• Increase font size
  • Default font size
  • Decrease font size
Home News Archive DFARS Case 2009-D038 Business Systems—Definition and Administration

DFARS Case 2009-D038 Business Systems—Definition and Administration

Thursday, 18 March 2010 00:00 administrator
E-mail Print PDF

Mr. Mark Gomersall

OUSD (AT&L) DPAP (DARS)

IMD 3D139

3062 Defense Pentagon

Washington, DC 20301–3062.

Re:  DFARS Case 2009-D038

Business Systems—Definition and Administration

Dear Mr. Gomersall,

This letter provides comments in response to the proposed rule that would “clarify” the definition of contractor business systems, and DOD’s administration thereof.  First, let me state that I provide these comments as an individual and any opinions I express are my own.  Although I am employed by a Top 5 Defense contractor, my opinions do not necessarily reflect the opinions of my employer.  Moreover, although I have provided consulting services to the defense industrial base for more than a decade, my opinions do not necessarily reflect the opinions of my clients.

As a threshold matter, I agree that the existing regulatory framework governing contractor systems needs to be updated and clarified.  There has been little in the way of guidance for contractors seeking to implement effective systems of internal control since the publication of the Defense Contractor’s Risk Assessment Guide (CRAG) in 1988.  CRAG identified five systems of contractor internal control:  (1) preparation of indirect cost “claims” (i.e., proposals to establish final indirect cost rates), (2) timekeeping and labor charging, (3) material management and accounting systems (MMAS), (4) estimating, and (5) purchasing.  The Defense Contract Audit Agency (DCAA) subsequently expanded the CRAG list to develop its list of ten key contractor internal control systems, which included (in addition to those mentioned in the CRAG list):  (1) Electronic Data Processing general controls, (2) Billing, (3) Budgeting/Planning, (4) Compensation, and (5) Indirect/Other Direct Costs. 

More recently, in November 2008 FAR contract clause 52.203-13(c) implemented a requirement that contractors have an internal control system that “facilitate[s] timely discovery of improper conduct in connection with Government contracts; and … [e]nsure[s] corrective measures are promptly instituted and carried out.”  The lack of guidance and, in particular, the lack of an independent source for a determination of what control activities constitute an “adequate” system, has been a barrier to those contractors desiring to implement effective systems of internal control that would provide assurance that they are complying with applicable statutory, regulatory, and contractual requirements.

While I agree that it is past time to update and clarify the existing regulatory guidance, I have several objections to the proposed rule.  Fundamentally, the proposed rule is unnecessary, creates potential conflicts with existing FAR language, and it would be applied to contract financing payments that are expressly exempt from requirements of certain business systems.  In its likely effect on contractors, it is punitive, arbitrary, and capricious.  Following are my specific comments:

1.    This should be a FAR rule and not a DFARS rulePromulgating the rule within the DFARS will lead to confusion as to which framework applies to contractors with both DOD and non-DOD contractsDOD contractors that are under the administrative cognizance of another Executive Branch Department or agency, or that have both civilian and defense contracts, will be potentially subject to multiple frameworks—i.e., they may have to comply with the “business systems” requirements in their DOD contracts while concurrently having to comply with business system adequacy rules of their cognizant non-DOD agencies.  Subjecting contractors to multiple, potentially conflicting, lists of standard “business systems”—and varying (potentially conflicting) standards of adequacy—will generate administrative confusion, create implementation problems, and will increase compliance costs.  The solution is to make this a FAR (i.e., government-wide) rule.  If that is not feasible, then the final rule should clearly state that a contractor are subject to the “business system” rules of its cognizant agency; and that in the case of conflict between the requirements of an individual contract’s clause(s) and the requirements of the cognizant agency, the requirements of the cognizant agency—and not the requirements of the individual contract’s clauses—shall prevail.  Failure to address this potential requirements conflict is a fatal flaw in the proposed rule.

2.    Exempt contracting financing payments from the final rule.  Although I support the notion that DOD implement payment withholds when a contractor ignores or fail to implement actions to correct identified deficiencies, there is no need to implement contract financing payment withholds via a new DFARS clause because the FAR already provides sufficient protection for the Government DOD contracting officers already have authority to reduce or suspend such payments when it is determined that “the Contractor’s records or controls are determined … to be inadequate for administration” of contract financing payments.  (See, e.g., the language at 52.232-32(h).)  With respect to progress payments, the relevant clause (52.232-16) provides that the Contracting Officer may “reduce or suspend progress payments” when it is determined that the contractor does not “maintain an accounting system and controls adequate for proper administration of this clause.”  Consequently, it should be clear that adding the proposed language to DFARS does nothing to provide additional protection to the Government with respect to contract financing payments; doing so merely sows confusion in the contract administration process and creates potential conflict between the applicable DFARS and FAR clauses.

