From time to time contractors attempt to limit auditor access to certain records, data, or documents. Generally, the attempted limits stem from a contract clause, or from a lack of a contract clause. Recently, the Civilian Board of Contract Appeals (CBCA) tackled another contractor attempt. In doing so, the CBCA established some interesting positions of which government accounting and compliance practitioners should be aware.

We could tell you that the July, 2023, CBCA decision in the matter of HPM Corp. v. Dept. of Energy will likely be of limited use as a precedent—but that wouldn’t be entirely accurate. While the decision was issued from the civilian BCA, it is well-written and could be persuasive to Judges of other fora. (I mean, what do I know? I’m not a lawyer. But the decision seems to me to be potentially persuasive. We’ll have to see.)

HPM was awarded a contract by DOE in 2018 “to perform occupational medical services at the Hanford Site in Washington state.” (There it is: Hanford. Again. What is it about that place, anyway?) What type of contract was it? Yes. It was all the types of contracts.

Here’s how the CBCA described HPM’s contract: “a performance-based Contract that includes Firm-Fixed-Price (FFP) Contract Transition, FFP Occupational Medical Services, Cost Reimbursement (CR) Occupational Medical Support Services, and Indefinite Delivery/Indefinite Quantity (IDIQ) Contract Line Item Numbers (CLIN).” A “hybrid contract,” in short.

Hybrid contracts are all the rage these days. It’s not really unusual at all. The question is: which contract clauses apply to which contract types within the hybrid contract? Do all clauses apply to all contract types? That cannot be the case! For example, it would be absurd to say that the Allowable Cost and Payment Clause (52.216-7)—which is a mandatory clause for all cost-type contracts—applies to the FFP portions of a contract. Similarly, we know (through judicial decisions) that, even though 52.216-7 is mandatory for T&M contract types, it really only applies to the cost-reimbursement portion and not to the FFP-per-labor-hour portion. So you can’t say that all clauses apply to everything everywhere in the contract. The question remains: which clauses apply to what?

Therein lies the gravamen of the dispute.

The CBCA noted that HPM’s contract included the FAR clause 52.215-2 (“Audits and Records–Negotiation,” Oct 2010). The contract also included the FAR clause 52.216-7 (“Allowable Cost and Payment,” Jun 2013) ”… but with a limiting notation (added in bold lettering) that states as follows: ‘Applies to Cost-Reimbursement.’”

The dispute started during DCAA’s audit of HPM’s FY2019 proposal to establish final billing rates. HPM was reluctant to provide DCAA with all requested supporting documents. The documents it did provide to the auditors were marked to prevent DCAA from providing them to others—i.e., to the DOE contracting officer. Apparently, HPM’s rationale was based on the fact that “because HPMC did not submit any cost or pricing data for the FFP portion of the hybrid contract, it should not need to provide proprietary information to DOE regarding fixed-price costs.”

Hmmm. Interesting position.

It is true and correct that certain cost data associated with FFP contracts awarded without submission of any cost or pricing data are exempt from audit. For example, FAR Part 14 sealed bid contracts are generally thought to be audit-exempt. Similarly, FAR Part 12 commercial product or services would likely be found to be exempt, as well. But it’s a large step to go from there to “my FFP CLINs are exempt from audit.” I mean … that’s some kind of chutzpah right there, isn’t it?

The dispute continued into the FY2020 proposal to establish final billing rates. As related by the CBCA—

For the FY 2020 incurred-cost audit, DOE designated Cohn Reznick (CRZ) as its auditor. On January 19, 2022, the DOE contracting officer, relying on the requirements of FAR 52.216-7 (clause I.36) and DEAR 970.5204-3 (clause I.173), directed HPMC to provide both CRZ and DOE with a final indirect-cost-rate proposal accompanied by ‘adequate supporting data’ that included ‘any firm fixed price data needed to evaluate the indirect cost pool and base costs used to calculate indirect cost rates.’ Counsel for HPMC responded on January 22, 2022, that the disputed information was proprietary and that DOE was not entitled to it. He argued that clause I.173 was intended to provide DOE with access only to materials related to environmental, safety, and health work plans to protect against ionizing radiation and radioactive materials. He indicated that HPMC would provide information necessary to the audit to CRZ but not to DOE.

(Internal citations omitted.)

