• Increase font size
  • Default font size
  • Decrease font size
Home News Archive Business System Stuff

Business System Stuff

E-mail Print PDF

It seems that everybody is talking about business system audits/reviews these days. (For the record, DCAA performs audits and DCMA performs reviews.) Now that DCAA has “caught up” with its backlog of audits of proposed final billing rates, it has reportedly turned its attention back to the more traditional audit areas: Cost Accounting Standards, defective pricing, and business systems. Thus, many people will tell you that your risk in those areas has increased.

But it hasn’t. Not really.

DCAA has always performed some level of CAS, defective pricing, and business system reviews. And DCMA has never stopped performing those reviews. So your company’s risk has always been there, though of course DCAA’s recent strategic changes increase the likelihood that your company will be the recipient of one of those reviews.

What is DCAA doing differently?

Two main things: (1) creation of Headquarters “Truth in Negotiations” audit teams that do nothing but defective pricing audits, and (2) creation of Regional Business System teams that do nothing but audits of Accounting, MMAS, and Estimating Systems.

It’s too early to see the results of those changes but, anecdotally, we know that audits are on the increase. Further, as DCAA does not track its business systems audits separately from its other audits, the official statistics don’t tell the whole story. But we do have statistics on defective pricing and CAS audits:




As the charts above illustrate, it won’t take much of an increase to (say) double or even triple the number of reports that DCAA will be issuing.

Back to Business Systems. While there are not statistics we can find regarding the number of audits/reviews performed, we did find some statistics about system status. What we came across was dated 01 November 2019 – about six weeks ago as this is being written.

As of that date:

  • There were 30 Accounting Systems that had been officially found to be inadequate out of 3,751 evaluated

  • There were 3 MMAS that had been officially found to be inadequate out of 313 evaluated

  • There were 38 Estimating Systems that had been found to be inadequate out of 709 evaluated

Looking just at those three Business Systems (which are the ones that DCAA takes the lead in auditing) we can see that the Estimating System audits are the riskiest. Obviously, the Accounting System audits are the most important; but you are more likely to suffer an Estimating System disapproval. The statistics indicate that you have less than a one percent chance of having your Accounting System found to be inadequate but you have a greater than five percent change of having your Estimating System found to be inadequate. All other things being equal, of course.

A similar analysis on the DCMA-led Business Systems indicates that Purchasing is the riskiest. Forty-six Purchasing Systems have been found to be inadequate out of 876 reviewed; meaning that you have about a five percent chance of having your system found to be inadequate when DCMA performs a review. Both EVMS and Property Systems have a less than one percent inadequate-to-evaluated ratio.

That doesn’t mean you can relax and focus only on your Estimating and Purchasing Systems; but it does tend to indicate that those systems fail reviews at a much higher rate than the others.

What should you be doing about the situation?

We recently spoke at a compliance conference and offered this advice

  1. Review your contracts and identify which contracts have which business system DFARS clauses

  2. If you have any contracts with both an individual business system clause AND the DFARS general Business System clause (525.242-7005) then your company is subject to payment withholds when a business system is found to be inadequate.

  3. For each business system you are required to maintain in an acceptable manner (as defined by the individual business system clause), you need to develop a compliance strategy. The compliance strategy should include:

    1. Clear delineation of roles and responsibilities. Who is the individual who is responsible and accountable for the adequacy of the business system?

    2. Ensuring that a system description exists and that is it current and complete

    3. Ensuring that system policies, procedures, and instructions are well-documented

    4. Development of a self-governance approach, including transaction testing to provide assurance that employees are complying with expectations

  4. Many companies perform mock audits in preparation for an official government audit/review. For companies that lack resources, an outside firm is often hired.

The above steps can be performed by companies of any size. The same approach can be taken with respect to CAS and defective pricing audits—i.e., first identify the contracts that have the clauses and then figure out how you will comply with the clauses’ requirements.

This approach won’t guarantee that you will pass a government audit/review, but it will increase your chances of doing so.



Effective January 1, 2019, Nick Sanders has been named as Editor of two reference books published by LexisNexis. The first book is Matthew Bender’s Accounting for Government Contracts: The Federal Acquisition Regulation. The second book is Matthew Bender’s Accounting for Government Contracts: The Cost Accounting Standards. Nick replaces Darrell Oyer, who has edited those books for many years.