• Increase font size
  • Default font size
  • Decrease font size
Welcome to Apogee Consulting, Inc.

The 2018 National Defense Authorization Act—IP Stuff

E-mail Print PDF

Continuing the series of articles exploring the 2018 NDAA, courtesy of Bob Antonio’s annual analysis of the final language. As noted in the prior article, we are not going to talk about every single little thing. We’re going to talk about stuff that interests us. You may want to do your own research, using the link above. Today’s article is going to focus on stuff related to Intellectual Property.

As you may know, 2016 and 2017 saw a number of attempts by the DoD to attack contractors’ ownership and control of their IP rights. Let’s see how the 2018 NDAA reacts to those attempts.

Section 803 requires the Secretary of Defense and the USD (A,T&L) to—

… develop policy on the acquisition or licensing of intellectual property--(1) to enable coordination and consistency …in strategies for acquiring or licensing intellectual property and communicating with industry; (2) to ensure that program managers are aware of the rights afforded the Federal Government and contractors in intellectual property and that program managers fully consider and use all available techniques and best practices for acquiring or licensing intellectual property early in the acquisition process; and (3) to encourage customized intellectual property strategies for each system based on, at a minimum, the unique characteristics of the system and its components, the product support strategy for the system, the organic industrial base strategy of the military department concerned, and the commercial market.

What all that seems to mean is that we should expect to see DFARS rule-making focusing on IP decisions “early in the acquisition process,” and acknowledging that one size does not fit all in these matters.

Section 803 further requires SECDEF to “establish a cadre of personnel who are experts in intellectual property matters [so as to] ensure a consistent, strategic, and highly knowledgeable approach to acquiring or licensing intellectual property by providing expert advice, assistance, and resources to the acquisition workforce on intellectual property matters …”

There is very explicit direction in Section 803 telling SECDEF and USD (A,T&L) how to go about creating this cadre of IP experts, and what they should be doing, and how they should be doing it.

Almost as if Congress doesn’t trust DoD in this area.

Section 835 requires the DOD “to work with contractors to determine prices for technical data the Department plans to acquire or license before selecting a contractor for the engineering and manufacturing development phase or the production phase of a major weapon system. Additionally, this provision would encourage program managers to negotiate with industry to obtain the custom set of technical data necessary to support each major defense acquisition program rather than, as a default approach, seeking greater rights to more extensive, detailed technical data than is necessary.”

In our view, Section 835 seems to complement Section 803 nicely.

Section 871 focuses on technical data in acquisition of software. Section 872 directs SECDEF to have the Defense Innovation Board initiate a study on “streamlining software development and acquisition regulations.” The DIB report is due one year after SECDEF provides direction to the DIB.

Congress is (apparently) so concerned about software development that Sections 873, 874, and 875 each provide for “pilot programs” to streamline the process and (by direction) lower program costs. What’s up with all this concern? According to the Conference Report—

The conferees note that the Department of Defense’s warfighting, business, and enterprise capabilities are increasingly reliant on or driven by software and information technology. The conferees note with concern that the Department is behind other federal agencies and industry in implementing best practices for acquisition of software and information technologies, to include agile and incremental development methods. The conferees note that existing law and acquisition regulation provide significant flexibility to the Department and that the Department has explicitly provided for tailoring in its acquisition directives and instructions. The conferees note with concern that the organizational culture and tradition of acquiring capabilities using a hardware-dominant approach impedes effective tailoring of acquisition approaches to incorporate agile and incremental development methods.

As always, we strongly suggest you do your own research. The three separate articles we’ve authored this year are what caught our eyes; perhaps you will find something we missed. If so, feel free to bring it to our attention.

 

 

Two Flavors of Procurement Fraud

E-mail Print PDF

Stories of fraud aren’t that interesting unless they contain little nuggets of “lessons learned.” If our readers can’t learn something from such stories, we tend to not discuss them. Today we present two stories that might provide fodder for more managerial oversight or perhaps for process improvements. Unfortunately both stories involve CEOs. What do you do about a corrupt CEO?

The first story is simple. If you submit an invoice to the U.S. Government, and that invoice includes subcontractor costs, and you never paid the subcontractor, then you may be accused of committing fraud.

Which is a lesson learned by M. Cleve Collins who, on November 30, 2017, entered a guilty plea admitting to one count of “major fraud” after two days of a court trial. Collins was indicted a year ago for executing “a scheme to defraud the United States on a construction contract valued at approximately one and one-half million dollars … for the replacement of the roof and the air conditioning system at the Ed Jones Federal Courthouse and Post Office in Jackson, TN. As part of the scheme to defraud, Collins caused the roofing subcontractor, a small Memphis-area business, to perform work for which he was never fully paid. Additionally, Collins filed false and fraudulent certifications with the U.S. Government indicating he had, in fact, paid the subcontractor. The value of the funds obtained because of this scheme was over $580,000.”

