• Increase font size
  • Default font size
  • Decrease font size
Welcome to Apogee Consulting, Inc.

DCAA Implements Congressionally Mandated Audit Timing

E-mail Print PDF

We posted several blog articles about the 2018 National Defense Authorization Act. Interestingly (at least to us), the most popular of those articles was not the one about mandated changes to how DCAA audits contractors. Nope. The most popular article was about “acquisition stuff.” Go figure.

You, our readers, are a source of constant surprise.

Nonetheless, we are here today to discuss one of the Congressionally mandated changes to how DCAA audits contractors. We are going to discuss Section 803 of the 2018 NDAA (again). Section 803 is a long and somewhat messy provision. It requires a number of changes to be implemented over varying timelines. But § 803(g)—called “Timeliness of Incurred Cost Audits”—is relatively clear and direct. It states—

  1. The Secretary of Defense shall ensure that all incurred cost audits performed by qualified private auditors or the Defense Contract Audit Agency are performed in a timely manner.

  2. The Secretary of Defense shall notify a contractor of the Department of Defense within 60 days after receipt of an incurred cost submission from the contractor whether the submission is a qualified incurred cost submission.

  3. With respect to qualified incurred cost submissions received on or after the date of the enactment of this section, audit findings shall be issued for an incurred cost audit not later than one year after the date of receipt of such qualified incurred cost submission.

  4. Not later than October 1, 2020, and subject to paragraph (5), if audit findings are not issued within one year after the date of receipt of a qualified incurred cost submission, the audit shall be considered to be complete and no additional audit work shall be conducted.

  5. The Under Secretary of Defense (Comptroller) may waive the requirements of paragraph (4) on a case-by-case basis if the Director of the Defense Contract Audit Agency submits a written request. The Director of the Defense Contract Audit Agency shall include in the report required under section 2313a of this title the total number of waivers issued and the reasons for issuing each such waiver.

(Emphasis added.)

Let’s ignore the fact that they are not “incurred cost audits” (because they are audits of final billing rate proposals), and summarize the above:

  • Effective right now, DCAA has 60 days from the time the contractor submits the incurred cost submission to determine adequacy and notify the contractor of its determination.

  • Effective “with enactment of this section,” DCAA must issue its audit findings to the contractor within one year after the date of receipt. If it takes DCAA two months to issue the adequacy determination, then the audit agency has 10 months to perform its audit procedures and issue its report.

  • DCAA has 36 months to figure out how to meet those Congressionally mandated deadlines, because, effective October 1, 2020, if it cannot issue its audit findings to the contractor within one year after receipt, then it must stop work.

Now, we’ve pointed out some issues with reducing those directives into practice. (See our previous article, link in the 2nd sentence of the 1st paragraph.) Nonetheless, they are what they are. DoD and DCMA and DCAA must take them seriously or risk losing dispute after dispute, as they try to question costs after expiry of the deadlines.

An early indication that, indeed, DCAA is taking the deadlines seriously is issuance of MRD audit guidance on January 29, 2018. MRD No. 18-PIC-001(R), entitled “Audit Alert on 2018 NDAA Section 803 Timeliness Requirement for Incurred Cost Adequacy Reviews and Audits,” established that the audit agency is implementing the Congressionally mandated deadlines assuming an effectivity date of December, 17, 2017 (the date the bill was signed into law).

We have a copy of the MRD, but you probably don’t, because DCAA hasn’t published it on its website yet. Here are some salient quotes for your edification:

  • … for any incurred cost submission received since December 12, 2017, the audit team must complete the adequacy review and notify the contractor of the results of the adequacy review within 60 days.

  • … completing incurred cost assignments within 12 months of receiving a qualified submission after the date of enactment (December 12, 2017). … For example, you receive a submission on January 31, 2018 and … you complete the adequacy checklist on February 15, 2018 and determine the submission is adequate. … The NDAA requires this example audit to be completed within one year (i.e., by January 31, 2019). The Agency will be providing guidance for complying with the NDAA one-year requirement.

