Competition is good, and so is innovation. Having more contractors willing to sell to the Pentagon addresses both of those goods. Having more “non-traditional” contractors willing to sell to the Pentagon is even better. Consequently, most policymakers want to see what can be done to attract those non-traditional companies to the defense industrial base.

DOD leadership has been focusing on innovation in order to “maintain military superiority,” according to this story by The Washington Post. In fact, Mr. Frank Kendall, USD (AT&L) has announced that he is dedicating “Better Buying Power 3.0” to “innovation, technical excellence, and speed,” according to the story. Readers may recall that previous incarnations of BBP focused on reducing DOD bureaucracy and increasing supplier efficiency. Previous BBP initiatives focused on reducing suppliers’ costs, among other things. (It’s not like this blog hasn’t provided detail upon detail of those previous BBP foci. The site’s keyword search feature is your friend.) Today’s BBP is about innovation, because (according to Kendall’s quoted speech) “We cannot assume, as we did in the 1950s and ’70s, that the Department of Defense will be the sole source of key breakthrough technologies.”

So innovation is the current area of focus, and it is believed that innovation can best be found in the non-traditional technology companies. It is felt that the DOD is too bureaucratic, too moribund, to drive disruptive technology breakthroughs. (We’ve written about that before, as well.)

The RAND Corporation tackled the subject via one of its Federally-funded Research and Development Centers (FFRDCs). As part of its analysis, it interviewed representatives from 16 non-traditional suppliers in three industries “where DoD indicated that it wants to seek substantial innovation from nontraditional suppliers.” It also interviewed three DoD staff members who dealt with such companies.

It recently published its results.

It cited four commonly heard complaints with the DOD business environment. Those were—

• a lack of access to and communication from DoD

• an extensive, complex, and inefficient bid and selection process

• administration and management of contracts that created extra work and delays

• a lengthy funding time line and final payments that often also involved delays and gaps.

With respect to management and administration of contracts, the RAND study reported—

Our interviewees noted particular problems with contract management by the Defense Contract Management Agency (DCMA) or the Defense Contract Audit Agency (DCAA). Correcting errors, whether by DoD or the contractor, could be extremely difficult, and critical errors affecting the scope of work or payment could take months or even years to fix if contract management had shifted from the original contracting officer to DCMA. Similarly, final contract payments could reportedly be stalled for years because of large DCAA backlogs.

(Emphasis added.)

To address those perceived barriers, the RAND authors recommended (among other actions), “reducing backlogs at DCMA and DCAA, noting the chances of project cancellation, and adopting best commercial procurement practices or even those used in state and local governments, which tend to be far less cumbersome.”

Sure.

You might want to call those recommendations “innovation in contract management.” Except there’s nothing at all innovative about them. We’ve heard it all before, haven’t we?

Whether it’s Mr. Kendall pleading for tech companies to invest their own funds to create disruptive technologies that can be transferred to the U.S. military, or it’s the RAND folks recommending the adoption of “best commercial practices,” we’ve heard all this before.

Remember “acquisition reform” under President Clinton? Remember the Federal Acquisition Streamlining Act (FASA) and FARA and IMTRA? Remember Kelman’s acquisition revolution? Remember “reinventing government” and “a government that works better and costs less”? Remember all that?

Because we do.

We remember it was driven by a perception that DOD had fallen behind Silicon Valley, that this newfangled Internet thingee was going to revolutionize the way the Federal government did business—if only we could convince the Federal government employees to use it.

Yeah. Mr. Kendall? Sir? Been there; done that.

In fact, the notion of abandoning bureaucratic and moribund Pentagon acquisition practices in favor of “best commercial practices’ has a long, honored pedigree. For example, the Manhattan Project used it in World War II (“Operation Silverplate”). You can go back farther than that, if you’d like to.

Allow us to quote—

Three points stand out prominently … The first is that the established system of doing business in the War and Navy Departments broke down early in the war. The second is that the civilians, expert and inexpert, who attempted to carry on business which properly belonged to the departments, where they succeeded at all in doing better than the departments themselves, did so usually by violation of the law—the very law which, in large measure, prevented the departments from doing as well as the civilians did. The third is that it was found necessary to replace a bureaucratic order with the more elastic and freer methods of private business.

We quote, of course from the Editor’s Preface to Preliminary Economic Studies of the War: Government War Contracts, published by the Carnegie Endowment for International Peace. It was published in 1920. That was very close to one hundred years ago.