From the DOJ press release: “‘Federal contractors are obligated to follow through on their promises to make payments to their subcontractors,’ said GSA Inspector General Carol Fortine Ochoa. ‘When contractors fail to meet their obligations, we will hold them accountable.’"

FAR 32.009-1 provides that the government “shall ensure” that prime contractors pay subcontractors on an accelerated schedule to the maximum extent practicable, when the primes receive accelerated payments. There is a contract clause (52.232-40) that implements this policy. Clearly, the government is concerned that small businesses get paid. Prime contractors may also want to review the FAR at 32.112, especially 32.112-1 (“Subcontractor Assertions of Nonpayment”).

Early payment is better; on-time payment is tolerated. But if a prime contractor isn’t paying its small businesses on time or—worse yet—not paying them at all, there may well be trouble ahead.

In the case of Cleve Collins, he seems to be a smallish construction contractor who thought he could float his company’s cash flow on the back of his small-business subcontractor. That plan didn’t work out for him.

Our second story is a bit more complex.

Global Services Corporation (Global) was founded in 1997 and employs about 150 people, many of them veterans, to provide various services to the Department of Defense. A noble undertaking, perhaps; but one that was tainted by the actions of its owner, Philip Mearing. Mearing was Global’s President and sole owner since 2007. In June, 2017, Mearing pleaded guilty to overbilling the U.S. Government though a fairly complex scheme, according to this article at the Virginia-Pilot, written by Scott Daugherty. The article states that Global billed the government “for $13.6 million in work that was never performed” and also “conspired to double-bill the government for nearly $3 million in work that was already performed under another contract.”

Apparently the primary scheme started in 2004 (prior to Mearing taking over the company) and ran until 2014. Putting together the Virginia-Pilot story with the DOJ press release, our perception is that Mearing conspired with another Global “executive” (Kenneith Deines) to allow two fake companies, both owned by the same person, to bill Global for services that were never provided.

The two sham companies (Tempo Consulting and Bricker Property Management) were both owned by Ken Bricker. Global paid Bricker $13.6 million over the ten-year period for … nothing. Indeed, neither company had any employees. Hundreds of false invoices were submitted from the two companies and paid by Global. Bricker kept about five percent of the payments ($558K) and then transferred 95% of the payments “to Mearing or [another] company owned by Mearing.” That other company, DeShas, was an Ohio LLC that Mearing controlled. Fortunately (or unfortunately, depending on your point of view), Bricker paid Mearing or DeShas via check, leaving a nice paper trail easy to follow, and easy to show a jury.

Mearing was sentenced on December 1, 2017, to five years in prison.

Getting back to the question at the top of this article … how do you detect and/or prevent a conspiracy to commit procurement fraud in which one of the conspirators is the company CEO? How do you deal with a problem where the President or even the Vice-President is a big part of it?

Those are tough questions. In both of these stories, there were no checks and balances. The company President was the sole owner and you did what he said or you found another job. In larger corporations, there would be a Board of Directors or a General Counsel to whom one might go with suspicions of misconduct at the highest levels.

Looking at controls, we have to ask who approved the fictitious invoices? Was it Mearing or was it Deines? (And we don’t know Deines’ role, other than that he was an “executive.”) Who normally approves subcontractor invoices, and who makes sure that services were delivered as being claimed? Are those the same people? What evidence is retained to show that services were delivered? FAR 31.205-33 requires that all consultants provide some evidence of work product. Certainly, that’s a pain and a problem during DCAA audits of claimed incurred costs; but maybe there’s a good reason for that requirement.

Did anybody perform a background check on DeShas LLC, which perhaps would have revealed that the LLC was controlled by Mearing?

These stories could happen in your company. What would you do if they did? Would you shut up and carry on as if nothing out of the ordinary were happening, or would you report the wrongdoing? Where does your personal boundary of integrity lie? It’s something that (thankfully) doesn’t come up too often; but when it does, you had better know where you stand.

In the meantime, we suggest you think about what you can learn from these two stories in the design and implementation of control activities within your procurement and accounts payable systems.

