The Strategy and Tactics of Cost Allocation Structures, Part 2
Part 1 of this series can be found here. In it we discussed the importance of designing your cost allocation structure to support your business strategy and customer requirements. Hopefully, we convinced you, our readership, that (a) this is an important topic, and (b) you haven’t invested sufficient time or effort into ensuring that you’re adequately addressing point (a).
This is not a topic that your accounting/finance function should be addressing in isolation. It requires input from stakeholders across the enterprise. For instance, your BD/marketeers need to be thinking about the nature of the contracts they’ll be going after in the next two or three (or five) years. Designing and implementing a cost allocation structure is not something you want to mess with every single year; thus, today’s structure needs to support tomorrow’s business environment. And it’s your BD/marketing folks who are in the best position to give you insight into what tomorrow’s business environment is likely to look like.
And don’t forget your IT folks. You may or may not implement your government cost accounting and allocation structure within your accounting system. If you’re running CostPoint or Jamis, then it’s not going to be a big deal either way. But if you’re running SAP/R3—particularly if you’re a big commercial firm that does things its own way—then you may be starting with the internal financials and then “worksheeting away” from the General Ledger to get what you want for your government proposals, billings, and claims. Which is fine. But determine how much you’re going to rely on your IT folks to automate the allocations and the calculations—and then keep their input in mind as you move forward.
Moving forward can be hard—particularly if you’ve already established a cost allocation structure that’s aligned with your organization structure and are seeking to revamp it significantly. The way it’s always been done is still the easiest road to travel on for almost everybody (even if it’s now the wrong road), and so you’re likely to get lots of push-back. Or—and this is even worse—you’re going to get an ominous silence, followed by a bunch of managers with folded arms, determined to wait you out and then go back to their comfort zones. Then there are those people who will start bad-mouthing your efforts, pointing out how much money and resources you’re spending to “reinvent the wheel that wasn’t broken”—and that whisper campaign might even get uglier, with active attempts to sabotage your efforts.
Which is to say: this is an effort that involves change management, as well as subject matter expertise. You can design the greatest structure in creation, but if you don’t get the rest of the company to buy into it, then you’ve failed. And change management is about communication. You need to get everybody involved and you need to get everybody to feel like they have a stake in the outcome.
And HR—you’ve got to make sure HR is actively involved, because you’ll need their assistance in many areas. In some circumstances, you will be messing with the existing org structure, because it will have been decided to keep the org structure and the cost allocation structure in close alignment. In other circumstances, you’ll be looking at different methods of accounting for fringe benefit costs, or labor costs, or SCA H&W costs. HR is going to care (rightfully) about those things. Exclude HR at your own peril.
Assuming you’ve got the right people involved, one of the first questions you’ll want to answer is “how much costs need to be direct?” This is not at all an easy question. Indeed, it’s a very deep question with far-reaching implications. It involves thinking about customer perceptions and the costs of accounting and the kind of culture the entity wants to create for itself.
On one extreme, most everything is a direct cost of one and only one contract. Yes, this can be done. In this type of culture, pretty much everybody is a direct employee with the ability (and need) to discretely charge to contracts. Only the residual labor that cannot be charged to a contract is charged as indirect labor. This is essentially activity-based accounting, with everybody charging based on some cost drivers. Accounts Payable charges direct based on which supplier invoices get paid that day. Accounts Receivable charges direct based on which customer invoices they generated that day, or which customer payments they processed. Et cetera.
In the foregoing scenario, indirect cost rates are kept as low as possible by maximizing the amount of direct costs. It’s great if your customers are rate-sensitive. Your marketeers will love it.
The problem with the foregoing scenario is that you need to be able to estimate those direct costs before you incur them, during the bidding phase. If you have history, you can develop parametric estimating factors; but if not, then it’s a crap-shoot what kind of “taxes” the so-called “non-productive back-office functions” will end up charging the contract.
In this scenario, you also see a lot of very small labor hour charges, which tend to drive the Contracting Officer’s Representative batty. So you end up with a lot of questions that are difficult to answer. Even if there are no customer questions, you’ll notice that you have a lot of folks spending too much time filling out timesheets and trying to drive their labor to contracts, so that they don’t end up on the “poor utilization” reports.
