DCAA audits have not stopped during this COVID-19 era; and, nor should contractors’ adherence to and maintenance of associated compliance programs. Our Experts compiled keys for success when you are facing your next DCAA Audit.
We invite you to watch the video below with Craig Stetson and Brian Gallagher from Capital Edge Consulting, Inc. as they discuss the essentials when facing your next DCAA Audit. Scroll below to read in full our thought leadership overview.
DCAA Audits – Considerations for Success Introduction
Transparency of the contracting process in the current government contract regulatory compliance environment remains of considerable importance and a key requirement that contractors should seriously consider. There is no indication of a decline in the level of diligence required when dealing in federal government contracts.
Perhaps, a heightened level is a prudent expectation considering the amount of money (trillions of dollars) the U.S government is doling out to keep the economy and federal contracting machine up and running during the COVID-19 national emergency situation we all have been experiencing for several months.
The public transparency and visibility associated with performing under government contracts directly affects government contractors’ compliance regimes and reaches to many aspects; including, e.g.:
- Cost accounting and allocation practices;
- Cost allowability;
- Business systems documentation and internal controls;
- Procurement and supply chain administration and management;
- Financial and other reporting requirements to the government; and,
- Potential mandatory disclosure obligations.
This ongoing, and heightened, focus on contractor transparency requires contractors to maintain a high level of accountability and responsibility to enable them to adequately address the relevant government contract compliance requirements, and, also potentially introduces a new level of diligence in support of related government audits.
The Defense Contract Audit Agency (DCAA) is the primary entity that performs audits on behalf of the federal government. It is, and always was, critical for government contractors to adequately plan and prepare for these audits to reduce compliance and audit risk as well as increase the likelihood of achieving a successful audit outcome.
Also, and importantly, the DCAA remains active and continues to perform their audit responsibilities despite the current work-at-home directives that many companies and government agencies are required or strongly encouraged to comply with. In other words, DCAA audits have not stopped during this COVID-19 era; and, nor should contractors’ adherence to and maintenance of associated compliance programs.
This paper addresses several key factors or leading practices that i) are critical to incorporate into the DCAA audit process; ii) will mitigate associated risk; and, iii) will enhance the opportunity for a successful outcome.
Defining Successful DCAA audits
Successful DCAA audits may be defined differently depending on the specific contractor objectives; however, traditional objectives of any ‘successful’ audit should include:
- Receipt of a final written audit report that is accurate, objective and complete;
- Performance in an efficient manner with minimal disruption to contractors’ daily operations;
- Frequent communication throughout the process with no significant items reported in the audit report that the contractor was not previously aware of; and,
- Performance by the DCAA within the bounds of the corresponding audit scope.
Achieving these objectives during the COVID-19 situation and while DCAA audits are performed on a virtual or remote basis may be challenging and require a higher level of discipline on both sides. Providing the DCAA with timely access to requested information and contractor personnel to the maximum extent practical is of upmost importance when supporting audits on a virtual or remote basis.
The DCAA recognized these challenges and issued a Memorandum for Regional Directors instructing auditors on situations when issuance of qualified audit opinions is appropriate due to scope limitations arising from limited access to contractor records or personnel.
Memorandum for Regional Directors (April 10, 2020) – “Audit Alert on Limited Contractor Access Due to Coronavirus Disease (COVID-19)”
Nonetheless, the above objectives themselves remain achievable and a reasonable approach to managing and completing audits with the DCAA and minimizing the result of qualified audit opinions.
Analysis of Key Factors
1. Working Knowledge of Audit Objectives and Guidance
(Pre Audit Activity) – The DCAA conducts many types of audits, including:
- Price proposal,
- Forward pricing rate proposal,
- Incurred cost proposal (ICP),
- Business systems adequacy,
- Post award (defective pricing),
- Cost Accounting Standards compliance, and many more.