 

Last Updated on Tuesday, 12 December 2017 18:00
 

The 2018 National Defense Authorization Act—DCAA Stuff

E-mail Print PDF

We don’t like to talk about pending legislation very much because things tend to change, and there’s no reason to get all excited about certain NDAA provisions until they become finalized into a public law. Thus, while others were getting upset about this thing or getting excited about that thing, we were laying back (as we do every year), waiting for Bob Antonio to publish his annual analysis of the final language.

Frankly, we count on Bob and his annual analysis, which is published on his essential WIFCON site. It’s a critical resource and we’d be lost at sea without it.

Obviously we care a lot about carefully scrutinizing the final NDAA. But why should you care about it? Why should you care about any NDAA provision? The answer to those questions is simple. If you want to know what Congress has directed DoD components (including the DAR Council) to accomplish in the next government fiscal year, you need to read the directions being provided to them. Or, to put it another way, if you wait for the DAR Council to issue a final rule, you are going to be surprised and you will have to scramble to any implement necessary changes to comply with that final rule. If you wait for the DAR Council to issue proposed rule-making, you’ll have some more runway to make the changes—but it won’t be much. But if you read the NDAA and see what proposed rule-making the DAR Council will be adding to its agenda of open cases, then you won’t be surprised and you’ll have plenty of runway to be ready for any new compliance requirements.

That’s why you should care.

As always, we are not going to talk about every single little thing. We’re going to talk about stuff that interests us. You may want to do your own research, using the link in the first paragraph, above. Today’s article is going to focus solely on DCAA stuff.

DCAA Stuff

Last year’s NDAA (Public Law 114-328) contained a requirement at Section 820 that would have permitted contractors to hire an independent auditor to audit their indirect costs for “allowability, measurement, assignment to accounting periods, and allocation.” If a contractor obtained such a report, then “the Defense Contract Audit Agency may audit direct costs of Department of Defense cost contracts and shall rely on commercial audits of indirect costs without performing additional audits, except that in the case of companies or business units that have a predominance of cost-type contracts as a percentage of sales, the Defense Contract Audit Agency may audit both direct and indirect costs.” (Emphasis added.)

That was an interesting notion, to say the least. And we’re not going to surprise you when we tell you that DCAA didn’t like it one bit. Director Bales told Congress that her audit agency was going to ignore that statutory requirement, and that she was confident Congress would repeal it in the next year’s NDAA.

Indeed, that is what happened.

Section 804 of the 2018 NDAA repealed that provision.

However, Section 803 of the 2018 NDAA added another, similar provision. It requires that DCAA change the manner in which it performs “incurred cost audits” (i.e., audits of contractors’ annual submissions of final billing rate proposals) and, if the changes don’t get the current backlog of unaudited proposals down to an acceptable size, then “the Secretary of Defense shall use qualified private auditors to perform a sufficient number of incurred cost audits of contracts of the Department of Defense.”

Early legislative provisions would have mandated that certain percentages of the proposal backlog be audited by “qualified private auditors” (QPAs) and, at one point, it looked like a contracting officer was going to have to discretion to compete DCAA against QPAs to select the auditor who would deliver the best audit value for the lowest price—but that exciting change was negotiated away during conference.

What does Section 803 require?

First, when performing incurred cost audits DCAA is to use “commercially accepted standards of risk and materiality.” The audit agency has until October 1, 2020, to implement conforming audit procedures. (This was a negotiated compromise from early language, which would have specified exact materiality thresholds to be used by DCAA.)

Second, DCAA must “eliminate, by October 1, 2020, any backlog of incurred cost audits of the Defense Contract Audit Agency.” (Emphasis added.) Currently, DCAA maintains the fiction that a two-year backlog of such audits is acceptable. This provision blows that up, confirming that no backlog is acceptable. To reinforce the issue, the NDAA requires DCAA to “ensure that incurred cost audits are completed not later than one year after the date of receipt of a qualified incurred cost submission.” In other words, once a contractor proposal is determined to be adequate, then DCAA has one year—12 months—to complete its audit. Another provision within Section 803 gives DCAA 60 days (after receipt) to perform its adequacy review.

Moreover, “Not later than October 1, 2020, and subject to paragraph (5), if audit findings are not issued within one year after the date of receipt of a qualified incurred cost submission, the audit shall be considered to be complete and no additional audit work shall be conducted.” (Emphasis added.) Paragraph (5) is the loophole: “The Under Secretary of Defense (Comptroller) may waive the requirements of paragraph (4) on a case-by-case basis if the Director of the Defense Contract Audit Agency submits a written request.”