Congratulations—you’ve just created a Darwinian “survival of fittest culture” where those who made friends in project/program management have charge numbers to record their time, whereas those who didn’t, don’t. And now everybody is a bean-counter, worried about how to drive their $100 charge out of overhead.
On the other extreme, very few things are direct and many functions are indirect. For example, Contract Management and Supply Chain Management are indirect functions. Accounting and Finance are indirect functions. Security and HR and general management are indirect functions. Which is great because you only need to estimate the direct charges actually associated with the customer Statement of Work (SOW). Cost estimating is made dramatically easier, and the timecharging issues described above go away to a great extent.
But now you have other problems. For instance, your indirect rates are through the roof while your competitors’ rates are dramatically lower. Regardless of the total cost involved, you suddenly seem a lot more expensive—too expensive, according to your BD folks. Your budgeting folks will spend inordinate time working through the Annual Operating Budget and trying to justify all the indirect expenses, in the face of dire warnings from the marketeers about all the business you’ll be losing. And even if you manage to win the bids that your marketeers said were jeopardized by your too-high rates, your project/program managers will start telling the story about “unknown and uncontrollable indirect rates” that drove up their costs and eroded profit. And don’t forget that, when times are tough, the first thing to go will be all the indirect heads that seemingly don’t drive program execution.
Obviously, the right answer depends on input received from BD/marketing, Operations, project/program management, and HR. Executive management might also be interested in the kind of culture created by the strategic decisions made regarding cost allocation. Indeed, you need to survey all the stakeholders in order to find the answer that’s right for your entity and its particular niche in the marketplace. More likely than not, you’ll end up somewhere in the middle, with certain functions consigned to being entirely indirect, other functions determined to be fully direct, and some functions with the ability to charge direct in limited circumstances.
In our experience, there are always functions that seem to generate questions and in-depth discussion.
-
Finance looks like an indirect function, but what about the Finance folks working EVMS, which is tied to requirements of specific programs (but not others)? What about the Finance folks supporting a PMO on a full-time basis?
-
Contracts can go either way. Which way will it go for your entity?
-
Ditto for Supply Chain Management.
Regardless of your decisions, it will be important to (a) communicate the decisions that are made, and (b) ensure that the decisions are followed consistently. CAS 402 requires that the same cost must be either direct or indirect in similar circumstances—but not both. If you are going to determine that certain Finance functions (e.g., EVMS) are direct-charged, but that others (e.g., Annual Budgeting) are indirect, then you need to clearly spell-out which is which, and keep everybody on the same page. And if you determine that any function is a direct-charging function, then it must always be that way (in similar circumstances) regardless of the impacts to your project/program budgets. You cannot tell direct-charging people to start charging their labor to indirect accounts because the project or program can’t afford them anymore.
Well, you can. But then you’re going to have an investigation to support that will very likely result in a fairly substantial legal bill and a nice-sized legal settlement. We’re going to assume you don’t want that.
Okay. That’s enough for today. In the next article, we’ll explore the question: What price precision?
Designing Cost Allocation Structures—Strategy and Tactics
We see it all the time.
Everybody is worried about the future—especially in these times of budgetary uncertainty.
Commercial companies want to create a government sales channel. Government contractors want to move into commercial sales. Defense contractors want to generate orders with international customers, either through FMS-type orders or through direct sales to foreign governments.
Small businesses want to grow into large businesses. Companies with SBIR Phase 1 contracts want to get their Phase 2 contracts. Companies in the SBA’s 8(a) program worry about what happens after they “graduate” from that safe harbor.
Companies with GSA Schedules want to branch out into contracting directly with the ordering agencies. Companies with firm, fixed-price contracts want to start bidding on cost-reimbursement type contracts. Companies who are not CAS-covered worry about what happens when they get their first CAS-covered contract award.
Everybody wants to move forward and grow. Of course they do! That’s the business they’re in, and they want to be successful. And a successful company, writ large, is what makes the economy successful. Let’s be clear right now that we endorse corporate growth strategies.
But with growth comes risk.
We’ve discussed the phenomenon of commercial companies that dabble in government sales, and how they have an unfortunate tendency to screw-up their risk analyses. We’ve also discussed what happens to small businesses as they attempt to transition from SBIR Phase 1 to SBIR Phase 2. This website is rife with examples of companies—both large and small—that failed to fully appreciate the risks that they faced, and to invest to mitigate those risks.