Let’s stop right here. If your legal counsel is already involved before the audit has really gotten started … well, you can be pretty sure your audit is not going to go well. As a very experienced government audit liaison (some would say too experienced), I have to opine that some battles just ain’t worth fighting. When your counsel tells your auditor that they can’t have access to information they want to see (or that whatever they see can’t be shared with their customer, in this case DOE) the first thought that is going to pop into the auditor’s head is “those guys are hiding something they don’t want me or my DOE customer to see.”

Why would you want to create that thought in your auditor’s head? Yeah, don’t do that.

In fact, my advice (after 40 years of doing this shit) is to keep your legal counsel far, far, away from ongoing audits unless they must be involved because a huge issue has been alleged (or has been found-out). There is a place for attorneys in protecting the company; of course there is! But there is an unfortunate tendency for attorneys to polarize the parties while they’re carving-out their legal positions. They start preparing for litigation right away. Which is fine if you’re excited to litigate. But as for me? My job as audit liaison is, generally, to avoid litigation. Litigation is expensive; it is time-consuming. It takes a long time and, while you’re waiting for the judge’s decision, you’re stuck in limbo. Litigation is not something I enjoy; nor should you if your job is to make the audits run smoothly.

The attorneys were involved here and, fairly quickly, a nonmonetary claim was filed with the contracting officer. After rejection, an appeal was docketed at the CBCA.

I was interested in how the DOE contracting officer dealt with the issue. According to the CBCA,

The contracting officer found that, pursuant to the contract’s inspection and audit clauses, DOE is permitted access to what HPMC views as proprietary material during an incurred-cost audit, even if some of the material relates to the FFP portion of the hybrid contract. The contracting officer then indicated that ‘DOE will proceed with the remedy to remove all unsupported costs associated with the FY 2020 indirect rates and FY 2022 provisional billing rates.’

(Internal citations omitted. Emphasis added.)

Yeah, that’s gonna hurt.

There’s a lot of stuff in the CBCA decision about whether the Board could even hear HPM’s claim. Here’s a summary:

HPMC is asking the Board to interpret its contract in a manner that would relieve HPMC from having to provide DOE with the audit support documents that DOE is demanding. Although HPMC presumably could continue to decline DOE’s production demand (as it now seems to be doing), wait for DOE to effectuate the indirect cost reductions that DOE has indicated it intends to impose, and then submit a monetary claim to recover that money, HPMC is not obligated to wait until DOE takes such action in order to seek a decision interpreting its audit production obligations under the contract.

Anyway, the CBCA Judges disagreed with HPM’s position. We’re going to quote extensively and you should read the quoted material, even though you probably won’t.

With regard to HPMC’s argument that these clauses only authorize DOE and its auditors to access information regarding the cost-reimbursement CLINs in its contract and that information associated with the FFP CLINs are completely off-limits, we disagree. HPMC’s contract expressly identifies one of the FAR clauses identified above (FAR 52.216-7) as being tied to the cost-reimbursement portions of HPMC’s contract, but the other FAR clause (FAR 52.215-2) provides generally for audits of ‘cost-reimbursement’ contracts. Although HPMC asks that we decide whether FAR 52.215-2 applies only to the cost reimbursement CLINs in its hybrid contract or to the contract as a whole, it is unnecessary to do so because, as far as we can tell, DOE’s auditors have not requested documents that would fall outside the context of a normal incurred-cost audit. Contractors’ incurred-cost submissions under cost-reimbursement contracts ‘are audited . . . to establish allowable direct costs and indirect cost rates for each fiscal year.’ Donald P. Arnavas, James J. Gildea & Normal E. Duquette, “DCAA Audits,” 94-09 Briefing Papers 1, 4 (Aug. 1994). DOE represents that ‘[a] well-known audit risk is misallocation and/or cost shifting between fixed price, cost reimbursable, and indirect work/costs’ and that ‘HPMC has had a history of misallocating costs between FFP and [cost-reimbursement] portions of the Contract.’ The audit in question is being undertaken to ensure that indirect costs being charged to the cost-reimbursement CLINs are appropriately allocated to those CLINs and have not been, through some type of accounting mechanism, moved away from FFP CLINs. …

The Board is in no position to impose some type of myopic limitation on the scope of documentation that auditors need to support an audit of the cost-reimbursement aspects of this contract or of HPMC’s indirect cost rates. … HPMC has identified no basis upon which we would step into the shoes of the auditors and micromanage what documents they may, or may not, need to support their review or bar them from accessing certain categories of documents.