DCAA began performing “multi-year” audits in the past couple of years, to leverage efficiencies. Director Bales testified that the audit agency realized a 40 percent efficiency savings from that approach. Contractors weren’t so sanguine about these audits and expressed concerns during their testimony. Section 803 limits DCAA’s use of multi-year audits. DCAA may only use multi-year audits when it cannot meet the 12-month completion requirement, or when a contractor requests them and provides a justification to the Defense Comptroller.

(Speaking of loopholes, that’s an interesting one—right? DCAA must complete ICS audits in 12 months but if they don’t, then they can use multi-year audits to catch up. Given that it currently takes DCAA nearly three years to perform an audit, it very much seems as if multi-year audits will continue to be the norm, despite contractor reservations about their use. Further that loophole seems to contradict the strict requirement found elsewhere in Section 803 that DCAA must complete its ICS audits in 12 months or else “no additional audit work shall be conducted.”)

Let’s summarize here:

  • DCAA must perform an adequacy review on contractors’ proposals to establish final billing rates within 60 days from receipt. No exceptions.

  • Once DCAA determines that the proposal is adequate, it must perform its audit within 12 months. No timeframe was given for issuance of a report, but the audit work must be completed within 12 months.

  • DCAA may request waiver of the 12-month rule “on a case-by-case basis”.

  • If DCAA doesn’t complete its ICS audit in 12 months, it may use multi-year audits to catch up. (It’s really not clear how, since additional audit work is prohibited. Perhaps Congress intended that multi-year audits may be used on >future> ICS audits at that contractor.)

But wait. There’s more.

The DoD must begin using QPAs to perform incurred cost audits. Therefore the ICS audit will no longer be the exclusive domain of DCAA. The Secretary of Defense must submit to Congress a plan to bring them on board by not later than October 1, 2018—which is quite quick by government standards. Further, by April 1, 2019, at least one contract or task order must have been issued to two or more QPAs for performance of ICS audits. “The Secretary of Defense shall consider the results of an incurred cost audit performed under this section without regard to whether the Defense Contract Audit Agency or a qualified private auditor performed the audit [and] the contracting officer for a contract that is the subject of an incurred cost audit shall have the sole discretion to determine what action should be taken based on an audit finding on direct costs of the contract.”

There are certain specific requirements associated with QPAs but, as Apogee Consulting, Inc., is not a QPA and we are not going to be hiring QPAs, we’re going to skip them. If you are interested in the details of how QPAs will be used to augment DCAA audit resources, feel free to visit WIFCON and do your own research.

But there’s more. We’re not done yet.

Recently we wrote about the 2017 DCAA quality system external peer review, performed by the DoD Office of Inspector General (OIG). We were surprised that DCAA passed its audit, given the number of findings. (Nearly 40 percent of all selected audit reports had deficiencies.) At the end of our article, we called for another entity to perform that external peer review, given that there was a reasonable perception of impaired independence and objectivity when a sister DoD entity performed it.

Well, the 2018 NDAA addresses our concern. Section 803 requires that—

Effective October 1, 2022, the Defense Contract Audit Agency may issue unqualified audit findings for an incurred cost audit only if the Defense Contract Audit Agency is peer reviewed by a commercial auditor and passes such peer review. Such peer review shall be conducted in accordance with the peer review requirements of generally accepted government auditing standards, including the requirements related to frequency of peer reviews, and shall be deemed to meet the requirements of the Defense Contract Audit Agency for a peer review under such standards. Not later than October 1, 2019, the Secretary of Defense shall provide to the Committees on Armed Services of the Senate and the House of Representatives an update on the process of securing a commercial auditor to perform the peer review ….

Oh, but there’s more.

Circling back to the start of this article, we noted that early NDAA language would have mandated certain numeric materiality standards. DCAA really didn’t like that, since it would have mandated by statute when costs were material in amount and when they were immaterial in amount. Conference negotiation softened the initial language significantly. Now Section 803 requires—

Not later than October 1, 2020, the Department of Defense shall implement numeric materiality standards for incurred cost audits to be used by auditors that are consistent with commercially accepted standards of risk and materiality. [and] Not later than October 1, 2019, the Secretary of Defense shall submit to the congressional defense committees a report containing proposed numeric materiality standards required under paragraph (1). In developing such standards, the Secretary shall consult with commercial auditors that conduct incurred cost audits, the advisory panel authorized under section 809 of the National Defense Authorization Act for Fiscal Year 2016 (Public Law 114-92; 129 Stat. 889), and other governmental and nongovernmental entities with relevant expertise.

Thus, while Congress is forebearing from imposing exact numerical materiality standards on DCAA, it is requiring DCAA to propose exact numerical materiality standards to Congress, after consultation with the Section 809 Panel and “other … entities with relevant expertise.”