It is very important to understand, prior to initiation of the audit, the applicable audit scope and related audit procedures that DCAA auditors are supposed to perform. Knowing these audit objectives will assist in the overall preparation process, identification of required functional personnel and gathering of applicable supporting information and documentation. Equally important is knowledge regarding the standard audit protocols or ‘rules of engagement’ the DCAA are supposed to follow.
Key sources that the DCAA uses to obtain guidance and instruction to perform their audits
There are several sources that the DCAA uses to obtain guidance and instruction to perform their audits. Contractors should review and be familiar with this information to effectively monitor if the audit is being performed in accordance with the DCAA’s own internal guidance and requirements. Relevant information that is publicly available on the DCAA’s web site (www.dcaa.mil) include:
- The DCAA Contract Audit Manual (DCAM)
- Memorandum for Regional Directors (MRD) – audit guidance issued periodically from DCAA headquarters to the regions
- Standard Audit Programs – specific audit steps and procedures related to a variety of audit types
- Adequacy Checklists – submitted in conjunction with various proposals
- Selected Area of Cost Guidebook: FAR 31.205 Cost Principles
- Federal Acquisition Regulation
- Defense Federal Acquisition Regulation Supplement
- Cost Accounting Standards
2. Internal Assessment
(Pre Audit Activity) – It is frequently advantageous to conduct an internal self-assessment regarding conformance with the particular audit objectives and scope to identify if deficiencies or potential findings exist. It is always better to know ahead of the audit if problems are foreseeable; then, corrective action or remediation efforts could be undertaken prior to the audit to avoid or mitigate adverse audit findings.
The nature of the audit may significantly determine the level of effort required to conduct the internal assessment. For example, an upcoming business system audit or CPSR (Contractor Purchasing System Review) likely will entail a significant amount of effort to perform an adequate gap analysis and risk assessment to identify system design or operating effectiveness issues. However, it is generally better to commit the resources in advance of the audit and fix and noted deficiencies; rather than, fail the audit and receive an inadequate business system determination by the government.
3. Communication Protocols
(Pre / During / Post Audit Activity) – Unfavorable or inaccurate audit conclusions are frequently the result of poor communication between the auditor and the contractor. To reduce this risk, it is highly recommended that established communication procedures and schedules (at least tentative) be developed where both parties can actively and effectively communicate audit objectives, challenges, progress and results.
Participation in these communications and status briefings should be agreed upon upfront and adhered to by both parties. The DCAA is required to conduct an entrance and encouraged to provide interim and exist conferences pursuant to their audit guidance (DCAM 4-300).
Insist on a thorough entrance conference to obtain an understanding of:
- The audit objectives, scope and procedures;
- Anticipated timeline;
- Internal resources required;
- Types of data and information required; and
- Any foreseen challenges known at that time (e.g., unavailable personnel, remote site access or visits, availability and retrieval of records, etc.).
The audit scope and focus areas should be clearly identified with discrete elements or items for which the auditor will have access and the contractor responsibility to support.
The interim conferences are equally or more important than the entrance conference as the interim conferences provide exchange of information between the auditor and the contractor regarding progress of the audit, problems or challenges encountered, findings and issues, open items and remaining effort and completion requirements.
Initial audit findings should be provided by the auditor and contractors should obtain the auditor’s rationale to allow internal assessment as to merit. These discussions also provide the contractor an opportunity to manage the audit process to ensure the auditor is not exceeding the overall scope and objectives (defined above in the entrance conference).
Insist on a thorough exit conference to discuss and understand all audit findings. Contractor management and applicable functional personnel and the DCAA supervisor should attend the exit conference.
Prior to the meeting, carefully review the draft report and seek clarifications as needed. The draft audit report should be reviewed internally at all applicable levels that were involved in the audit. Lastly, ensure the findings are accurate and clearly articulated and request that your responses to the specific audit findings be incorporated in the final audit report.
