• Increase font size
  • Default font size
  • Decrease font size
Home News Archive DOD Inspector General Criticizes DCAA (Again)

DOD Inspector General Criticizes DCAA (Again)

E-mail Print PDF

The Department of Defense Inspector General (DOD IG)—which has itself been criticized for “doing less with more” and “drifting away from its core mission of conducting contract audits”—blasted DCAA again in two recent audit reports.

On October 29, 2010, the DOD IG issued two reports that were critical of DOD’s premier audit agency. In the first report (D-2011-6-001), the DOD IG investigated hotline complaints of “harassment” in DCAA’s Western Region. Readers will recognize the Western Region as the original home of the 2008 audit quality issues raised by the GAO, as well as the home of allegations of supervisor and management harassment of an auditor who ended up testifying before Congress. Readers may also remember that DOD IG issued a report that substantiated many of the GAO’s audit quality findings.

So, nearly three years later, what did DOD IG have to say that had not yet been said? What dirty laundry had not been fully aired? In a nutshell, the DOD IG confirmed what everybody already knew: DCAA did harass the auditor. The report said—

We substantiated the allegations that DCAA Western Region management had harassed the complainant by unjustifiably lowering the complainant’s performance ratings, impeding her ability to comply with generally accepted government auditing standards, and creating a highly stressful environment which forced her to take a lower graded position.

The rest of the short (13 page) report simply elaborated on that finding. It noted that a February 2010 DCAA Internal Review team had also substantiated the harassment, but asserted that the Internal Review team did not properly reevaluate the auditor’s performance ratings. In addition, the DOD IG found that “DCAA Western Regional management failed to hold management officials accountable for their misconduct or revise any related procedures.”

Here are the related findings:

  • We substantiated the allegation that Western Region management used the performance appraisal process as a means of harassing the complainant. … The appraisal ratings and promotion potential scores given to the complainant after she transferred to the Western Region were inaccurate, unfair, and lacked credibility.

  • We substantiated the overarching allegation that management impeded the complainant’s ability to comply with Generally Accepted Government Auditing Standards (GAGAS), with one exception related to technical guidance requests. Management did impede compliance with GAGAS by imposing unreasonable time constraints and excessive emphasis on metrics. In doing so, Western Region management hindered the complainant’s ability to perform a quality audit. The Internal Review report cited certain audits where management overemphasized metrics and imposed unreasonable time constraints, while appearing to ignore audit quality. We also agree with Internal Review’s conclusion that the supervisor’s flawed process for requesting budget hour increases could impact GAGAS by impeding the complainant’s ability to perform quality audits.

As we have previously reported, it is likely that justice has already been meted out to at least one person responsible for the issues substantiated by the DOD IG.

So let’s look at the second DOD IG report (D-2011-6-002).

The second DOD IG report is a “quality control review” of the “single audit” performed by the “Big 4” accounting firm, Deloitte & Touche LLP (Deloitte), and the DCAA on The Aerospace Corporation, under the auspices of OMB Circular A-133. The Aerospace Corporation is a not-for-profit Federally Funded Research and Development Center (FFRDC) and, as such, is essentially an adjunct of the U.S. Air Force. As the DOD IG report noted: “The Deloitte & Touche office in Los Angeles, California performed the audit of the financial statements. Deloitte & Touche and the DCAA South Bay Branch Office in Gardena, Califomia performed a coordinated audit of the research and development program cluster.”  (Note that the South Bay Branch Office is a part of DCAA’s Western Region.)

The DOD IG quality control review report was generally complimentary of the work performed by Deloitte. It stated that Deloitte’s audit of the financial statements and the R&D program cluster “generally met auditing standards and Circular A-133 requirements.” The report was far less complimentary of DCAA’s audit efforts. It said—

DCAA did not comply with Circular A-133 reporting requirements. … We also identified deficiencies in the performance of fraud risk assessment procedures, information technology internal control testing and working paper documentation that need to be corrected in future audits.

Oh, but there’s more to be said. And the DOD IG said it. And we quote it for your edification.

  • DCAA did not plan and perform sufficient fraud risk assessment procedures and they failed to properly evaluate a deficiency in internal control with cash management requirements in accordance with auditing standards and Circular A-133 requirements.

  • DCAA did not perform all the planned testing of key information technology internal controls and did not adequately document their working papers to support its conclusions for the compliance requirements tested and the scope of audit procedures performed by the DCAA Field Detachment office.

  • DCAA did not perform sufficient fraud risk assessment procedures during the planning and performance of the audit. As documented in the audit working papers, the evaluation of the fraud indicators was based solely on information in the permanent files and auditor experience with Aerospace. Based on this evaluation, the auditor concluded that there were no indications of potential fraud which would require additional audit procedures.