Let’s agree right now on the foundational precept that, as companies evolve and grow and move into new phases of bidding and program execution, they enter into a new risk profile that their historical success has not prepared them to fully appreciate. Risks change. New risks are introduced. Unprepared companies don’t realize that they’re playing with fire until they get burned—and the burn typically involves audit findings, government investigations, qui tam relator allegations, legal fees, and some type of large dollar legal settlements. Again: this website is rife with examples that support that assertion.
From a compliance perspective, companies are worried about new risks associated with growth. For example, companies winning larger DOD-funded contracts need to worry about the new Business Systems oversight regime. They face significant cash-flow reductions if any of their six “business systems” are found to be inadequate, based on “significant deficiencies” identified during audit. Companies with contracts containing the 52.203-13 clause need to worry about their ethics/business conduct programs, and making “mandatory disclosures” of certain violations. Companies with overseas operations have FCPA risks; and companies need to be concerned about risks associated with human trafficking. The list of risks goes on and on.
And that’s not all.
Companies bidding on cost-reimbursement type contracts want DCAA to tell them that their accounting system is “adequate” (even though it’s the Contracting Officer who makes that determination). Companies looking at upcoming Cost Accounting Standards coverage want somebody to write their Disclosure Statement for them.
And from a marketing/business development perspective, companies want their costs—and, in particular, their indirect rates—to be competitive in the marketplace.
We’re going to focus on indirect rates. Indirect rates don’t just impact your marketing folks’ ability to sell your goods and services; they also impact your ability to obtain a determination that your accounting system is “adequate”. Indirect rates impact your CAS compliance posture and they also play a significant role in what cost accounting practices you disclose in your Disclosure Statement. But that’s not all: improperly allocated indirect costs could be a deemed a significant deficiency in one or more “business systems” and lead to reduced cash flow. Intentionally misallocated indirect costs could be alleged to be violations of the False Claims act, and might have to be disclosed under the requirements of the 52.203-13 clause.
Let’s agree right now that proper indirect cost allocations have a broad impact across multiple aspects of your business. And let’s agree that indirect cost allocations play a significant role in generating (or hopefully mitigating) many of the risks your company is facing. Let’s agree right now that this is a topic worthy of deep discussion—that getting it right is a crucial key to your continued success and business growth.
But let’s also agree that you’ve not devoted enough thought to the topic in the past. If you’re like many (most!) of our clients and employers over the past 30 years, you bitch and moan about your rates, but you haven’t invested the time and money into evaluating them and making them support your business strategy. We remember one client—a defense manufacturer—who hadn’t changed its factory overhead allocation base in more than 40 years, even though its manufacturing processes had changed significantly over that same period. It was still allocating factory overhead on a direct labor dollar base, even though direct labor dollars as a percentage of total manufacturing cost had shrunk to a vanishingly small percentage and was no longer a major cost driver, because of advances in factory automation. The company continued to use the same allocation methods because they had been found to be compliant two generations ago—and why fix the wheel if it ain’t broke? (Never mind the fact that the factory overhead rate was approaching 1,000 %.)
Let’s be honest about the situation. You treat your indirect rates the way most people treat the weather. As Mark Twain is alleged to have said, “A great, great deal has been said about the weather … but very little has ever been done about it.” Respectfully, we think it’s past time for your to take a fresh look at your indirect rates and see if they are aligned with your business strategy and customer needs.
And by “look at your indirect rates,” we mean to say “look at your cost allocation structure.”
Whether you are a small or large business, your cost allocation structure needs to support your business strategy. As your company evolves and grows and moves into new phases of bidding and program execution, your cost allocation structure needs to evolve and grow as well. As you look at new office locations and multi-national operations and foreign sales, your cost allocation structure needs to change. As you look at adding new programs to your portfolio, your cost allocation structure needs to change. As you manage a mix of different contract types, with different reimbursement terms and perhaps different flavors of CAS coverage, your cost allocation structure needs to ensure that each contract receives an equitable share—no more, no less—of your indirect costs. As you support multiple customers with different perceptions of a “fair” indirect cost rate, your cost allocation structure needs to ensure that you are maximizing cost recovery.
