important to note that for non-major contractors internal audit reports will be requested “when warranted by audit circumstances.”
Contractors should continue to perform internal audits when they are able and where necessary. The associated internal audit reports should be thoroughly documented. Contractors should keep an exhaustive list of all “finalized” internal audit reports with a summary description of each item to provide to the FAO, if it is requested. An enhancement to the current process we would suggest would be for all reports to be kept in a “draft” status, unless otherwise required, to limit external access to the report. Reports which are to be made final should be reviewed by internal counsel and/or external counsel or consultants with government contracting experience, in addition to the current internal review process by company management. This additional level of review will attempt to provide a reasonable level of comfort that the information provided to the FAO is current, accurate, complete, and limits the company’s financial exposure.
The MRD noted above also provides guidance to DCAA auditors when access to contractor internal audit reports is denied by the contractor. If the Field Audit Officer (FAO), Administrative Contracting Officer (ACO), and DCAA regional office personnel are not able to resolve the issue with the contractor the DCAA “Regional Director should review the matter and determine if a subpoena should be requested.”
To add to the DCAA authority, the National Defense Authorization Act (NDAA) for 2013 Section 843 issues guidance to ensure the DCAA “has sufficient access to contractor internal audit reports,” and accordingly “refusal of a contractor to permit access to contractor internal audit reports…is a basis for disapproving the contractor business system.” As we have discussed in a previous blog, the penalties for not having an approved business system can have serious future contract, cash flow, and going concern implications.
I would like to point out that the GAO recommendations, DCAA audit guidance, and the NDAA, only instruct DCAA auditors to request and be given access to the internal audit reports. There is no requirement that all, or even a portion, of the provided reports be used in the DCAA audit. The FAO will evaluate the reports they are provided, and working with the contractors internal staff that generated the report(s), determine the best use of the report and any supporting workpapers.
Contractors should continue to perform internal audits when they are able and where necessary. The associated internal audit reports should be thoroughly documented. Contractors should keep an exhaustive list of all “finalized” internal audit reports with a summary description of each item to provide to the FAO, if it is requested. An enhancement to the current process we would suggest would be for all reports to be kept in a “draft” status, unless otherwise required, to limit external access to the report. Reports which are to be made final should be reviewed by internal counsel and/or external counsel or consultants with government contracting experience, in addition to the current internal review process by company management. This additional level of review will attempt to provide a reasonable level of comfort that the information provided to the FAO is current, accurate, complete, and limits the company’s financial exposure.
Please contact Brian Bender at (301)222-8273 or bmbender@aronsonllc.com for questions or assistance with your Federal Government compliance issues.
Aronson Contributors
Categories
Popular Tags
Blog Roll
Popular Posts
What We Are Writing
- A Marriage of Inconvenience: GSA Schedule Contracts & The Contractor Code of Business Ethics & Conduct Clause
- Emerging Small Businesses: To Grow Your Business, You Must Plan For Growth
- Government Contracting: Look Before You Leap!
- GSA Schedules – Strategies for Success
- New Employee vs. Independent Contractor Considerations
- Pay on Display – Understanding the Executive Compensation and Subcontractor Data Reporting Requirements & Ramifications
- The GSA Schedule: Your Ticket to the Federal Market (May 2010)
- The New FAR Codes of Conduct and Compliance Program Provisions
- The Seven Deadly Sins (of contract compliance)