It’s actually a very interesting book. It explained the advantages of using Cost-Plus-Incentive-Fee contracts instead of CPFF types. It discussed how the Supply Bureau perpetuated and enhanced competition during wartime. It discussed how contract changes and modifications were handled. And tt shows just how little has changed in the past 95 years of defense acquisition, despite initiative after initiative, study after study, and at least three separate incarnations of Better Buying Power.

We particularly like this quote summarizing the Navy’s approach to cost-control in a cost-reimbursement manufacturing environment: “The accounting organization has been imbued with the idea that a way must always be found to prevent the waste of the government’s money without interfering with the expeditious prosecution of the work.” That was the approach taken in World War I.

Where did the Pentagon fall away from that foundational principle and, instead, let the auditors take control?

How did we reach a point where companies with something to offer the Defense Department would rather not sell to the DOD because they don’t want to deal with audit backlogs and stalled final delivery payments?

We learned lessons in World War I. We learned them again in World War II. We learned them in Korea, in Vietnam, and in the first Gulf War.

Now, apparently, we are learning them again.

PCAOB Auditing Standard 15 addresses audit evidence. What is audit evidence?

Audit evidence is all the information, whether obtained from audit procedures or other sources, that is used by the auditor in arriving at the conclusions on which the auditor's opinion is based. Audit evidence consists of both information that supports and corroborates management's assertions regarding the financial statements or internal control over financial reporting and information that contradicts such assertions.

Audit evidence obtained must be sufficient to support the conclusion(s). Sufficiency is a measure of the quality of the audit evidence. Audit evidence must be appropriate, as measured by the relevance and reliability of the evidence. The reliability of evidence depends on its nature and source, as well as the circumstances under which it is obtained. Evidence obtained by the auditor is more reliable than evidence obtained indirectly. Moreover, “evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles, or documents that have been filmed, digitized, or otherwise converted into electronic form, the reliability of which depends on the controls over the conversion and maintenance of those documents.”

Audit procedures for obtaining evidence generally consist of inspection, observation, and inquiry. The audit evidence may be evaluated via recalculation or reperformance. Reperformance involves the independent execution (by the auditors) of procedures or controls that were originally performed by company personnel.

Auditing Standard 14 discusses the evaluation of audit results. It states—

If the auditor has not obtained sufficient appropriate audit evidence about a relevant assertion or has substantial doubt about a relevant assertion, the auditor should perform procedures to obtain further audit evidence to address the matter. If the auditor is unable to obtain sufficient appropriate audit evidence to have a reasonable basis to conclude about whether the financial statements as a whole are free of material misstatement, AU sec. 508 indicates that the auditor should express a qualified opinion or a disclaimer of opinion.

The DCAA Contract Audit Manual (April 2014), Chapter 2, states—

An examination consists of obtaining sufficient, appropriate evidence to express an opinion on whether the subject matter or assertion is based on or in conformity with the criteria in all material respects. An examination report provides a high level of assurance and the auditor’s conclusion is expressed in the form of an opinion (stated as positive assurance). Therefore, the audit objective is to gather sufficient evidence to restrict attestation risk to a level that is, in the auditor’s professional judgment, appropriately low for the high level of assurance that is imparted by the audit opinion. In such an engagement, the auditor should select a combination of procedures to assess inherent and control risk and restrict detection risk such that attestation risk is restricted to an appropriately low level. In the contract audit environment, evaluations of complete submissions (price proposals, claims, and overhead rate proposals), where the auditor establishes the scope, are performed as ‘examinations.’

That same chapter also states—

The auditor must obtain sufficient evidence to provide a reasonable basis for the conclusion expressed in the report. This requires that sufficient procedures be performed to test the contractor’s assertion to provide reasonable assurance that unallowable costs and other noncompliances with applicable Government laws and regulations are identified. The first step in obtaining sufficient evidence is to perform an adequate risk assessment to identify risk areas for the performance of substantive procedures. Substantive procedures include analytical procedures and detailed testing. The nature and extent of substantive procedures is a matter of auditor judgment based on the risk assessment. However, audit risk would never be low enough to eliminate the need for substantive procedures. Furthermore, inquiry and/or analytical procedures alone are not sufficient to support the high level of assurance provided in examination engagements. Detailed testing must be performed in all examination engagements.