  • DCAA did not properly evaluate and report a finding in internal control disclosed during the review of the internal control over compliance with the cash management requirements. DCAA relied on the internal control testing performed in the FY 2008 direct billing review for the review of cash management requirements. … The auditor identified and tested four key internal controls intended to prevent noncompliance with this requirement. One of the key controls tested was that billing requests contained the appropriate level of management approval as required under Aerospace policies and procedures. The auditors sampled sixteen billings and found that three billings were not approved by management prior to requesting reimbursement from Federal agencies.

  • DCAA did not complete the testing of key information technology controls as planned and the documentation did not provide a clear understanding of the audit work performed or the procedures relied on. Auditing standards require auditors to obtain an understanding of information technology controls that are relevant to planning the audit and, when there is an expectation that the auditor will rely on those controls, require the auditor to perform tests of the controls to determine their operating effectiveness.

  • DCAA did not adequately document the internal controls tested for the cash management and special tests and provisions requirements, the criteria used for activities allowed or unallowed and allowable costs/cost principles compliance testing, and the coordination of the scope of audit work performed by the DCAA Field Detachment office. In addition, the audit file contained a voluminous amount of work papers, many of which simply duplicated the same information. Although we acknowledge that the auditors believed that they were providing a good audit trail, we found the format and content of the working papers lacked clarity and contributed to instances of inconsistencies between working papers and the lack of required information in other working papers.

  • The DCAA auditors did not adequately document the review of compliance for the activities allowed or unallowed and allowable costs/cost principles requirements. Specifically, the documentation did not identify the specific cost principle criteria used to review costs for allowability; did not provide the basis for the judgment that internal control exceptions noted during floorchecks were not considered significant; and did not document the procedures performed and the results of those procedures to verify the existence of employees not present during the floorchecks. In addition, the auditors did not document that they verified the timecard authorizations within the electronic timekeeping system.

But before we move on, we want to note something amazing from the DOD IG report. It relates to an instance of fraud that was disclosed by The Aerospace Corporation to the DCAA during their audit. As the DOD IG report explained—

DCAA was informed by the Director of Internal Audit of a disclosed fraud involving a full-time employee who worked for another government contractor while employed by Aerospace for a period of several years. There was no indication in the audit documentation that DCAA considered designing and performing procedures in response to this identified risk of labor mischarging as required under auditing standards. We discussed this issue with the audit supervisor and were advised that the auditors determined the identified fraud to be an isolated incident not indicative of a systemic internal control risk and therefore, they did not believe that additional effort was warranted. However, there was no documented evidence to support the DCAA conclusion.

So, apparently, The Aerospace Corporation employed an employee on a full-time basis, who also worked “for another government contractor” on a full-time basis—“for a period of several years”. YES! That’s how to do it—pick up two salaries at the same time! We can see it now ….

EMPLOYEE ARRIVES AT WORK ON TIME AT 8:00 AM. S/he attends meetings, replies to e-mails, and approves reports until lunch time.

EMPLOYEE TO ADMINISTRATIVE ASSISTANT: Jane, I’ve got meetings across the street all afternoon. I’ll see you tomorrow. I’ll have my BlackBerry if anybody needs to reach me right away.

ADMINISTRATIVE ASSISTANT: See you tomorrow morning!

EMPLOYEE ARRIVES AT WORK AT 1:00 PM. S/he attends meetings, replies to e-mails, and approves reports until dinner.

EMPLOYEE TO ADMINSTRATIVE ASSISTANT: Mark, I’ve got meetings in the other building all morning tomorrow. I’ll be in after lunch. I’ve got my BlackBerry if anybody needs to reach me right away.

ADMINISTRATIVE ASSISTANT: See you tomorrow afternoon!

[REPEAT FOR SEVERAL YEARS.]

Seriously, we’ve heard of this before, but we always discounted it as being just another urban myth. We were flabbergasted to see the “myth” confirmed in writing by the DOD Inspector General. Wow, is all we can say.

To wrap this up, let’s note that DCAA Director Pat Fitzgerald has been in his position for a full year now. He has made changes to the management of the Western Region. Clearly, he and his Western Region management have much more work ahead of them, as they struggle to issue high-quality audit reports. Importantly, as Congress and the FAR Councils try to implement tighter controls on contractors’ “business systems,” they need to realize that the level of audit quality necessary to properly evaluate those business systems’ controls simply isn’t there yet—as evidenced by these DOD IG reports.

 

Newsflash

Effective January 1, 2019, Nick Sanders has been named as Editor of two reference books published by LexisNexis. The first book is Matthew Bender’s Accounting for Government Contracts: The Federal Acquisition Regulation. The second book is Matthew Bender’s Accounting for Government Contracts: The Cost Accounting Standards. Nick replaces Darrell Oyer, who has edited those books for many years.