In particular, linking contract financing payment withholds to accounting system deficiencies defeats a key benefit of Performance-Based Payments (PBPs)—DOD’s “preferred method” of contract financing for fixed-price contracts.  One of the Government’s key benefits when using PBPs is reduced government oversight because “the contractor’s accounting system is not relied on to determine payment amounts.”   (Source:  DOD User’s Guide to Performance-Based Payments, November, 2001, page 2.) In other words, the rule as drafted extends oversight into an area in which there is no nexus between the Government’s risk of improper payments and adequacy of the contractor’s business system, and it also extends oversight into an area that, by Congressional intent and DOD policy, was expressly exempted from such oversight.  If the DAR Council proposes to require Contracting Officers to reduce PBP amounts based on deficiencies in the contractor’s accounting system, it may as well eliminate use of PBPs altogether—because will have defeated a key benefit from their use.

3.    The proposed rule is punitive, arbitrary, and capricious.  As previously stated, I applaud the notion that contractors should be held accountable for the adequacy of their business systems.  And as previously stated, the existing FAR and DFARS language already provides much if not all of the authority Contracting Officers need to implement such withholds when it is appropriate to do so.  The proposed rule would mandate payment withholds ranging from 10 to 100 percent when the Administrative Contracting Officer determines that one (or more) business system contains “deficiencies”.  Glossing over my belief that such payment reductions would be found by a Court to be excessive to the Government’s risk and therefore punitive in nature, I would like to focus on the proposed language.

The term “deficiencies” is vaguely defined as “failure to maintain an element” of an acceptable system.  There is no mention of materiality, or of risk, or of proportionality, or of use of judgment.  There is no discussion of control objectives versus control activities.  There is no discussion regarding the fact that some system deficiencies can be “technical” with no impact to payment amounts (e.g., a lack of formal policies and procedures), while others can be significant and pose great risk to the GovernmentThere is no acknowledgment that human error (i.e., a simple mistake) is not at all the same as a systemic flaw.  Moreover, the proposed language (e.g., “the contractor’s accounting system shall be in compliance…”) actually conflicts with the existing policy at DFARS 242.7501, which states that the goal of an accounting system is “reasonable assurance” of compliance—and not absolute assurance.  Because the proposed language is vague and conflicts with existing policy language, it should be withdrawn, or at least significantly rewritten to address various types of deficiencies and the fact that no control system is perfect (nor would DOD want to pay for a system that achieved perfection, as it would be cost-prohibitive).

Moreover, the system requirements are similarly ill-defined.  For example, the proposed rule would state that one requirement of an adequate accounting system is the ability to provide “cost accounting information as required.”  Required by whom I wonder?  Required by the contractor itself (for its own use), or by DCAA auditors, or perhaps by DCMA functional specialists?  And exactly what cost accounting information is the requirement addressing?  This is simply one example of many that could be discussed.  The conclusion is obvious:  the proposed rule is vague, lacks any linkage of system “deficiency” to actual risk, and simultaneously removes Contracting Officer discretion in favor of mandatory withholds that are excessive to any possible risk to the Government. As drafted, the proposed rule is the very definition of arbitrary and capricious.

4.    The proposed rule fails to address key steps in the process.  The proposed rule lacks key details regarding the administrative process—a process whose steps and overall duration will affect the financial stability of the defense industrial base.  (I note that contractors must continue to perform their contracts, even if 100 percent payment withholds are imposed.  Impacting contractor cash flow so significantly, for an indefinite duration, surely will lead to impacts on financial stability and financial capacity.)

For example, the proposed rule states that “the ACO, in consultation with the auditor or cognizant functional specialist, shall evaluate the contractor’s response and make a final determination” regarding system adequacy, but fails to define how the consultation will take place.  Is a formal DCAA audit report required to determine that a business system has a deficiency?  Does an ACO require another formal DCAA audit report in order to determine that a deficiency has been corrected by the contractor? Can the consultation take place via email, as current Defense Procurement and Acquisition Policy (DPAP) guidance would suggest?  Given that DCAA frequently takes a full year to conduct a system review, and that current audit guidance requires auditors to wait “several cycles” before initiating follow-up reviews to determine whether corrective actions have been implemented, this proposed process easily could lead to contractors being forced to perform on DOD contractors for more than a full year without being paid, simply because DCAA hasn’t scheduled the follow-up audit or timely issued its audit report.  The unintentional consequence of this open-ended process might well be to force contractors into bankruptcy and terminations for default—which will require buying commands to reprocure the goods and/or services they need.  Additionally, the proposed rule requires the ACO to provide the contractor a report in sufficient detail to “allow the Contractor to understand what actions are necessary to correct the deficiencies,” but what happens if the contractor alleges the report lacks the requisite detail?  The administrative process, as drafted, could easily lead to a contractor being caught in a kind of “Catch-22” wherein it lacks sufficient information to correct a system deficiency, but cannot receive payment until it corrects the ill-defined problem to the satisfaction of the DCAA and ACO.  Surely this absurd and counterproductive result cannot be the intention of the DAR Council.

