When you are audited by the Defense Contract Audit Agency, you will likely have to do a walkthrough as part of your support efforts. A walkthrough is a step in the audit process in which the auditor gains an understanding of what s/he is auditing (though paradoxically walkthroughs can take place prior to the official start of the audit).
In our view, a walkthrough is a piece of performance art in which the contractor explains what was submitted to the government and why it is adequate and/or compliant. The value of the walkthrough varies depending on what is being audited. Regardless of the value to either auditor or auditee, walkthroughs are fast becoming a mandatory audit process step; so you may as well get really good at doing them.
Let us help you with that.
A DCAA walkthrough should not be confused with a Sarbanes-Oxley Section 404 walkthrough, which is intended to accomplish AS5 objectives in a cost-effective manner. (Those AS5 objectives include, for example, gaining an understanding of the process flow and related controls.) No. The DCAA walkthrough is a rather unique audit step, and inserted into many audit programs only in the past year or so. The irony is that DCAA stole the original notion from the US Air Force.
In the mid to late 2000's, the US Air Force was criticized by the Government Accountability Office (GAO) for failing to negotiate a final price for Undefinitized Contract Actions (UCAs) within 180 days, as required by statute, In response to the GAO's criticism, in early 2010 the USAF implemented changes to the UCA definitization process. Those changes were intended to speed things up. As we reported, the USAF believed one root cause of the delays was that its personnel simply did not understand what they were looking at (and subsequently negotiating). Accordingly, the USAF acquisition brass directed that "for all sole source contract actions greater than $50 million and any UCA greater than $1 million, contracting officers shall schedule a proposal kick-off meeting." The kick-off meeting was to include all stakeholders, to include the Air Force and contactor, DCAA auditors, DCMA functional specialists and, "at the prime contractor's discretion," major subcontractors.
The kick-off meeting wasn't the sole fix to the perceived problem. The USAF direction also stated: "… after proposal submittal and preliminary review … the contracting officer shall require the contractor to provide a proposal walk-through for the Government to ensure an understanding of the proposal composition, validate or revisit the definitization/award schedule, and establish action items for any obvious data omissions." Thus was created a formal process that included proposal kick-off discussions (to ensure that the stakeholders were aligned on exactly what the contractor team would be proposing), government proposal review upon receipt, and a subsequent walkthrough to ensure that what was being proposed was what had been agreed-upon and to answer any questions the government customers may have had-all with a goal of eliminating wasteful iterations and streamlining the negotiation process, so that UCAs could be definitized more quickly.
A couple of months later, DCAA issued MRD 10-PSP-016, which directed auditors to attend the proposal kick-off meeting and walk-through, so as "to obtain an understanding of the contractor's proposal, including supporting data. The contractor should also identify the contractor personnel responsible for the underlying data and estimates. DCAA will require access to these individuals during the audit process. … During these meetings, the auditor should identify any apparent proposal inadequacies. If data omissions are so significant as to render the proposal inadequate for analysis, the auditor should recommend that the Contracting Officer reject the proposal."
Apparently that worked out so well for DCAA that having a walkthrough became SOP for every proposal it audited. (Note that at roughly the same time, DCAA was reducing the number of contractor priced proposals it would agree to audit.) To aid its auditors in evaluating proposal adequacy, DCAA created a Proposal Adequacy Checklist. We note for the record that the DCAA Checklist seemed to go a bit overboard with respect to helping auditors identify "significant" data omissions that would "render the proposal inadequate for analysis." We published some choice words about it when originally issued. Regardless of our feelings on the matter, the DAR Council thought DCAA was onto something good, and so it took the Proposal Adequacy Checklist and made it a regulatory requirement. And as we subsequently wrote, Checklists of various sorts and types have become the new norm for DCAA these days. (Which is fine if the auditors have sufficient training, experience, and professional judgment to tailor those Checklists to fit the contractor's circumstances. Unfortunately, experience has shown they lack the capability to do so. But perhaps we digress.)