The cost allocation structure needs to change because (a) it needs to support your changing cost profile and customer needs, and (b) it needs to remain compliant with applicable regulatory compliance requirements. If you think yesterday’s cost structure will be adequate to support tomorrow’s cost proposals, then we suspect you will be proven wrong.
In this series of articles, we will explore:
-
Direct versus Indirect. How much direct costing can you afford?
-
Cost allocation structures. What price precision?
-
Segmentation and intermediate home office structures.
-
GOCOs, special business units, and special facilities.
-
Special cost allocations permitted by CAS.
-
The wisdom of establishing contract-specific rates for competitive reasons.
-
Any other related topics/questions submitted by you, our readership.
Stay tuned for more.
|
BAM! DOD IG Issues a New Report on DCAA Audit Quality
We interrupt our series of articles on the structuring of indirect cost allocations to let our readers know that the DOD Inspector General has just issued its latest assessment of DCAA audit quality.
The reported results were consistent with historical findings reported by both the DOD IG and the Government Accountability Office (GAO).
In other words, they weren’t very pretty, folks.
The DOD IG used to be the “peer reviewer” that audited the quality of DCAA’s audits, so as to comply with the requirements of GAGAS (Generally Accepted Government Auditing Standards). According to the IG, GAGAS requires that “organizations performing audits or attestation engagements in compliance with GAGAS [must] have an external peer review at least once every 3 years. Based on the criteria, DCAA should have obtained a peer review on its work performed in [Government] FY 2009.” But DCAA didn’t do so. In fact, the last peer review opinion (covering audits performed in FY 2006) was withdrawn in August, 2009, because of the IG’s “significant findings … coupled with the results of the July 2009 Government Accountability Office (GAO) draft report, ‘DCAA Audits: Widespread Problems with Audit Quality Require Significant Reform’ (GAO-09-468).”
Many observers, including those here at Apogee Consulting, Inc., identify the withdrawal of the external quality opinion in August 2009 as the point in time where the organization that is DCAA went insane. In its subsequent attempts to comply with GAGAS and avoid criticism on the quality of its audit reports, the DCAA audit approach underwent a Kafkaesque metamorphosis into a bizarre and largely incomprehensible monstrosity, from which it has yet to recover.
The DOD IG explained DCAA’s reaction this way—
Prior GAO and DOD Inspector General (IG) reviews of DCAA reports identified significant deficiencies in audit work, including poor supervision, inadequate documentation, inappropriate changes to report opinions, and lack of sufficient testing to support report opinions. To address audit quality issues, DCAA implemented various corrective actions such as revised supervisory training; a required computer - based training course on working paper documentation; required training on GAGAS; revamped audit programs; and issuance of revised guidance on variable and attribute sampling with relevant training modules.
What the DOD IG did not state was that DCAA’s “corrective actions” included issuance of (let us say) questionable audit guidance and creation of multiple management review layers. (For an example of our thoughts on the new layers of audit review, see our article here.) The end result of DCAA’s corrective actions was an environment that, by any measure, was dramatically less productive. Audits took significantly more hours to conduct and took significantly longer to issue. That’s not an opinion: that’s an objective assessment based on DCAA’s own reported statistics.
Another one of the changes DCAA undertook was to exclude the DOD Inspector General from further peer reviews. In fact (as the DOD IG reported)—
In FY 2012, with the assistance of the Council of Inspectors General on Integrity and Efficiency (CIGIE) Audit Committee, DCAA started the process of obtaining an outside firm to perform its next peer review. DCAA stated that the peer review is to be performed in FY 2013 and cover [audit] reports issued in FY 2012.
DCAA’s attempt to find a more sympathetic external quality control auditor didn’t stop the DOD IG from performing further reviews on DCAA audit quality; it simply stopped those reviews from having any effect on the officially “expired” peer review assessment. In other words, the IG has declared that it cannot be shut out and that this latest report will not be its last on the topic of DCAA audit quality.