The Court of Claims made clear more than forty years ago that a contractor cannot complain during contract performance about the Government’s reliance upon audit access rights, including the right to access what the contractor views as proprietary information, created by contract clauses to which the contractor, prior to award, did not object [quoting SCM Corp. v. United States, 645 F.2d 893, 902 (Ct. Cl. 1981)] ….

HPMC tells us that the documents which the auditors are seeking are far beyond what should be needed to evaluate HPMC’s costs. Certainly, the Government’s audit rights under these clauses are not limitless and do not provide a basis for wide-ranging document requests for corporate records unrelated to the verification of actual costs. But the contractor does not get to stop an audit simply because it thinks that what it has produced is good enough.

(Internal citations omitted. Emphasis added.)

So, at the end of the day, HPM managed to delay some audit procedures, coax from the DOE contracting officer a threat to unilaterally establish both final rates and provisional billing rates by removing “unsupported” costs, and to upset the working relationship with its auditors and with its government customer.

Not the greatest job of audit liaison, in my view.

I hope you will do better.

Washington River Protection Solutions LLC (WRPS) was awarded a Tank Operations Contract (TOC) by the Department of Energy for performance at the Hanford Site. You know about the Hanford Site, right? We’ve written about the Site before—we’ve written a surprising number of articles about compliance issues there, involving many different contractors.

WRPS is “an Amentum-led” company. Which means (we think) that WRPS is managed by Amentum, even though many other companies may be involved in performance of TOC work. Amentum is the name of a company that used to be called AECOM. During its history, AECOM acquired URS, which had acquired EG&G, Westinghouse Government Services, Lear Siegler, Washington Group International (formerly known as Morrison Kundsen), and Apptis. AECOM also acquired DynCorp International and Pacific Architects and Engineers (PAE) at various points in time. So, basically, Amentum is a massive conglomerate with multiple subsidiaries and business that have very long government contracting pedigrees.

In other words, WRPS knows the ins and outs of government contracting. Thus, when DOE demanded it repay costs found to be unallowable, WRPS hired itself some attorneys and appealed the decision to the Civilian Board of Contract Appeals (CBCA).

WRPS started performing the TOC in 2008. During its performance, WRPS used a practice of augmenting staff by hiring “contracted labor resources (CLRs).” “CLRs are individuals hired through staff augmentation subcontractors to perform a specific scope of work or to fill in for missing personnel on a temporary basis under the direct supervision of a WRPS employee.”

From the Board’s findings of fact:

WRPS competes different labor categories among staff augmentation contractors and enters into blanket master agreements (BMAs) that contain labor categories and rates. Once BMAs are established, CLRs can be hired quickly, and WRPS does not incur the training or separation costs that it would for a full-time employee, costs estimated to be between $28,000 and $38,000. CLRs also allow WRPS to accomplish tasks when budget funds are available and to downsize quickly without additional cost when budget funds are not available. It also allowed WRPS to obtain the services of contractors who would not take a full-time position. WRPS hired 1224 CLRs in the first ten years of the contract, as compared to the average 4300 full-time WRPS employees. Very few of these CLRs worked full-time during any given year, and few worked more than five years as a CLR. WRPS spent nine percent of its staffing dollars paying for CLRs.

(Internal citations omitted, as will be the case in all block quotes used.)

In February, 2020—nearly eight years after WRPS had started contract performance—the DOE issued a Notice of Intent to Disallow Costs to the company. DOE intended to disallow more than $6 Million for a variety of reasons. To our way of thinking, DOE threw a bunch of spaghetti at a wall to see which issue would stick. The disallowance was based on an audit report prepared by the DOE Richland Finance Office.

As the Board wrote—

In the audit, DOE Finance examined the compensation records for forty-one individuals hired as CLRs by WRPS that it had ‘judgmentally selected, seeking CLRs that had worked for WRPS for three or more years consecutively. DOE Finance identified numerous concerns with the employment and compensation for thirteen of these individuals, including concerns that WRPS did not have effective controls to ensure that CLRs met minimum qualifications and that several CLRs were paid rates higher than the rates agreed to on the subcontract through which they were hired. DOE Finance was also concerned that none of the forty-one CLRs had been subject to a ‘make versus buy’ analysis to determine whether it was less expensive to hire a new WRPS employee rather than filling the requirement with a CLR. DOE Finance did not provide a dollar figure that matched the $6 million amount in the notice of disallowance; instead, DOE Finance recommended a settlement range between $5.75 million and $8 million.