Note, readers, that these deadlines wouldn’t have been much of a challenge for the “old” (pre-2008) DCAA. Back then, the contracting parties worked to operate to a “6-12-6” cycle, where the contractor had six months from the close of its fiscal year to submit the proposal, DCAA had 12 months to issue its report, and DCMA had six months to negotiate final billing rates. So there’s really nothing new here. In fact, it’s a return to the days of normalcy, before DCAA went insane.

We also want to remind readers that the Section 809 panel had lots to say about DCAA and how it could improve audit procedures to be more efficient and effective. We invite you to review our blog article here on that topic. Then you should go and read the entire Section 809 report; or at least Section 2 of that report.

For those too busy (or too lazy) to follow those links, here’s a brief taste of what the Section 809 panel had to say about DCAA’s approach to incurred cost audits:

Many of the required elements of an adequate final indirect cost rate proposal have no bearing on calculating, understanding, auditing, and negotiating final indirect cost rates. This collection of unnecessary data has contributed to DCAA losing its focus on the purpose and scope of contractors’ final indirect cost rate proposal and has created unnecessary work for contractors, DCAA, and especially contracting officers. …

DCAA must refocus on its mission of providing contracting officers with the information they need to do their jobs as prescribed in contracts and by the FAR. DCAA should not be auditing direct contract costs unless requested to do so by the contracting officer as set forth in FAR 52.216‐7(g). Several final indirect cost rate proposal schedules that have no bearing on evaluating or settling final indirect cost rates should be removed.

While we cynically doubt that DCAA will listen to the Section 809 Panel’s recommendations, we are heartened to learn the audit agency seems to be listening to Congress. (Such has not always been the case.) If DCAA, as an agency, follows through on its MRD guidance, then life should get easier for all the contracting parties.



Accounting for Unallowable Costs

E-mail Print PDF

It’s relatively basic stuff that every government contractor should know. You have to identify and then segregate “unallowable” costs from your proposals, billings, and other things (like claimed indirect cost rates). It’s right there in FAR 31.201-6 (“Accounting for Unallowable Costs”). Every contractor selling non-commercial items has to comply. It’s basic government compliance—like blocking or tackling in (American) football.

Determining exactly which costs are “unallowable” is a lot trickier. You need to thoroughly review FAR Part 31, paying special attention to the list of selected costs at 31.205. You need to know a few court cases and, perhaps, read a few books on the topic. It’s tricky because it requires an application of judgment.

And, if you want to get into even harder stuff, you also need to identify and segregate “directly associated” unallowable costs. Further, as we’ve explained before, there’s a difference between garden-variety unallowable costs and “expressly” unallowable costs, in terms of penalties for failing to properly exclude those costs from your rate calculations, proposals, and/or billings.

So yes, the topic of “unallowable” costs is both broad and deep, but government contractors still need to know about it, and comply with the requirements. In order to comply, some small contractors hire consultants to review their books and to find the unallowable costs—which is not a bad plan because those consultants have the expertise to support their judgments. Other small contractors have outside bookkeepers who are also supposed to identify unallowable costs—which is a risky approach unless you are sure those bookkeepers (or CPAs) have the right expertise. (We don’t believe that knowledge of FAR Part 31 is tested on the CPA exam.)

As contractors grow and can afford additional staff, they hire accountants or billing specialists or Controllers or compliance folks who review accounting transactions for allowability in a more timely manner. Those professionals are hired for their expertise, and it’s usually a good investment—because it’s cheaper to pay (allowable) salaries and benefits than it is to pay unallowable penalties and interest (or lawyers' fees, in extreme cases).

But here’s the thing: No matter what compliance approach you choose as a contractor, you cannot possibly afford to pay for every single transaction to be reviewed by somebody with the requisite expertise.

You cannot afford to pay for every expense report to be reviewed (along with all the receipts) in order to check if somewhere, sometime, somebody got reimbursed for a beer at dinner—and then to see if the cost of that beer was identified and properly recorded as an unallowable cost. You can’t afford to pay for somebody to review every single check request, or vendor invoice, or accounts payable transaction. You simply can’t.