Chapter 3 of the CAM basically recapitulates the PCAOB Auditing Standards we quoted at the beginning of this article. It adds some additional guidance for auditors, including—

… a controller's written statement explaining how costs are allocated to contracts by a computer program is not sufficient by itself, to use as the basis for an opinion on the reliability of the generated costs. This is the poorest quality evidence, since it is testimonial and is generated by the contractor. A written manual, even if prepared by an outside computer programmer, documenting the program's operation also alone is not sufficient. While it is better quality evidence since it was prepared by an independent source, it is still not sufficient alone to satisfy the audit objective; however, it may be used as corroborative evidence with the controller's statement. But even the two together are not sufficient evidence to base an opinion on the costs. Testing of several transactions processed through the program are necessary to assure that costs are being allocated as they should. The testing alone may be sufficient (i.e., relatively better quality evidence since it is directly obtained), but also may require further evidence to develop an opinion. These tests combined with the other two pieces of evidence may be sufficient on which to base an opinion.

In addition, Chapter 3 of the CAM states—

The chain of evidence extends from documents describing individual transactions through the books of original entry to ledger accounts and to the cost representations. The reliability of ledgers and accounts as evidence is dependent on the soundness of the principles and policies upon which the records were developed and on the adequacy of internal controls exercised in the preparation and review of the records. Auditors should constantly be alert for potential manipulation of contractor ledgers and accounts. One example would be the removal of pages containing transactions that management or others do not want the auditor to review from a computer listing. If such a listing includes many transactions, it would be difficult to manually verify the accuracy of the totals at the end of the listing.

There are discussions of physical observations and discussions of perambulations. There is a detailed discussion regarding the contractor’s use of scanned images in lieu of original documents. There’s quite a bit of audit guidance.

But there’s almost nothing regarding checking beyond the contractor’s documentation. There’s almost nothing regarding obtaining cancelled checks and/or bank statements to verify claimed costs can be traced, on a cash basis, to the source of the cash. Similarly, there’s very little to be found regarding having contractors reperform their work under the watchful eyes of the auditors, in order to ensure that the data is not being manipulated.

So why do so many DCAA auditors insist on those types of approaches?

Our experience with supporting recent DCAA 10100 audits (aka “incurred cost proposal” audits) has befuddled us. We run accounting system reports and provide the original output to an auditor, who then tells us that s/he need it provided in an Excel spreadsheet in order to run analytics. We run accounting system reports and provide the output in an Excel spreadsheet to another auditor, who tells us that s/he cannot accept that data because it is not in the original format. We run accounting system reports and provide both the original output and an Excel spreadsheet to the auditor, and then s/he tells us that we need to reperform the report queries under the watchful eyes of yet another auditor, who is supposed to witness the query and make sure nobody is manipulating the data.

Where in the CAM does it say to do all that?

We are at the point where we feel that DCAA should simply move into the contractor’s facility and live with the contractor personnel, just to save the duplication of effort. Just watch everything the employees do and then they’ll only have to do it once.

This notion that transactions have to be traced back to payroll deposits and bank statements is getting silly, in our view. If the auditors have reviewed the accounting system – as they should have – then they should have confidence that the system works. If they lack confidence in the system then they must have done a poor job in reviewing the accounting system in the first place.

It is indisputable that audits take longer – far longer – than they ever have. The most common explanation given for the delays is that the auditors are being more diligent. They are complying with GAGAS. They are doing a better job in terms of audit quality, and quality cannot be rushed. Blah, blah, blah.

We know, because the DOD Inspector General told us, that DCAA audit quality is still lacking. We know, because the DOD Inspector General told us, that DCAA still fails to comply with GAGAS in far too many audits. We know, because the DOD Inspector General told us, that too many audits still lack sufficient evidence to support the conclusions reported.

We know that DCAA still takes far too long to issue its audit reports. And we know that too many of those delayed reports are deficient in the quality department as well.

Why?

Well, perhaps one driver is the need to witness everything the contractor does, to reperform every accounting system query and see the output in as many formats as possible. Perhaps another driver is the need to trace every transaction down as far as it will go. We get that fraud risk has to be addressed, but we believe DCAA has gone too far in that regard … as it has in almost every “audit quality” initiative the audit agency has undertaken since 2008.

Too many DCAA audit reports still fail to meet GAGAS standards. Too many reports fail to deliver value to the customer that asked for them. The audit process takes too long and still fails to deliver a quality product. We suspect one big cause of the problem is a lack of professional judgment in the area of obtaining and evaluating audit evidence.

Maybe somebody should look into that?