In August 2020, WRPS provided a response to both the audit report and an explanation of the reasonableness of the dollars expended for the thirteen individuals that were the focus of the DOE audit.

Okay. Let’s stop right there. Notice the lack of specificity of the purported audit findings. Notice the lack of a sum certain. What kind of audit recommends a “settlement range” rather than express a sum certain finding? Answer: no audit we ever heard of. At least no audit that complies with GAGAS.

On December 10, 2020, DOE issued a contracting officer’s decision in which DOE disallowed $6,025,069 because the costs were unreasonable.

Unreasonable.

Okay. But notice that WRPS had, in its view, already supported the reasonableness of the disputed costs. And notice that the Contracting Officer’s Final Decision was a specific sum certain, rather than a range.

How did anybody get from a “settlement range” to $6,025,069? The Board answered that question as follows:

DOE calculated this amount by identifying specific costs to be disallowed for thirteen individuals for four different reasons. For five individuals, DOE identified a ‘high’ and ‘low’ amount that were disallowed and averaged the figures. The sum of the amounts calculated for the thirteen individuals was $3,012,534. DOE multiplied this figure by two to derive the final amount disallowed. DOE applied this so-called ‘2x’ factor because DOE, in its review, found other instances of the same issues identified for the thirteen individuals, and the factor would account for what DOE believed was ‘excessive pass-through’ of subcontracting costs related to CLRs.

Do we even have to articulate how we feel about that so-called “methodology”?

Averages. A 2x “factor” to address an issue not even found in the COFD. Are you kidding us? This is audit malpractice, as clear as the sun in the sky or the radioactive waste in the ground at Hanford. Auditors who participated in this debacle, and their supervisors who approved it, should be—at the very minimum—educated in how to conduct audits and reach conclusions based on evidence.

Sigh.

According to the Board—

DOE brought challenges to specific costs that can be grouped into four categories:

1. The hourly rates paid to seven individuals exceeded the hourly rates that they would have received purportedly as WRPS full-time equivalents (FTE).

2. The hourly rates paid to three individuals exceeded the rates set forth in the BMAs competed among the staff augmentation subcontractors.

3. Seven individuals purportedly did not meet the qualification requirements set forth in the BMA for their positions.

4. The hourly rate paid to two individuals was increased ‘overnight’ with purportedly no reason for the increase.

The Board discussed each of the four issues within its decision. For the most part, the Board dismissed the DOE’s non-specific concerns and, instead, accepted WRPS’s analysis as sufficient evidence to support a finding that the CLR costs were, indeed, reasonable. For example, the Board wrote—

We find no merit in DOE’s challenge based upon what the individuals would have been paid if hired as full-time WRPS employees. The problems with DOE’s analysis on this point are myriad—the analysis fails to account for the hours these individuals worked, is based upon an analysis of 2018 rates, but applied across all years of the contract, and fails to account for the years of experience that many of these individuals possessed.

You can and should read the analyses within the decision; the link is provided above.

With respect to the “2x factor” the Board wrote:

The specific amounts that DOE challenged for the thirteen individuals totaled $3 million. Because DOE had identified other individuals with qualifications or other issues, DOE doubled the amount sought to capture them. DOE sought to be conservative in applying this 2x factor. As the DOE auditor explained, it was not proper to extrapolate because DOE had selected the original forty-one individuals to be audited based upon tenure rather than sampling the entire pool. DOE sought to capture other issues, like excessive pass-through, which the DOE auditor acknowledged had not been quantified.

(Emphasis added.)

The foregoing describes gamesmanship, not auditing.

The Board did not castigate DOE for its approach. Instead, the Board wrote:

While we appreciate that DOE was attempting to approximate the costs of other problems it identified with its application of the ‘2x factor,’ this approach does not comport with the FAR requirement that the contracting officer identify a ‘specific cost’ that was challenged on reasonableness. FAR 31.201-3.

At the end of the day, the $6 Million sought by DOE was not upheld. Instead, WRPS was required to pay $80,275 (plus interest).

Why sanctions weren’t sought—and imposed—on the DOE for its methodology, a methodology that smacks of a lack of good faith and fair dealing, remains a mystery to this blog author.