DCAA has taken the original proposal walkthrough and subsequently enshrined it into a number of audit programs. At this point, pretty much anytime the auditors need to "gain an understanding" of what they are auditing (which is pretty much all the time as far as we can tell), the contractor is supposed to create a dog and pony show, call it a "walkthrough," and then perform like trained monkeys for the benefit of its auditors-who will judge whether or not the performance was acceptable.
Consider for a moment the auditor as a critic. We think that metaphor works on a number of levels.
But you want to know about walkthroughs and when to expect them. You should expect to put on a lot of them. Many audit programs now call for walkthroughs to be performed. For example, in the 10100 audit of a contractor's annual proposal to finalize billing rates (aka "Incurred Cost Proposal") Step 14 states, "Coordinate with contractor and obtain a walk-through of the incurred cost proposal to gain an understanding of the basis of the proposal, the related supporting documentation, and the relevant policies/procedures and processes related to significant cost elements." Step 15 of that same audit program directs the auditor(s) to—
Obtain and document an understanding the contractor's incurred cost proposal and its processes for developing the proposal using the framework on WP B-2. Obtain and document an understanding of the underlying processes related to those specific incurred cost areas (e.g., the basis of the costs and from where the numbers/amounts are derived). A major portion of this understanding may be obtained during a walk-through of the contractor's proposal.
(Editorial Note: Normally we would expect the contractor's year-end Trial Balance and General Ledger to be the basis for costs claimed in its proposal, but we suppose it's nice for the auditors to hear that assumption confirmed, year after year after year.)
Importantly, the 10100 walkthrough is supposed to take place prior to the official entrance conference, because it is supposed to aid the auditor(s) in determining whether or not the contractor's proposal is adequate for audit. (Of course, there is an official Checklist to help the auditor(s) make that determination.) In our experience, this can cause confusion because the effort involved in supporting the walkthrough may, in many instances, be similar to (or even more intense than) the effort involved in supporting the audit and responding to auditor RFIs.
There is a similar requirement with respect to audits of contractor proposals to establish Forward Pricing Rates (FPRPs). Okay. It makes some sense that a proposal to establish final billing rates and a proposal to establish Forward Pricing Rates would be treated in a fashion similar to other priced proposals submitted for government review and negotiation. If you have a walkthrough requirement for one subset of proposals, why not require it for the entire universe? We get that, at least to some extent. But walkthroughs are cropping-up in other audits, which we find somewhat surprising. It appears that DCAA is expecting walkthroughs whenever its auditors are testing a contractor's "assertion."
In the MAAR 13 (Purchase Existence and Consumption) audit, Step 4 tells auditors to use a walkthrough to gain an understanding of the contractor's internal controls. There is a similar audit step in the MAAR 6 Floorcheck audit program. In the 19100 audit program to determine the compliance of cost accounting practices disclosed in a contractor's initial CASB Disclosure Statement, there is also a step that implies the contractor will conduct a walkthrough of its Disclosure Statement. There is a similar step in the audit program for evaluating CAS compliance of a revision to its Disclosure Statement. (As we recently wrote, we have a hard time understanding exactly what the contractor will be demonstrating in its Disclosure Statement walkthroughs. The document would very much seem to speak for itself. But perhaps we digress once again.)
The point being: contractors will be performing more and more of these performances called "walkthroughs," so we think we ought to share our experience and suggest some practices that have seemed to work out well for us and our clients.
The most important thing we have to share is that these walkthroughs are, indeed, performances. We like that analogy a lot. Like all good performances, they require a cast of performers and a script. And rehearsals. You need as many rehearsals as necessary to get the performance ready for the audience.
Every performance needs a director (or conductor if the orchestral performance analogy works better for you.) Somebody needs to be responsible and accountable and in charge for assigning roles and making sure the actors know their lines, and that they can deliver those lines crisply and professionally. That director/conductor is the person who points to the actors so that they know their cues (i.e., when to speak and when to listen).
Who is your director going to be? Will it be the DCAA audit liaison? Or perhaps the process owner? Or maybe the Executive in charge of whatever is being audited? Doesn't matter, but you need one leader and no more. Too many chefs in the kitchen leads to confusion. And all the other players need to accept the direction they receive. Some of those players will be stars and others will be minor "spear-carriers," but everybody needs to know their lines and their cues, and then keep their eyes on the director in case things go south during the performance.