It looks like exciting times are ahead for DCAA and its auditors!

In the meantime, there’s plenty more to discuss in the 2018 NDAA, and we’ll be getting to it in future articles.

 

Last Updated on Wednesday, 06 December 2017 18:17
 

The 2018 National Defense Authorization Act—Acquisition Stuff

E-mail Print PDF

Continuing the series of articles exploring the 2018 NDAA, courtesy of Bob Antonio’s annual analysis of the final language. As noted in the prior article, we are not going to talk about every single little thing. We’re going to talk about stuff that interests us. You may want to do your own research, using the link above. Today’s article is going to focus on acquisition stuff—i.e., stuff that impacts contractor prime contracts.

Changes to Thresholds

Section 806 raised the micro purchase threshold from $3,000 to $10,000.

Section 805 raised the Simplified Acquisition Threshold to $250,000. From the House Conference Report, it appears that Congress wants the new SAT to be implemented governmentwide. Consequently this may lead to changes to the FAR, rather than to the DFARS.

Section 811 raised the TINA threshold for non-competitive prime contracts, modifications of such contracts, subcontracts, and modifications of subcontracts would increase from $500,000 to $2.0 million, while the threshold for modifications to legacy contracts would increase from $100,000 to $750,000. This section also modifies statute to require offerors to submit other than certified cost or pricing data sufficient to determine price reasonableness when certified cost or pricing data is not required. Interestingly, the Senate language would have required DCAA “to provide more clarity on the cost effectiveness of different types of audits … require DCAA to report separately for incurred cost, forward pricing, and other audits with regard to the number and dollar value of audits completed and pending, sustained questioned costs, the costs of performing audits, and the return on investment of conducting audits.” The Senate language would also have established “a standard definition for [DCAA’s] reporting on its backlog … DCAA should include any individual incurred cost audit that has not been completed within 18 months after receipt of a qualified proposal as part of the incurred cost audit backlog.” The Senate language related to DCAA was eliminated during conference negotiations.

Section 812 permitted the Secretary of Defense to waive a certification of cost or pricing data “for a foreign military sale where there is already an existing U.S. Government contract for the same or similar item or service” if “the Secretary determines that the Federal Government has sufficient data and information regarding the reasonableness of the price.”

Section 821 modified U.S.C. Title 41 to ensure that, as prime contractors’ thresholds change, as they do every five years based on an analysis of inflation over that period, then subcontractor’s thresholds must change as well. The new thresholds must be applied “to a contract, and any subcontract at any tier under the contract, in effect on that date without regard to the date of award of the contract or subcontract.” That seems … challenging.

Commercial Items

Section 848 required that “a contract for an item acquired using commercial item acquisition procedures under part 12 of the Federal Acquisition Regulation shall serve as a prior commercial item determination with respect to such item for purposes of this chapter unless the senior procurement executive of the military department or the Department of Defense as designated for purposes of section 1702(c) of title 41 determines in writing that it is no longer appropriate to acquire the item using commercial item acquisition procedures.” (Emphasis added.) Further, this Section limits the use of FAR Part 15 procedures to acquire commercial items previously acquired under FAR Part 12 procedures, unless certain circumstances are found to apply.

Despite the title, Section 847 did not impact “commercial items” as defined at FAR 2.101. Instead, it clarifies that “nondevelopmental items are commercial items when the procuring agency determines, in accordance with conditions in the Federal Acquisition Regulation, that the item was developed exclusively at private expense and has been sold in substantial quantities on a competitive basis to multiple foreign governments.”

Section 846 has been termed “the Amazon provision” in that it mandated establishment of a program “to procure commercial products through commercial e-commerce portals … through multiple contracts with multiple commercial e-commerce portal providers, and shall design the program to be implemented in phases with the objective of enabling Government-wide use of such portals.”

Other Stuff

Section 815 prohibited unilateral definitization of Undefinitized Contract Actions (UCAs) valued at $50 million or more, unless “the service acquisition executive for the military department that awarded the contract, or the Under Secretary of Defense for Acquisition and Sustainment if the contract was awarded by a Defense Agency or other component of the Department of Defense, approves the definitization in writing.” Even so, the contractor has 30 days after receipt of the written approval to respond.

Section 818 established minimum contractor debriefing topics and clarified that “the 5-day period described in subparagraph (A)(ii) does not commence until the day the Government delivers to a disappointed offeror the written responses to any questions submitted pursuant to section 2305(b)(5)(B)(vii) of title 10.”