The proposed rule states that payment withholds will be withdrawn when the contractor has “substantially corrected” them, but fails to define what that phrase means.  For example, does DCAA need to re-audit the business system and reach that conclusion in order for an ACO to make that determination?  (See my comment, above, regarding the lack of timeliness associated with DCAA follow-up reviews.  If the contracting parties are waiting for DCAA to issue a follow-up report—even from a “limited scope” audit—they will have a very long wait indeed.  A full year’s wait would be a good guess of the length of time the parties would be awaiting DCAA’s input.Moreover, what is the difference between “substantially” corrected and “fully corrected” or even “partially corrected”?  Unless these terms are clarified for the benefit of the ACO and contractor, as well as DCAA auditors, it is difficult to understand how and when the payment withholds will be withdrawn.  The situation will create uncertainty and risk, and contractors will seek to increase prices in order to protect themselves from such uncertainty and risk.

Additionally, the proposed rule states that payment withholds will be withdrawn when the contractor has “substantially corrected” its deficiencies (proposed policy 234.201 at (7)), when the contractor has “corrected all deficiencies” (proposed direction at 242.70X1(b)(3)), and when the contractor has “corrected all deficiencies” (proposed clause at 252.242-7xxx(e)(2)(ii)).  Which direction does the DAR Council intend that the parties follow?  It is internal contradictions such as these that will impede efficient contracting oversight and administration.

To address these concerns, the DAR Council needs to clarify the process in great detail, including how disagreements between the contractor and DCAA, or DCAA and the DCMA ACO, will be handled in a manner that is fair to the contracting parties.

5.   The proposed rule is premature and DOD is not ready to implement it at this timeThe proposed rule as drafted imposes significant burdens on DCMA ACOs and functional specialists, as well as on DCAA auditors.  They are not ready to implement it.  If implemented now, the results will be an administrative paralysis that will harm the defense industrial base and, ultimately, the warfighters.  All stakeholders agree that both DCMA and DCAA are under-resourced to execute their current oversight missions, let alone the additional burdens imposed by the draft ruleThe Commission on Wartime Contracting in Iraq and Afghanistan (CWC) reported—

Poor alignment of personnel to meet wartime needs has resulted in a spiraling down of business-system oversight in contingency contracting. There have been too few experts to conduct reviews and too few personnel to validate that contractor corrective action was properly implemented.  As a result of personnel shortfalls, DCAA system reviews and follow-ups are not always timely; therefore, the real-time status of contractor business systems cannot always be determined. (Source:  CWC Special Report No. 1, page 6.)

In the same report (page 7) the CWC concluded that “DCAA is under-resourced for comprehensively reviewing all contingency contractors’ business systems on a timely basis.”  If DCAA cannot address the needs of a handful of contingency contractors, how can it possible address the needs of each defense contractor this proposed rule will affect?  The CWC conclusion was confirmed in September 2009, when then-Director April Stephenson testified before the Senate Committee on Homeland Security and Governmental Affairs that—

Based on the audits required under laws and regulations and an estimate of the audits required to meet contracting officials’ demand requests, the field audit offices developed the hours necessary to accomplish the workload, taking into consideration the risk of the various contractors, the skill level of the audit staff and an estimate of the additional hours required to comply with the auditing standards. Based on the hours, we developed Agency-wide priorities. Since our funding provides for only about 65% of the audits that are required to be completed, we based the FY 2010 priorities on the audits of highest risk. [Emphasis added.]

It is not only DCAA that is under-resourced.  The CWC also noted in its Special Report No 1 (page 7) that “The number of [DCMA] personnel assigned to perform CPSR reviews has decreased from 102 in 1994 to 70 in 2002, to 14 in 2009. … This steep decline in personnel, combined with the exponential increase in contracting activity, demonstrates a diminishing level of DCMA critical analysis of contractor purchasing systems.”  It is well and good to require timely analysis (including follow-up analysis) of contractor business systems; but the fact is that DCMA currently (and for the foreseeable future) lacks the ability to do so.

