pricewaterhousecoopers dcaa’s new direction march 10, 2010 presentation by: james w. thomas...

PricewaterhouseCoopers

DCAA’s New DirectionMarch 10, 2010

Presentation By:James W. Thomas

PricewaterhouseCoopers LLP

PricewaterhouseCoopers Slide 2Slide 2

• DCAA Audit Issues

• GAO September 2009 Report

• DoD Policy Update

• DFARS Proposed Rule on Contractor Systems

• Cost Disputes

• Future State of Compliance Controls

Topics for Discussion


DCAA Audit Issues• Audit Quality

- GAO investigation

- DoD IG Peer Review Expiration

- GAGAS exception effective August 27, 2009

- GAO audit report – September 23, 2009

- Change in DCAA leadership

• DCAA Guidance and Direction

- Independence issues

- Pressure on contractor system assessments

- Expectations on contractor responsiveness

- Access to records and people

• “Disclosure” audits

• DCAA / DCMA authority issues

PricewaterhouseCoopers Slide 4

GAO Findings on DCAA Audit Quality

• DCAA’s management established policies, procedures and training that emphasized a large quantity of audits over audit quality

• Quality problems at DCAA offices nationwide, including:

- Compromise of auditor independence

- Insufficient audit testing

- Inadequate planning and supervision

- Lack of fraud risk detection procedures

- Inadequate auditor understanding of controls

- Reporting problems


Legislative and Other Actions Recommended by GAO

• Leadership and Stability

- Senate confirmation of a presidentially appointed DCAA Director

- Mandate permitting DCAA Director to hold a renewable term appointment between 5 to 7 years

- Conflict of interest provisions for DCAA Director and other key personnel

• Access to Independent Legal Counsel

- DCAA Director not always apprised of legal decisions by DoD Counsel that impact DCAA operations

• Increased Authority and Independence

- Provide same level of access to records and personnel available to IG

• Reporting and oversight of audit results

- DCAA currently has no external reporting requirement

- Legislation could expressly allow DCAA to provide audit results to other agencies, which would improve its visibility and effectiveness


Commission on Wartime Contracting Report on Contractor Business Systems- September 21, 2009


Resolving Contract Audit Disputes• New DoD policy issued on December 4, 2009 applies when, in setting a pre-

negotiation objective, there is a significant disagreement between DCMA and DCAA

• Policy threshold - when the contracting officer plans to sustain less than 75% of the total recommended questioned costs by DCAA for proposals valued at $10M or more

• When significant disagreements occur:

- The CO shall discuss and document the disagreement prior to negotiations

- If unresolved, DCAA’s management may request DoD Component’s management review

- If unresolved, DCAA Director may contact Shay Assad, Director of Defense Procurement & Acquisition Policy

- Final stage of disagreement may be elevated to Under Secretaries for Defense, Acquisition, Technology, Logistics, and Comptroller


DoD Panel on Contracting Integrity 2010 Areas for Review and Development

• Prime contract surveillance and pricing of subcontracts

• DoD policy regarding the definition of adequate price competition

• Training to related to the current structure of contracting integrity

• Use of level-of-effort contracts, including firm fixed-price and cost-plus awards

• Use of senior mentors/advisors/highly qualified experts and potential conflicts of interest

• Requirements placed on DCAA for reports and reviews to determine if all are necessary or can be performed by others

• Contracting peer review process

• DoD policy covering contractor business systems to include reviews, approvals and surveillance


Proposed DFARS RuleEffectiveness of Contractor Systems

(Jan 15, 2010 DFARS Parts 215, 234, 242, 244, and 252)

• Allows administrative contracting officer to withhold a percentage of payment when contractor’s business system contains deficiencies

• Business system includes accounting system, estimating system, earned value management system, material management and accounting system, property management system, purchasing system

• If the ACO determines that there are one or more system deficiencies that are highly likely to lead to improper contract payments, or represent an unacceptable loss to the Government, then 100% of payments will be withheld until deficiencies are corrected


Cost Allowability CasesTecom (U.S. Court of Appeals, 5/19/09, 53 CCF ¶79,109)

• A lower court decision granting summary judgment in favor of Tecom, holding that defense costs and settlement payments associated with a sexual harassment suit are allowable in accordance with FAR 31.205-47, was reversed

• U.S. Court of Appeals held that defense and settlement costs are allowable only if the contractor can show the lawsuit had very little likelihood of success

• Requirement for the allowability of cost is that it must comply with the terms of the contract (FAR 31.201-2). An adverse judgment in a title VII suit would not be allowable under the contract, which specifically prohibited discrimination on the basis of sex


Cost Allowability CasesBearing Point (ASBCA 55354 and 55555, 10/16/09, 09-2 BCA ¶34289)

• An appeal of disallowed labor and transportation costs was sustained when the contractor met its burden of proof on allocability:

- Allowable Cost and Payment clause did not require the contractor to substantiate labor costs with time sheets

- Audits and Records clause did not prescribe the form records or other evidence must take

- Documentation for Payment clause did not describe the requisite level of detail for the contractor’s books and records

- Contract payment and audit clauses were consistent with FAR 31.201-2(d), which refers broadly to a contractor’s responsibility to maintain documentation for claimed costs

• An appeal of disallowed compensation related costs was denied when the government met its burden of proof on allowability by citing specific contract limitations


Cost Allowability Cases• Teknowledge Corporation (U.S. Court of Federal Claims No. 06-310C, 01/07/09)

- Amortization of contractor’s software development costs were disallowed as not allocable to government contracts

- Contractor relied on GAAP (FAS 86), whereby software development costs are amortized based on current and future revenue

- Government relied on FAR 31.201-4, which requires that costs “benefit” the Government

• Fiber Materials, Inc (ABSCA No. 53616, 4/17/07).