Section 820 is interesting. It modified the definition of “subcontract” “in certain circumstances.” As readers know, we have often pointed out the problems with FAR/DFARS definition of “subcontract” and “subcontractor.” Here is the full text of Section 820: “Section 1906(c)(1) of title 41, United States Code, is amended by adding at the end the following: ‘The term does not include agreements entered into by a contractor for the supply of commodities that are intended for use in the performance of multiple contracts with the Federal Government and other parties and are not identifiable to any particular contract.’.”

Section 822 limited the circumstances in which DoD may use a Lowest-Price-Technically-Acceptable (LPTA) acquisition strategy. (Also see Section 832.)

Section 824 modified Section 836 of the 2017 NDAA, to give the DoD authority to close-out contracts awarded at least 17 government fiscal years before the current government fiscal year, via negotiated settlement, without performing additional reconciliations—but only under certain circumstances.

Section 837 addressed “should-cost” reviews. It requires such reviews to be codified in the DFARS, and that the regulations address, as a minimum, the following elements: “(1) a description of the feature distinguishing a should-cost review and the analysis of program direct and indirect costs; (2) establishment of a process for communicating with the contractor the elements of a proposed should-cost review; (3) a method for ensuring that identified should-cost savings opportunities are based on accurate, complete, and current information and are associated with specific engineering or business changes that can be quantified and tracked; (4) a description of the training, skills, and experience, including cross functional experience, that Department of Defense and contractor officials carrying out a should-cost review should process; (5) a method for ensuring appropriate collaboration with the contractor throughout the review process; and (6) establishment of review process requirements that provide for sufficient analysis and minimize any impact on program schedule.”

The final article in this series will address intellectual property matters in the 2018 NDAA.

 

Last Updated on Wednesday, 06 December 2017 18:19
 

DCAA Passes Peer Review

E-mail Print PDF

Regular reader EZ-Eric sent us an email recently, incensed that DCAA had passed another external peer review. The DoD OIG posted the results of its peer review here. EZ-Eric called the report and the peer review process a “complete sham.”

Would you like to know more?

According to the report, the objective of the review was to evaluate DCAA’s system of quality control. The report was intended to express an opinion on “the design of the system of quality and DCAA’s compliance with standards and requirements” of that system of quality.

What’s a system of quality? According to the report:

A system of quality control encompasses DCAA’s organizational structure and policies adopted and procedures established to provide it with reasonable assurance of conforming to Government Auditing Standards (GAS). The elements of quality control are described in GAS. DCAA is responsible for establishing and maintaining a system of quality control that is designed to provide it with reasonable assurance that the organization and its personnel comply with professional standards and applicable legal and regulatory requirements in all material respects.

The DoD OIG conducted the assessment in accordance with GAS and CIGIE’s Guide to Conducting Peer Reviews. (CIGIE is the exclusive club comprised of 73 Inspectors General from the Federal agencies and departments and independent components. Google it, if you’d like to know more.) Fundamentally, that means that the IG auditors conducted their review with independence and objectivity, and obtained sufficient evidence to support conclusions reached.

To obtain the evidence, the IG auditors selected 67 audits, all issued before June 30, 2016, for testing. The 67 audits were selected from a cross-section of DCAA FAOs across the country, including from Field Detachment. (If you don’t know what an FAO is or what Field Detachment is, then you should probably do some more research before reading the rest of this article.) The selected audit reports covered a variety of assignments, from Incurred Cost (audits of annual proposals to establish final billing rates) to Forward Pricing Rates to proposals to CAS Disclosure Statements, and more. A couple Pre-Award Accounting System reviews were selected, but we didn’t see any post-award Accounting System reviews, nor did we see any MMAS or Estimating System reviews in the selection. That was a curious omission, since inadequate Business System reviews have supported findings of audit quality system failures in the past.

The report contains a handy chart showing details of the 67 selected audit reports, including which FAO performed the audit, the assignment objective, and even the exact assignment number. In addition, the report has another table (Enclosure 2) showing exactly which of the 67 selected audit reports had deficiencies.

There were 25 of them.

In other words, 25 of the 67 selected audit reports had deficiencies. That’s 37 percent. More than one-third. Or, to put it more bluntly, nearly four out of every 10 reports selected for review were found to have one (or more!) deficiencies.

That’s not good.

In fairness, not all deficiencies have equal significance. Some deficiencies are not a big deal. Others are indeed kind of a big deal. The IG report treated every deficiency equally, But—and this is critical!no deficiency was found to be a significant deficiency.