Before we get into the meat of the report, let’s note for the record (as the IG did) that though it reviewed audit reports issued in GFY 2010, most of the field work had been performed in GFY 2009—i.e., before DCAA had implemented many of its “corrective actions” that were ostensibly intended to address the audit quality issues identified by the DOD IG and GAO. Accordingly, the DOD IG report gives DCAA an out. The audit agency can (and did) claim that when the outside firm performs the external peer review in GFY 2013 (covering audit reports issued in GFY 2012), those corrective actions will have been digested and all will be well, quality-wise.
(Pause for skeptical throat-clearing.)
So here’s what the DOD IG auditors found, with respect to the 50 GFY 2010 DCAA audit reports they reviewed:
In 37 of the 50 assignments (74 percent) reviewed, the audit staff did not exercise professional judgment as evidenced by deficiencies identified in multiple standards areas. The 37 assignments had a high number of deficiencies, ranging from 6 to 9 deficiencies out of 9 standards areas excluding professional judgment. … The abundance of noncompliances with standards identified in the 37 assignments evidences the need for improvements in the area of competence at DCAA.
[Emphasis added.]
Some of the GAGAS noncompliances were tied to the use of inexperienced auditors coupled with inadequate supervision. The DOD IG wrote—
In 3 of the 50 assignments reviewed, auditors with limited experience or training were assigned to complex engagements. In two assignments, the auditors either did not possess the knowledge and skills required or did not receive appropriate supervision reflective of their limited experience to adequately perform the assignment. In the other assignment increased supervisor and audit manager involvement made up for the lack of experience and training of the audit staff. GAGAS 3.33 discusses the interrelationship between professional judgment and competence because auditors’ judgments are dependent upon the auditors’ competence. GAGAS 3.36 further links the determination of whether professional judgment was demonstrated in an engagement to the appropriateness of the consideration of the collective experience, training, knowledge, skills, abilities, and overall understanding required by the audit team and its members to properly perform the engagement. Without the appropriate mix, the audit team will not be able to properly assess the risks that the subject matter under audit may contain a significant inaccuracy or could be misinterpreted. Therefore, DCAA used inexperienced auditors under limited supervision, which contributed directly to the audit teams not demonstrating professional judgment. DCAA[‘s] use of inexperienced auditors and the associated lack of professional judgment also led to the noncompliances identified in the assignment with key standards such as planning, evidence, documentation, and reporting.
[Emphasis added.]
And despite the efforts of DCAA to keep the DOD IG from commenting on its audit quality control system (as described above), the DOD IG commented on the DCAA audit quality control system. It wrote—
In 46 of the 50 assignments reviewed, the DCAA quality control system was ineffective in ensuring that its attestation engagement and performance audit assignments complied with applicable professional standards. … The need for improvement in the DCAA quality control system was evidenced by the deficiencies identified in multiple standards areas; in engagements performed in all regions and Field Detachment; and in all engagement types reviewed.
DOD IG also reported that DCAA’s implementation of multiple quality reviews prior to issuance of reports did not significantly improve the quality of those audit reports. The DOD IG wrote—
The DCAA regional and Field Detachment quality control procedures were generally ineffective in ensuring that attestation engagements and performance audits complied with GAGAS and DCAA policies and procedures. The quality control procedures including regional and Field Detachment management pre-issuance reviews varied among regions and Field Detachment. The regional and Field Detachment pre-issuance reviews did not identify significant noncompliances with GAGAS and resulted in the regional or Field Detachment audit managers approving reports that should not have been issued. In addition, the regions and Field Detachment management did not have adequate procedures in place to ensure that audit offices complied with regional and Field Detachment quality control procedures for which the audit offices were assigned responsibility.
[Emphasis added.]
We could go on and on, just like the DOD IG audit report did, listing example after example of poor audit planning, poor communication, poor documentation, lack of professional competence, lack of adequate supervision, insufficient evidence, delayed reports, and other GAGAS violations. But why bother? The report is, unfortunately for DCAA, damning.
Just as the prior DOD IG and GAO reports on DCAA audit quality have been damning.
We’re not particularly surprised by the findings in the DOD IG report; nor do we suspect our readership is particularly surprised by them. We’ve asserted for some time that the DCAA initiatives intended to increase audit quality have not worked out as planned. As this report demonstrates, DCAA audit quality is still lacking.
In other words, DCAA has implemented its revised procedures and multiple reviews and, as a result, has dramatically delayed its audit report production for no good reason. They still suck.