Instead, what you do is have robust policies and procedures and guidance. You have training for employees and supply chain managers and buyers and expense report processors and accounts payable staff, and you have additional training for supervision and management who review and approve transactions. You have special focused training for program managers and for business development folks. You very clearly tell your people what costs are reimbursable, and then which of those costs are going to be allowable and which are going to be unallowable.

You have to do all that because, no matter how hard you try, if you rely on “SMEs” to identify your unallowable costs, something is going to slip through. Anybody you hire from the outside is going to rely on some kind of transaction sample in order to calculate a percentage of unallowable costs (which they are permitted to do). Your employees are going to be looking at a bigger sample of transactions—and you may think it’s 100 percent—but something is going to slip through. That’s just human nature. We’re all fallible and that’s the way it is.

Finally, your own employees may point out to management that an error has been made somewhere in the many upon many accounting transactions that make up a year’s general ledger. The employees may report their concerns and it would behoove you to listen to those concerns, and to make corrections to any cost that was misclassified as an allowable cost when it should have been an unallowable cost.

With all that as background, let’s look at this Department of Justice press release.

The press release announced that Integral Consulting Services, Inc. (Integral or ICS), a “self certified small disadvantaged business” and a “economically disadvantaged women owned small business” (according to this webpage), had settled a False Claims Act lawsuit filed by a former employee for “over a half-million dollars” (actually $505,838). That’s a relatively trivial amount, as such things go. But remember that Integral is a small business, reportedly with only 80+ employees and just over $6 million in annual revenues (as per the previously linked webpage). So $500K is a pretty huge hit to the company’s bottom-line—and that doesn’t take into account the attorney’s fees paid to negotiate the legal settlement with DoJ.

What did the company do wrong? According to the press release—

The civil settlement agreement resolves allegations that from on or about May 1, 2012 through June 27, 2014, ICS took costs and expenses it and its employees incurred in connection with litigation arising out of a teaming agreement with another contracting company and included the costs and expenses in the General and Administration ('G&A') indirect cost pool that was spread amongst ICS’s various government contracts … and submitted to the United States government. The inclusion of such costs had the effect of inflating the claims paid by the Army to ICS.

As best we understand the situation from the above brief description, Integral claimed certain legal costs made unallowable by 31.205-47 as allowable costs. (See FAR 31.205-47(f)(5).) That cost principle states—

Costs of legal, accounting, and consultant services and directly associated costs incurred in connection with the defense or prosecution of lawsuits or appeals between contractors arising from either—

(i) An agreement or contract concerning a teaming arrangement, a joint venture, or similar arrangement of shared interest; or

(ii) Dual sourcing, coproduction, or similar programs, are unallowable, except when—

(A) Incurred as a result of compliance with specific terms and conditions of the contract or written instructions from the contracting officer, or

(B) When agreed to in writing by the contracting officer.

Thus, legal costs incurred in connection with litigation arising out of a teaming agreement were not allowable. They may well have been expressly unallowable. Somebody at Integral didn’t review an invoice from outside counsel, and thus didn’t properly classify the cost as unallowable.

What’s interesting about this situation is that, normally, this is handled via an administrative remedy and not by a lawsuit. DCAA finds the cost and tells the ACO, and the ACO tells the contractor to pay the appropriate penalty and interest. It’s not particularly fun, but it’s not a big deal, either. What makes Integral’s situation different is that an employee noticed the misclassification of the cost, and filed a qui tam suit on behalf of the government—and then got a bounty of more than $90,000 for doing so.

We don’t know why the employee felt the need to file a suit. Did they try to report it and get rebuffed by company management? It’s certainly possible. Looking at Glassdoor, the company has decidedly mixed reviews. Many people love it but many people also had negative comments about management style and a perceived lack of integrity. It’s possible that somebody tried to report the misclassification and was rebuffed—just as it’s possible that the transaction was simply missed by those charged with the responsibility of making sure only allowable costs were claimed in proposals, rate calculations, and billings.