That’s right. No deficiency was found to rise to the level of “significant deficiency”—the definition of which the OIG was careful to omit from its report, despite quoting the definition of “deficiency” in full. Yes, there were many deficiencies found, but none were deemed to be significant.

Which is why DCAA passed its audit.

Looking at the deficiencies found, three types scream “significance” to us.

Deficiency 1: DCAA did not obtain sufficient evidence to support its audit conclusions. As the IG reported—

GAS 2.09(a) states that an audit consists of acquiring sufficient, appropriate evidence to express an opinion on whether the subject matter is based on the criteria in all material respects or the assertion is presented, in all material respects, based on the criteria. For 18 of 67 audits (27 percent) we selected for review, we found one or more instances in which DCAA auditors did not obtain sufficient, appropriate evidence to support an opinion expressed in the report. We found this deficiency in all six DCAA regions. Among the 18 audits, we found a total of 25 instances when the auditors did not obtain sufficient, appropriate evidence to support DCAA’s opinion that contractor proposed costs were reasonable, allowable, or compliant with contract terms.

Well, gosh. More than a quarter of all selected reports lacked sufficient evidence to support audit conclusions. That seems like kind of a big deal to us. Yet, the IG, using professional judgment, did not deem that deficiency to be a significant deficiency.

Moreover, as the IG itself noted in the report, this is a repeat finding from the external peer review it conducted in 2014. The IG stated that DCAA had taken corrective actions in response to the 2014 finding, but the corrective actions had proven ineffective and “based on the results of our current review, DCAA still needs to consider additional steps to ensure that auditors gather sufficient evidence to support reported opinions.”

If this were a contractor business system review and there had been a repeat finding, we all know what the result would be.

To put this deficiency into perspective, in 2008 the GAO and the DoD OIG both found that DCAA’s audits lacked sufficient evidence to support conclusions and opinions. It was a core finding and the subject of Senate hearings. And it led to DCAA’s quality system lacking an external peer review approval for several years thereafter.

Nine years later, apparently nothing has changed.

Yet, DCAA passed the 2017 quality system external peer review.

Deficiency 2: DCAA did not report on pertinent information or scope restrictions. (AKA “reporting” deficiency.) As the IG reported—

GAS 5.04 requires auditors to communicate pertinent information to individuals requesting the audit. In addition, as discussed in AT 101.73 and .74, restrictions or limitations on the scope of an audit may prevent the auditor from issuing an unqualified opinion. When the reported opinion is qualified or disclaimed, the reasons for doing so should be described in the audit report. For 8 of 67 audits (12 percent), DCAA did not appropriately communicate pertinent information or important limitations to the contracting officer. We found this deficiency in five of the six DCAA regions. … The findings demonstrate a pattern and pervasiveness of issues the reflect the need for improving the reliability of DCAA audit reports.

The IG auditors stated that the root cause of this deficiency was that DCAA auditors were not following their own audit procedures. Although disagreeing with the IG audit finding(s), DCAA agreed to update its procedures and to give incoming auditors extra training in this area. (Apparently the current auditors, the ones not following procedures, were expected to do the right thing without any additional corrective actions.) The OIG considered the matter “closed”—meaning that DCAA’s corrective action was accepted.

Thus, DCAA passed its 2017 quality system external peer review.

Deficiency 3: DCAA did not adequately document the procedures performed. As the IG reported—

GAS 5.16a requires that auditors prepare audit documentation in sufficient detail to enable an experienced auditor, having no previous connection to the examination engagement, to understand from the documentation the nature, timing, extent, and results of procedures performed. In 9 of the 67 audits (13 percent), the documentation taken as a whole was insufficient to understand the nature, timing, extent, or results of work performed by the DCAA auditor. We had to hold extensive discussions with the audit staff to understand the procedures performed and why those procedures accomplished the audit objective. We found this deficiency in three of the six DCAA regions. Each of the nine audits had four or more documentation inadequacies.

Well, this is a problem. If you don’t tell people what you did (procedures performed) and you don’t tell them what you didn’t do (reporting), then they might assume your audit conclusions and opinions were valid, even if you didn’t have sufficient evidence (based on procedures performed/not performed) to support those conclusions and opinions.

Seems fairly significant to us.

What’s going on here in this particular deficiency? According to the IG—

Our review did not disclose any inadequacies with DCAA policies and procedures related to documenting the work performed in accordance with GAS. However, the auditors did not comply with established DCAA procedures. Given the number and significance of documentation deficiencies we found (including additional, less significant documentation issues addressed in our Letter of Comment dated November 17, 2017), DCAA should assess the effectiveness of its controls for ensuring compliance with established Agency policies and procedures and take appropriate corrective action. As part of its corrective action, DCAA should consider the need to provide comprehensive refresher training on the GAS documentation requirements.

