DCAA Finds New Ways to Reduce its Audit Backlog

Thursday, 21 November 2013 00:00 Nick Sanders
Print

DCAA_Innovates
In September, 2012, the Defense Contract Audit Agency (DCAA) announced a fundamental change to its approach to auditing contractors’ proposals to establish final billing rates (also known as “incurred cost submissions”). We discussed the new, “risk-based,” approach in some detail.

A fundamental aspect of the new approach was the bucketing of contractors’’ proposals into either “low risk” or “high risk” categories. In order to be classified as a “low risk” proposal, several criteria must have been met. For example, DCAA must have performed at least one full-scope incurred cost audit on the contractor in the past. The contractor must have no inadequate business systems with deficiencies that might have a “significant impact” on the contractor’s ability to calculate an adequate proposal. And—perhaps most importantly—the previous DCAA audit must not have questioned a significant amount of claimed costs.

The September, 2012, DCAA audit guidance included a table that defined “significant exception dollars” in terms of strata based on the contractor’s proposed “auditable dollar value” (ADV). For example, if the contractor’s proposed ADV was between $15 and $50 Million, total questioned costs needed to have been less than $55,000. Anything more and the contractor’s current final billing rate proposal could not be classified as being “low risk”. For a proposal with an ADV between $50 to $250 Million, total questioned costs needed to have been less than $100,000. (Proposals with an ADV greater than $250 Million could never be classified as being low risk.)

The beauty of falling into the “low risk” bucket is that it greatly decreased your chance of DCAA actually performing an audit of your claimed costs. Again, the probability associated with a contractor’s proposal being audited was based on ADV strata. For example, if you were found to be low-risk, and your proposed ADV was between $50 and $100 Million, then there was only a 10% chance your proposal would be audited. Conversely, there was a 90% chance your proposal would never be audited and you would be able to finalize billing rates that were equal to your proposed final billing rates. DCAA would simply send a Memo to the cognizant ACO, and that would end the audit agency’s involvement in the process.

We know several, smaller, contractors who’ve already experienced that happy result. They’ve finalized rates and never had to go through an audit. Lucky them.

The reason for the change in audit approach, as our readers know all too well, is that DCAA wasn’t getting its job done. The backlog of unaudited contractor final billing rate proposals was growing and growing and growing, and so was the backlog of physically completed contracts awaiting closeout. DCAA’s implementation of audit milestone tracking and “streamlined” report reviews have not noticeably reduced the time it takes the agency to perform an ICS audit, which (at last report) was roughly four years per contractor proposal. Instead of reducing audit backlog through implementation of efficiency initiatives, DCAA reported that its backlog of ICS proposals actually increased over the past Government Fiscal Year.

While DCAA has kept to its key talking point that all will be well by the end of GFY 2016, the agency’s Director has also quietly admitted that DCAA ““has frozen hiring and will lose about 5 percent of its workforce, or 250 employees, this year.” That situation is not going to help DCAA catch up any time soon.

DOD’s answer to the intractable problem of the growing backlog of final billing rate proposals to be audited? Stop auditing so many submissions.

The not-so-hidden flaw in this cunning plan, as we told our readers in our original article discussing the new approach (first link above), was that the number of “low risk” submissions that met the criteria was going to be much lower than DOD leadership thought. We wrote—

… we think the number of contractor final indirect billing rate proposals that will actually be classified as ‘low risk’ is likely to be relatively low. The criteria DCAA has established for assessing a submission as ‘low risk’ are actually going to be tough for many companies to meet. For example, former DCAA Director Stephenson once testified that as many as two-thirds of contractor business systems were inadequate. If that testimony was accurate, then none of those contractors will have their final billing rate proposals assessed as being ‘low risk’ by DCAA. Thus, we expect that many contractors will see their submissions targeted for audit, regardless of the size of their ADV.

And we were right about that, as Government Accountability Office (GAO) reported. We discussed that GAO report right here. Among our discussion points, we noted that GAO had found that DCAA’s initial assessment of contractor proposals had resulted in more than half the submissions being classified as high-risk, meaning that a full scope audit would be required. In contrast to reality, DCAA’s initial planning has assumed that only about 20 percent of submissions would be found to be high risk. And this was in relation to contractor proposals with ADVs of less than $15 million.

What went wrong? GAO reported that the problem was that too many of the contractors submitting final billing rate proposals had no incurred cost history—and thus (pursuant to its own risk criteria), DCAA could not find those proposals to be low-risk.

Not to be stopped by this unfortunate reality, DCAA has recently revamped its risk criteria so that more contractor proposals can be passed with minimal or no audit testing being performed. In the words of the new DCAA audit guidance

Policy performed an analysis of audits completed in FY 2013 to determine if our incurred cost sampling process is working in the most efficient manner to apply our limited audit resources to the audit areas with the highest risk. … Based on this analysis, we found that there was room for improvement. Therefore, adjustments were made to the questioned cost thresholds and the sampling percentages.

In addition, feedback from the field indicated that the current risk determination criteria requires revision to better allow auditors to use their professional judgment when determining if an adequate incurred cost proposal is high risk or low risk. Therefore, the risk determination criteria was modified, and the tools were updated to make it less of a checklist and more of a tool to assist the auditor in documenting the judgments they made in arriving at their final determination of high or low risk.

First, let us write (again) that we are in favor of more auditor professional judgment and discretion, and anything that introduces flexibility into the system is just fine by us. (Assuming of course that the auditors have appropriate experience and training so as to properly apply that professional judgment.)

Second, we don’t really care about the new criteria. We don’t really care that the “exception dollar” thresholds were raised so that more proposals can be found to be “low-risk”. That’s nice for DCAA. We don’t expect that very many contractors will be affected by the changes.

Third, it appears that DCAA may have backed off from the requirement that a previous full-scope ICS audit was required to be conducted before a contractor’s proposal could be determined to be “low-risk”. We may be reading between the lines a little bit, but we noticed that the revised audit guidance discusses “previous experience” with the contractor and does not expressly call out a full-scope ICS audit requirement. For example, the guidance says (for proposals with ADVs between $5 Million and $250 Million)—

For all proposals with $5 million - $250 million in ADV, consider the following significant risk criteria:
  • Known significant fraud referral (Form 2000) applicable to the proposal fiscal year or the period in which the proposal was prepared
  • Pre-award accounting system performed that resulted in an opinion of ‘unacceptable,’ or there are reported business system deficiencies relevant to the incurred cost year under audit
  • No previous experience with the contractor such as voucher processing, forward pricing proposal, pre-award accounting system, etc.
  • Specific relevant risk with the contractor that has material impact to the incurred cost proposal being assessed (i.e., significant CO/Auditor identified risk)

So it seems to us that DCAA has found a way to remove the key impediment to “risking-away” its backlog of contractor proposals to establish final billing rates. Instead of requiring a previous ICS audit, it now requires “previous experience” and has empowered the auditors to use their professional judgment to find that experience is relevant to the risk assessment.

If true, we expect that DCAA will be able to report good news to Congress in its next report. It will have significantly reduced its backlog of roughly 26,000 contractor final billing rate proposals awaiting audit. It will have accomplished this feat not be streamlining its procedures or redefining “GAGAS-compliant” audits. Instead, it will have reduced its backlog by finding innovative ways to classify proposals as being “low-risk” and, thus, avoiding the need to audit them.

< Prev   Next >