One more thing: missed unallowable costs in G&A expense pools can be bad things, because G&A is allocated to all active cost objectives. Under the False Claims Act, each invoice submitted under each contract becomes a separate claim. Thus, if the G&A rate is “inflated” through inclusion of unallowable costs, then every invoice submitted under each contract was also inflated. The current FCA states each false claim may create a liability ranging from $5,500 to $11,000. That’s per claim. And that’s regardless of the dollar value of the “inflation” as allocated to each claim. Readers need to carefully think about that, before they do a superficial sample of G&A expense pool transactions as part of identification and segregation of unallowable costs.


Last Updated on Tuesday, 20 February 2018 20:25

Measuring PALT

E-mail Print PDF

When reporting on the 2018 NDAA, Section 886 seems to have escaped our attention. That Section required SECDEF “to develop, make available for public comment, and finalize a definition of the term “Procurement Administrative Lead Time” or ‘PALT’, to be applied Department of Defense-wide, that describes the amount of time from the date on which a solicitation is issued to the date of an initial award of a contract or task order of the Department of Defense…” In addition, SECDEF must devise a plan “for measuring and publicly reporting data on PALT for Department of Defense contracts and task orders above the micro-purchase threshold.”

As readers know, we have castigated the FAR Councils—and the DAR Council in particular—for a lack of urgency in responding to Congressional mandates issued through prior NDAAs. No such lack of urgency can be found in the Council’s haste to implement Section 886. Indeed, on February 9, 2018, a request for public comment was published in the Federal Register.

According to the Federal Register notice, “DoD is proposing to define PALT as ‘the time between the date on which the initial solicitation for a contract or task order of the Department of Defense is issued and the date of the award of the contract or task order.’” Further, “The Department plans to submit a Change Control Board request to the General Services Administration to update FPDS-NG by adding a new data field that reflects when the solicitation for a contract or task order valued above the simplified acquisition threshold is issued. Once the FPDS-NG system is updated (estimated to be completed in fiscal year 2019), the public will be able to utilize FPDS-NG to obtain the PALT information for any contract or task order issued by the DoD that is valued above the simplified acquisition threshold.”

The public was invited to submit comments on the proposal above, citing DARS-2018-005.

Though, to be candid, we wonder what comments could be submitted. After all, Congress defined PALT and the proposed definition is exactly—verbatim—what Congress told the policy-makers it should be. We suppose one could comment on the plan to modify FPDS-NG, but that seems a bit silly. It’s as good a plan as any, given that PALT, as defined by Congress, is a silly thing to measure.

It’s all well and good to measure how long it takes DoD to award a contract or task order, but that measurement misses how long it takes DoD to develop an acquisition plan and to conduct appropriate market research in support of that plan. It’s like measuring how long it takes Domino’s to deliver your pizza by measuring from the time the delivery person leaves the store—ignoring how long it takes to make the pizza and cook it.


If you want to comment on PALT, feel free. Just remember that the definition is statutory and the DAR Council cannot change it.


We’re measuring PALT now.




The New CAM

E-mail Print PDF

We’ve proffered criticism of DCAA regarding the lack of published MRDs and the lack of inclusion in the Contract Audit Manual (CAM). Those were valid criticisms, we thought. But in fairness we should point out that DCAA issued a new and revised CAM in December 2017—though of course it hit the website in early February.

Chapter 7 (Selected Areas of Cost) is missing, as it has been since 2015, when DCAA unveiled its Cost Allowability Guidebook. And Chapter 5 (Audit of Policies, Procedures, and Internal Controls Relative to Accounting and Management Systems) is “currently being rewritten.” That said, the CAM is basically the old familiar one we’ve become used to, except updated through December 2017.

Just thought you would want to know.


Last Updated on Thursday, 15 February 2018 19:35

Big 4 Ethics Scandals

E-mail Print PDF

Did you hear about the KMPG scandal? According to news reports, six firm accountants, three of whom were former employees of the PCAOB, were charged by the SEC with leaking sensitive confidential data to help the accounting firm clear regulatory inspections. By knowing in advance which public company audits the PCAOB would select, KPMG could scrub its audit files and identify any gaps in workpaper documentation before the reviewers showed up. According to the criminal indictments, KPMG allegedly recruited at least one of the regulators at a time when nearly 50 percent of audits reviewed by the PCAOB were found to have deficiencies. Another showed up with more information, and (allegedly) both firm accountants received additional information from a PCAOB employee who was seeking employment with the firm.