In addition to the lack of resources, there is a real question as to whether the DCAA is prepared to execute its role to evaluate contractor business systems, to determine the risk associated with system deficiencies, and to evaluate whether contractors have implemented appropriate corrective actions. 

In September 2009, GAO issued audit report GAO-09-468 that reported “audit quality problems at DCAA offices nationwide, as demonstrated by serious quality problems in the 69 audits … we reviewed, DCAA’s ineffective audit quality assurance program, and DCAA’s rescission of 80 audit reports in response to our work.”  Almost simultaneously, the DOD Inspector General issued Audit Report No. D-2009-6-009, that provided an independent confirmation of GAO’s 2008 findings that DCAA audit reports prepared in the Western Region lacked professional judgment, contained inadequate documentation or insufficient evidence to support conclusions reached, and/or lacked adequate supervision.  Moreover, GAO also issued audit report GAO-09-921 in September 2009, in which it advised DCMA contracting officers not to rely on DCAA audit procedures to implement contract cost surveillance.  GAO warned DCMA that “The effectiveness of DOD’s cost surveillance process depends, to a large extent, on the adequacy of [ ] DCAA procedures. Our recent work has raised concerns in this regard.”

The proposed rule requires the following—

The auditor or other cognizant functional specialist shall document deficiencies in a report to the ACO. The report shall describe the deficiencies in sufficient detail to allow the contracting officer to understand what the contractor would need to correct to comply with the applicable standard or system requirement, and the potential magnitude of the risk to the Government posed by the deficiency.

The proposed rule ignores the findings of GAO and the DOD Inspector General, and blithely assumes that DCAA is capable of issuing reports adequate to support DCMA contracting officer determinations.  Quite clearly, DCAA is not ready to do so at this time.  At the very least, the DAR Council should wait until GAO and/or the DOD Inspector General report significant audit quality improvement at DCAA, before implementing a system that is so dependent on the quality of DCAA audit reports.

Earlier this month, the House Armed Services Committee’s Panel on Defense Acquisition Reform issued its interim report after 12 months of effort.  Among the Panel’s recommendations was that the DOD should consider “shifting the responsibility for certification of contractor business systems to independent teams within or outside of DCAA” because of “methodological difficulties experienced at multiple DCAA field offices and on multiple DCAA audits” that have “led to audit conclusions that are unsupported by evidence.  (Source:  Interim Report, page 47.)  DOD may or may not choose to accept the Panel’s recommendation in this area, but it should be given the opportunity to consider the recommendation and reach a decision without having the decision forced on the Department by hurried rule-making.

Finally, I understand that DCAA is currently reevaluating its approach to how it conducts its audits and reports findings with respect to contractor business systems.  I applaud the agency’s efforts to address problems caused by its current “pass/fail” approach that has been publicly criticized by many parties, including the CWC.  Many planned contractor business system audits have been deferred pending implementation of the new audit guidance.  This proposed rule, if implemented as written, would significantly affect DCAA audit procedures, as many areas that are currently treated as separate business systems would be aggregated into fewer systems.  (E.g., the accounting system would include labor accounting/timekeeping and indirect/other direct cost accounting, which are currently audited as separate systems.)   My point is that the DAR Council should delay this rule until DCAA has new audit guidance in place sufficient to conduct audits under the new business system adequacy regime.  Implementing the new regime before DCAA is ready to conduct its audits will only exacerbate the issues regarding audit quality and timeliness I have previously noted.

To sum up, neither DCMA nor DCAA is currently ready to implement this proposed rule, and implementing it now, while the oversight agencies are under-resourced, lack the necessary direction, and are still addressing audit quality problems, risks chaos.  The stakes are high—they are the financial stability of the defense industrial base.  Does the DAR Council want to take the risks I’ve outlined above?  Clearly the better course is to delay implementation of the final rule, however drafted, until there is some indication that the oversight agencies are positioned to successfully implement it.

Thank you for the opportunity to comment on the proposed rule.  I sincerely hope that the DAR Council and its support staff consider my comments and either withdraw or significantly rewrite the proposed rule to address the concerns I’ve raised.  In any case, I hope implementation will be timed so that the oversight agencies can effectively comply with the final rule without penalizing defense contractors because they lack adequate resources or direction.

Sincerely,

Nicholas Sanders

Principal Consultant

Apogee Consulting, Inc.

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

< Prev   Next >
 

Newsflash

Effective January 1, 2019, Nick Sanders has been named as Editor of two reference books published by LexisNexis. The first book is Matthew Bender’s Accounting for Government Contracts: The Federal Acquisition Regulation. The second book is Matthew Bender’s Accounting for Government Contracts: The Cost Accounting Standards. Nick replaces Darrell Oyer, who has edited those books for many years.