Where does the script come from? In those cases where the DCAA (or DFARS) has helpfully mandated use of a Checklist, we think that's a great place to start. You will want to hit all key points in the Checklist, so as to assist the auditors in checking-off the points for which they have gained an understanding. If there is no applicable Checklist, download the audit program and tie the walkthrough script to the audit objectives and key audit steps. If all else fails, consider asking the auditors what they are looking for. Truth is, most of the time they will have no idea what they expect to see; but in other cases they may well have specific questions and/or objectives in mind, and they should be willing to communicate those to you.
PowerPoint skills will be very helpful in preparing an artistically accomplished performance. They say pictures are worth a thousand words; and while that's not necessarily true, it is true that a process flow diagram is worth quite a bit in a walkthrough.
You are going to want to have a sign in sheet and your auditors will want a copy of that. It memorializes who was there and will be useful if, at the audit end, the draft report exhibits errors that stem from a lack of listening (or comprehension) at the time of the walkthrough. In other words, you will want to memorialize not only what was said, but also who heard it.
One of the "better practices" is to actually videotape the walkthrough so that, in the unfortunate event of litigation, you have documentary evidence of who said what to whom. We have had attorneys veto that idea, under the notion that such evidence could also document any (inadvertent) misstatements of fact that the contractor made. We vehemently disagree with that overly conservative viewpoint and urge readers to tell those overly cautious attorneys to stuff it. Which is more likely-that your personnel will make a misstatement of fact after two or three dry runs to shake out the bugs and that nobody will correct that misstatement during the walkthrough, or that DCAA will subsequently claim that you never said what you clearly told the auditors during the walkthrough? We know where we stand on that question.
If you treat the walkthrough like a performance in front of a live audience, if you have a script and have assigned the roles, if your personnel know their roles and know to take their cues from the director, if you have assigned the right director, if you have put in the necessary time and effort to get this right … then you'll do fine. You will ace the walkthrough.
But there is one aspect that has recently come up in walkthroughs that's got a number of folks concerned. It stems from DCAA having to consider FRAUD during their procedures, and not knowing how to do it. The venerable DOD IG Handbook of Fraud Indicators recently was withdrawn, and DCAA has had to adjust its approach. Auditors are being encouraged to "brainstorm" where fraud might be found and to address that possibility in audit procedures. Consequently, it is becoming a recurring requirement to have management made an assertion regarding its (lack of) knowledge of any fraud during the walkthroughs. Moreover, management needs to discuss what anti-fraud and anti-corruption processes it has deployed in the area being audited. This is one area that legitimately terrifies the attorneys, because there may be instances of fraud that are known to some but not to others. For example, there may be a qui tam FCA suit that has just been unsealed or for which a criminal investigation is ongoing. Or an employee may have been terminated for corruption and a contractor disclosure is being prepared at the time of the walkthrough. Point being: the assertion regarding fraud needs to be factually accurate but it is difficult to ensure that the person making the assertion has all the facts. Our advice is to get your legal folks to draft that part of the walkthrough. Make them part of the performance. Give them a starring role! They will feel as if they are truly adding value to the business. It will be a win/win.
Walkthroughs can work for you in the sense that they give you an opportunity to teach the auditors about what they will be auditing. You can get in front of vulnerable areas and can create opportunities to connect with the auditors. These are all good things. The pros, unfortunately, are partially offset by the cons. It takes a lot of work by a number of people, all working together in a cross-functional team, to ace a walkthrough.
But it can be done. And if it leads to a positive audit outcome, then it is clearly worth the effort of doing it right.
We used to write letters to the Director, DCAA every year and publish them on this website. We wrote two before we were advised to cease the practice. Why? Well, because (1) the Director, DCAA, was not going to read our words, and (2) the Director, DCAA, was not going to direct DCAA based on the words of some blogger who never even worked for DCAA. We were told it was an exercise in futility.