Francine McKenna quoted Jim Ulvog, as saying, “From my auditor’s perspective, this situation has the feel of a ‘red flag’, meaning something that seems odd on the surface and which is actually a warning sign there could be a far more serious problem, potentially systemic and possibly quite material.” Indeed, this is not the first time KPMG has been in the news in a less than positive fashion. Readers may recall a certain tax shelter case from years ago.

But it’s not just KMPG. Each of the other Big 4 firms has had its own ethical challenges. For example, Deloitte paid $2 million in 2013 for violating Sarbanes-Oxley and PCAOB rules. Going back a few years more, the firm’s Vice Chairman, Tom Flanagan, was charged with providing insider information on the companies he audited to traders. Those charges were settled in 2010.

And let’s not forget that EY had several employees and a partner barred from performing public audits by the PCAOB, because they “created, backdated, and added documentation to an audit file when they learned it would soon be inspected by the board.”

What about PwC? It’s had its own problems, including allegations of theft of trade secrets and allegations that it provided unlawful tax avoidance advice. (To our knowledge the firm has not admitted any liability in those matters.)

The point is, these four bastions of professional accountancy have each had ethical breaches. Perhaps that’s to be expected. Any large population of individuals is going to have a Bell curve of distribution of ethical behavior. And some of those individuals are going to fall on the tails of the distribution. On the other hand, partners are supposed to be vetted before ascension, and one would like to think that ethical concerns would be a barrier to partnership. Perhaps that’s just wishful thinking, but still…

When you evaluate your company for ethical concerns, remember these anecdotes and allegations. No company is immune from ethical concerns.

No company. Not even your company.

The first line of defense against fraud and corruption is not your six DFARS Business Systems. No. The first line of defense against employee fraud and ethical breaches is the corporate culture. As part of your evaluation of your company for ethical concerns, do not forget to evaluate the corporate culture. A weak corporate culture, with ineffective or inconsistent discipline for wrongdoing, is the first sign that there could be wide-spread or even systemic corruption.

Note, if you will, that several of the allegations discussed above could pertain to a government contractor undergoing review of a DFARS Business System. For example, if you knew a CPSR was coming up, it would sure be helpful to know exactly which procurement files the reviewers were going to select, wouldn’t it? And if you got to those files first, and you found gaps, how would you deal with the temptation to correct those gaps? Would you create missing documents? If you did, would you backdate them? Would your management encourage you to do those things—potentially violating the False Statements Act—or would your management discipline you for doing them?

Perhaps you are not in the Big 4. Perhaps you are not in the accounting profession. Maybe you’re just a run-of-the-mill government contractor. If so, you might think you have nothing in common with those big, expensive, firms.

But you’d be wrong.

There is a lot to be learned from those big, expensive, professional accounting firms, if you have the awareness to see it.

Last Updated on Monday, 12 February 2018 19:02

Who's Online

We have 31 guests online


In March 2009, Nick Sanders’ article “Surviving Government Audits: Have the Rules of Engagement Changed?” was published in Government Contract Costs, Pricing & Accounting Reports (4 No. 2 GCCPAR P. 11). Apogee Consulting, Inc. is proud to announce that Mr. Sanders’ article was selected for reprint and publication in Thomson West’s The New Landscape of Government Contracting.  Mr. Sanders, Apogee Consulting’s Principal Consultant, joins such distinguished contributors as Professors Steven Schooner and Christopher Yukins, Luis Victorino and John Chierachella, Joseph West and Karen Manos, Joseph Barsalona and Philip Koos and Richard Meene, and several others.  The text covers a lot of ground, ranging from the American Recovery and Reinvestment Act (ARRA) to Business Ethics and Corporate Compliance, and includes several articles on the False Claim Act and the Foreign Corrupt Practices Act.  In addition, the text includes the full text of many statutory and regulatory matters affecting Government contract compliance.


The book may be found here.