In addition to communication with the government, it is important to effectively communicate internally to ensure audit objectives are:
- Understood by the team;
- Appropriate resources are identified and committed to support the audit;
- Specific responsibilities are defined and carried out; and
- Management is aware of the overall internal plan to perform and complete the audit.
To reduce the risk of misunderstanding, misinterpretation and memory loss it is very important to document all formal communications, status meetings, conferences, etc. This documentation should be developed by a single source within the contractor and summarized in a meeting minutes format, then subsequently provided to all in attendance. This procedure will minimize the risk of significant or unknown items finding their way into the final audit report without the contractors’ prior knowledge (one of the objectives to achieve a ‘successful’ audit).
4. Point of Contact and Management Team (Pre Audit Activity)
In support of maintaining effective communication protocols and to efficiently support the audit process, it is critical to engage the appropriate contractor personnel early. Identification of these resources should become better defined at the conclusion of the entrance conference as audit scope, objectives and requirements are better understood.
Designated Point of Contact
An internal point of contact should be established to liaise or coordinate with the auditor. A single source to act as the conduit between the auditor and the contractor will streamline and improve efficiency of the overall process. This will, in turn, improve responsiveness (always important). This is an important role as the responsibilities of this position typically include:
- Receiving and documenting requests from the auditor;
- Delegating these requests appropriately within the organization;
- Coordinating internally on progress and turn-around;
- Communicating with the auditor; and,
- Facilitating the entire audit process.
The person selected for this role should have adequate knowledge of the contractor’s operations, know what internal resources are best suited to address audit requests, maintain an adequate level within the organization to gather timely responses and maintain an overall awareness of the DCAA and their objectives and procedures.
Management and Supporting Team
Upon conclusion of the entrance conference, it should be known what functional disciplines and / or specific personnel will be required to support the audit. Management should assemble the team, contact applicable personnel, brief them on the upcoming audit and inform them what their specific purpose and responsibilities will be. It should be stressed that responsiveness is important (three days currently is the DCAA expectation) and communications should be conducted in a professional manner.
5. Documentation and Access to Records(During Audit Activity) –
A complete list of requested and provided documents should be maintained throughout the audit. This list should also describe in adequate detail the nature and content of what was requested and provided, who provided it and when. Likely, this list would be maintained by the designated internal point of contact.
This procedure is important for obvious reasons; however, should during the course of the audit the DCAA challenges the sufficiency or completeness of the documentation provided, it will be helpful to review this list to demonstrate to the auditor.
Additionally, a complete list of interviews or discussions between the auditor and contractor personnel should be maintained – again, likely by the internal point of contact.
Federal Acquisition Regulation (FAR) Part 4 should be reviewed to determine what records are required to be retained by a contractor and for how long. The retention period is not the same for all types of records. If a particular record is requested by the auditor for which there is not regulatory or internal company policy to do so, then the auditor should be informed accordingly.
Finally, the use of electronic formats of original documents for record-keeping and audit purposes is an acceptable procedure provided certain document imaging requirements are adhered to in accordance with FAR Part 4.
Government contractors have long had to deal with DCAA audits and are required to grant the government access to records under the terms of applicable contracts or solicitations. The keys to achieving a successful audit center on adequate knowledge of the DCAA objectives and procedures, effective communication procedures throughout the process, detailed and effective record retention practices and coordination of all relevant personnel in support of the audit.
The current COVID-19 environment and dealing with DCAA audits have not marginalized contractors’ overall preparation and management of these audits; rather, conversely, may serve to increase the level of diligence required to overcome the inherent challenges within the current DCAA audit process.
Capital Edge Consulting is a professional services company comprised of adept problem solvers who deliver tangible results to address today’s most complex U.S. government contracting challenges. Capital Edge helps clients address the challenging regulatory, contractual, and compliance requirements of U.S. federal contracts and we have experience working with a wide variety of industries that provide goods or services to the federal government including industries such as biotech and healthcare, nuclear energy, education, information technology, non-profit, professional services, defense, and software.