So it wasn’t the audit guidance; it was the auditors and their inability to follow the audit guidance.

Again, the OIG accepted DCAA’s promise to provide extra training to auditors on the procedures that they are supposed to follow. Not a big deal, apparently. All forgiven. We’re all moving on.

There were other findings; you can read the report if you are inclined to do so. (Link in the first paragraph.) Some of those findings were repeat findings from the 2014 quality system review. The OIG documented that DCAA had declined to implement the recommended corrective action(s) from that 2014 external peer review, and now in 2017 the same findings show up again. How surprising.

And yet, DCAA passed its 2017 quality system external peer review.

It’s not only that nearly 40 percent of the selected audit reports evidenced deficiencies, it’s also that some audit reports evidenced multiple deficiencies. For example—

Audit Report No. 03231-2009M10100046 (an audit of contractor “incurred costs” by the Salt Lake Valley FAO) exhibited deficiencies in every single category. The IG found lack of evidence, reporting issues, lack of documentation, lack of adequate supervisory review, and lack of professional judgment. Same thing for Audit Report No. 06811-2008U10100007 (an incurred cost audit by the BAE York FAO). Given that these were both audits of contractor annual final billing rate proposals—and that such audits take an average of nearly three years to perform these days—it is difficult to understand why the IG auditors would have found any deficiencies whatsoever. Yet there they were: many upon many of them.

And yet, DCAA passed its 2017 quality system external peer review.

The DoD OIG officially concluded—

In our opinion, except for the evidence, reporting, documentation, supervision, and professional judgment deficiencies described after the Overall Management Comments and Our Response section, the system of quality control for DCAA in effect for the year ended June 30, 2016, has been suitably designed and complied with to provide DCAA with reasonable assurance of performing and reporting in conformity with applicable professional standards in all material respects.

And now you know why EZ-Eric was so incensed at this report and the process of governmental external peer reviews. He thinks it’s all a sham.

And it might be.

We believe that one might reasonably wonder whether the DoD OIG can exercise complete independence and objectivity when evaluating the quality control system of a related department. We say “related” because both the OIG and DCAA report up to the Secretary of Defense, albeit by different channels. Yes, the DoD OIG is an independent activity not subject to day-to-day SECDEF oversight; however, it seems reasonable to believe that phone calls could be made, that pressure could be applied. We can envision a scenario where it was pointed out to the Acting Inspector General that it would be in the best interests of the Department (and taxpayers) to have the DCAA quality system remain approved. After all, there is a mountain of contractor final billing rate proposals to wade through (slowly) and ongoing litigation with contractors, to which DCAA audit findings form an important component of the government’s cases. In other words, “find a way to let them pass.”

We’re not saying it happened that way. We’re saying it seems reasonable to wonder if the DoD OIG can, in fact and in appearance, be completely free from pressure that could impair independence and objectivity. Certainly, EZ-Eric thinks that’s the case.

Which is why we are suggesting that DoD OIG no longer perform external peer reviews of the DCAA’s quality control system. Have some other entity perform the work, if only to avoid the appearance of impaired independence and objectivity.

Meanwhile, the 2017 DoD OIG audit conclusion of the external peer review of the DCAA audit quality system stands.

DCAA passed.

 

Last Updated on Tuesday, 05 December 2017 21:11
 

Who's Online

We have 101 guests online

Newsflash

In March 2009, Nick Sanders’ article “Surviving Government Audits: Have the Rules of Engagement Changed?” was published in Government Contract Costs, Pricing & Accounting Reports (4 No. 2 GCCPAR P. 11). Apogee Consulting, Inc. is proud to announce that Mr. Sanders’ article was selected for reprint and publication in Thomson West’s The New Landscape of Government Contracting.  Mr. Sanders, Apogee Consulting’s Principal Consultant, joins such distinguished contributors as Professors Steven Schooner and Christopher Yukins, Luis Victorino and John Chierachella, Joseph West and Karen Manos, Joseph Barsalona and Philip Koos and Richard Meene, and several others.  The text covers a lot of ground, ranging from the American Recovery and Reinvestment Act (ARRA) to Business Ethics and Corporate Compliance, and includes several articles on the False Claim Act and the Foreign Corrupt Practices Act.  In addition, the text includes the full text of many statutory and regulatory matters affecting Government contract compliance.

 

The book may be found here.