- Legal defense costs in a criminal proceeding were unallocable and therefore unallowable. The legal costs were found to be too remote to satisfy the FAR benefit test (non-CAS contract)

- Sales commissions were allocable and allowable as indirect costs because the contractor treated sales commissions as indirect costs (G&A) consistently

- Patent amortization costs were expressly unallowable when not required by the contract

- Penalties – government bears the burden of proving expressly unallowable costs, “sufficiently colorable” claims are not expressly unallowable and penalties must be waived if the claimed expressly unallowable costs are $10k or less


Future State of Compliance Controls

• Control systems are critical

• Record integrity and retention (electronically stored information)

• Long-standing cost accounting practices may be questioned by DCAA without a change in circumstances

• Continuing disputes over DCMA vs. DCAA authority

• New compliance and reporting obligations


Contractual Compliance RequirementsWhat Does This Mean for Contractors?

• Higher level of scrutiny by government auditors

• Increased business and reputational risk

• More resources needed for government audits

• Cash flow and margin implications

• Financial reporting (i.e., SOX) controls may address some aspects of compliance

• A systematic approach is needed to increase confidence and efficiency in the compliance function


Rationalizing Internal Controls

• Holistic framework to address internal control requirements

• COSO internal controls framework used extensively to address compliance needs

• COSO framework addresses five areas of internal controls

• DCAA system audit objectives are within the COSO framework

DCAA is focused primarily on the compliance objectives within the COSO model.


Compliance Effectiveness Methodology The methodology focuses on driving compliance while decreasing overall cost . It focuses on using existing technology and existing compliance efforts to

achieve this goal.

Control EnvironmentInformation &

CommunicationRisk Assessment Control Activities Monitoring

CO

SO

Are

asG

uidi

ngP

rinci

ples

App

roac

h an

d M

etho

dolo

gy

Underlying the success of our methodology is a focus on utilizing technology to support each area through:

• Understanding current system capabilities to support compliance efforts• Identifying risks in current technology infrastructure• Identifying opportunities to further leverage systems to increase effectiveness and efficiency of compliance programs• Leveraging our experience with ERP systems such as Costpoint, SAP, JDE, Oracle, and PeopleSoft to reduce the cost of compliance

Sets the tone of an

organization, influencing the

control consciousness of its

people.

The entity's process for

identifying and analyzing risk

to achieve its objectives and

form a basis for determining

how risk should be managed.

• Evaluate, recommend, and/or design procedures used by management to establish an effective control environment

• Develop or evaluate risk assessment to identify compliance requirements and potential risk areas

• Inventory compliance requirements including:

• Contractual clauses• CAS• FAR• DCAA internal

control matrices• Other

The policies and procedures

that help ensure that

management directives are

carried out.

• Evaluate government contract compliance policies and procedures

• Map “as is” controls to compliance requirements including DCAA control objectives

• Perform gap analysis and compliance readiness assessment

• Identify opportunities for improvement and develop remediation plans

Systems and programs that

support the identification,

capture, and exchange of

information.

• Identify opportunities for automation of control activities

• Develop training programs on FAR, CAS, other regulatory requirements and identified remediation activities

Ongoing process of ensuring

the quality of internal control

performance.

• Develop test plans and self-assessments that allow management to evaluate operating effectiveness of controls

• Test remediation plans as developed and implemented

Ena

blin

gT

echn

olog

y


Defining Internal Controls Optimization

Efficient and systematic process to define risks

Quantification of costs,

process impact and validation

of these controls

Establishing the right

controls at the right

cost

Implement management oversight and

reporting structure

Redesign, automate or

implement new controls

Leverage higher level controls


Opportunities for integration of related internal control activities

Illustrative

Common governance, risk and control functions

Event definition/scoping X X X X X X X X X X X

Risk/control assessment X X X X X X X X X

Control monitoring X X X X X X X X

KPIs/KRIs X X X X X X X X X

Control testing/validation X X X X X X X X

Advisory X X X X X X X X X X

Policy and procedure X X X X X X X X X X X

Incident management X X X X X X X X X X

Deficiency management X X X X X X X X X X X

Reporting X X X X X X X X X X X

Change management X X X X X X X X

Records management X X X X X X X X X X X

Communications X X X X X X X X X

Training X X X X X X X

Op

era

tion

al

risk

Inte

rna

la

ud

it

Re

gu

lato

ry

com

plia

nce

SO

X (

bu

s a

nd

IT

)

An

ti-fr

au

d

Le

ga

l

Re

cord

s m

an

ag

em

en

t

Info

rma

tion

se

curit

y

Bu

sin

ess

co

ntin

uity

p

lan

nin

g

Cre

dit/

ma

rke

t ris

k

IT p

rob

lem

m

an

ag

em

en

t


Question and Answer Session

pricewaterhousecoopers dcaa’s new direction march 10, 2010 presentation by: james w. thomas...

Documents