So we think DCAA may as well just throw the audit reports over the transom to the customer just as quickly as it can. The quality will still be as poor; but at least the reports will be more timely.
But we can hear the chorus of cries from Fort Belvoir from here—“just wait until the next review!” Yes, things will be so much better then. Higher quality audit reports issued faster.
Sure.
We’ll be very happy to report on the assessed quality of DCAA audit reports when that next external peer review report is issued. If things have improved significantly, we’ll be first in line to say so.
In the meantime, we’re not so happy to be reporting on this assessment. Nor, do we think, should current and former DCAA auditors be happy to read about the quality of their agency’s audit reports, as assessed and documented by the DOD Inspector General.
UPDATE: CH2M Hill Hanford Settles Timecard Fraud Allegations
We have friends who work at CH2M Hill; truly, we do. And we sincerely have tremendous respect for the company, which has grown itself into a juggernaut of an entity providing top-notch environmental services, design and design/build services, and architect/engineering services since its founding some 65 years ago. And we were pleased to see that it was recently named as “one of the world’s most ethical companies” by Ethisphere, and that it was also recently named as “one of the world’s most admired companies” by Fortune magazine. We’re not surprised. The company is that good.
And yet …
And yet we told you about the company’s timekeeping problems back in October, when we discussed its long-running allegations of timekeeping fraud (and resulting false claims) at its Hanford DOE project site, and wrote—
Certainly, CH2M Hill must have learned by now that its operations, which generally take place in remote locations far from its Corporate Headquarters in Denver, Colorado, are subject to risks that a reasonable person might think would be worth some largish internal control and awareness training investments, in order to mitigate.
We wonder how company leadership feels about investing in internal controls and employee training now, after they just settled with the DOJ for $18.5 million.
As the story at The Tri-City Herald (link above) reports—
CH2M Hill has agreed to pay $18.5 million to settle civil and criminal allegations of defrauding taxpayers through widespread timecard fraud at the Hanford nuclear reservation. It's the largest-ever penalty for a Hanford contractor and possibly the largest settlement ever negotiated by the U.S. Attorney's Office for the Eastern District of Washington, said U.S. Attorney Michael Ormsby on Wednesday.
[Emphasis added.}
In addition to the $18.5 million payment, the story reported that—
CH2M Hill also will pay $500,000 toward a timekeeping system to better monitor timecards for workers on its current Hanford contract. … It will hire a corporate monitor at a cost of up to $80,000 to develop policies, procedures and employee training, the settlement agreement said. In addition, CH2M Hill will continue to cooperate in the Department of Justice's ongoing fraud investigation.
So really, it was a $19 million settlement, right?
And as part of the settlement, CH2M Hill agreed to do what it should have done years ago, when it took over site management—i.e., to implement an effective timekeeping system and to develop policies, procedures, and employee awareness training, in order to reduce the risk associated with the systemic timekeeping fraud that was alleged to have occurred.
Let’s be clear on the math here. For a roughly $600,000 investment, CH2M Hill could have avoided a $18.5 million settlement and God-only-knows-how-much in unallowable legal expenses. By our calculations (excluding the legal fees) that’s a Return on Investment of nearly 3,000 percent. When we put it that way, you’ve got to wonder ….
Over at LinkedIn, we got involved in a discussion about how much a company should expect to spend on its compliance program as a percentage of sales. We resisted using percentage of sales as the metric, because we thought that the risks of noncompliance were not wholly sales driven. (I.e., we didn’t think that risks scaled with revenue growth). But the example of CH2M Hill’s recent settlement shows how a penny-pinching approach to compliance programs, focusing solely on the costs involved in detecting/preventing noncompliance without also considering the risks and the costs associated with the noncompliance (should it occur) is also the wrong approach.
Remember, establishing strong internal controls and strong policies/procedures and strong employee training programs and strong compliance programs to detect/prevent wrongdoing are investments.
They are investments in litigation avoidance.
That’s the proper way to look at these things, in our (perhaps biased) view.
As CH2M Hill learned too late.
CH2M Hill is a good company—some would even assert it’s a great company. We’re sure they’ll figure this one out. After all, they have 19 million reasons to have learned their lesson.
|
