• Increase font size
  • Default font size
  • Decrease font size
Home News Archive A Failure to Implement the Corrective Action Plan

A Failure to Implement the Corrective Action Plan

E-mail Print PDF

In the still relatively new compliance environment established by the DFARS Business Systems Administration clause, it has become clear that the Corrective Action Plan (CAP) is the key to minimizing—or avoiding—payment withholds. According to what was stated at a joint DCAA/DCMA industry briefing, if the contractor submits an adequate CAP at the time of the Contracting Officer Initial Determination of an inadequate business system, then it can immediately reduce the prospective payment withhold from five to two percent—mitigating what would otherwise be a significant cash flow impact! Moreover, even if the CAP is submitted after payment withholds have already been implemented, then the contracting officer “will—not may” immediately reduce the withhold percentage.

So the question naturally arises, what does an “adequate” CAP look like?

Well, according to that same industry briefing—

An adequate CAP must include discrete and measurable actions with realistic due dates and an explanation of how the corrective action plan will be monitored. The Contractor should notify CO [Contracting Officer] when the entity believes that the identified deficiencies have been corrected.  The CO, with input from auditor/functional specialist, will determine whether all corrective actions have been completed, or whether there is a reasonable expectation (based on the evidence presented) to believe that the deficiencies have been corrected.  If so, then the CO will approve the system and release the payment withholds

But woe to the contractor that submits a “smoke and mirrors” CAP, and then fails to achieve its planned milestones on time. That same briefing stated—

The DCMA CO, in consultation with auditor or functional specialist, will monitor the contractor’s progress on the CAP.  If the CO determines that the contractor is not making adequate progress, then the payment withhold will be increased.

It’s not good news when a Contracting Officer tells you that you have an inadequate business system and your cash flow is going to be reduced until you show that you’ve corrected your “significant deficiencies”. But it’s even worse news when you’ve convinced the Contracting Officer that you’ve got a decent CAP, and there’s light at the end of the tunnel—only to then blow it by failing to make progress in achieving the promised milestones. Your cash flow will take another hit. And your credibility (and, we imagine, any sympathy) has just gone right out the window. Good luck convincing the CO that you’ve completed your corrective actions.

So we wonder what the penalty might be for a Government agency that identifies corrective actions in response to an agency Inspector General report … and then fails to execute those corrective actions within the promised schedule. There’s no cash flow to reduce. There’s no way to hold the leaders responsible for their lack of action. It seems as if everybody agrees to forget about the agreed-upon actions and just continue with “business as usual.” The auditors pretend they never issued their report with its findings, and the Government agency pretends it never agreed to implement corrective actions to address those findings. And nobody seems to care a whit.

But what if the Government agency in question is the Defense Contract Audit Agency?

What if the DOD Inspector General conducted an audit, had some findings, and submitted some recommended corrective actions? What if DCAA agreed with those findings and those recommended corrective actions? What if DCAA established due dates for implementing those corrective actions, and then missed them … by more than a year? What then?

Well, then nothing. Apparently, there are no repercussions whatsoever when DCAA misses its agreed-upon corrective action milestones to address DOD IG findings. The DOD Inspector General says nothing. The DCAA Director says nothing. And nobody seems to care a whit.

Oh, wait. We know somebody who cares: the auditors who are awaiting the agreed-upon policy changes care. They care because they are trying to comply with Generally Accepted Government Auditing Standards (GAGAS), and they’re worried that the lack of policy guidance out of Fort Belvoir is going to take them into a GAGAS noncompliance.

We know this is true, because at least one self-identified DCAA auditor brought the matter to our attention. (Note: we have no means to verify that people who send us emails are who they claim to be.) In truth, this issue had been in the back of our mind for a while. It’s not like we weren’t aware of the agreed-upon corrective actions … but we had forgotten how much time had passed without the agreed-upon policy changes.

So now we get to write about it.

You remember the issue right? We discussed it right here.

In that article (link above) we discussed the DOD IG findings contained in audit report D-2011-6-011. The audit report identified inconsistencies in DCAA’s policy regarding “currency” of audit testing. In fact, the audit report identified that DCAA had no such policy—which is why the Inspector General concluded that DCAA’s auditors were “uncertain” when evidentiary data supporting audits of contractor business systems was too old to rely upon. Consequently, DCAA audit reports regarding the adequacy of contractor business systems could "be delayed because of retesting.”

The DOD IG wrote “GAGAS 6.04b requires the auditor to obtain sufficient and appropriate evidence to provide a reasonable basis for the conclusion that is expressed in the report. The evidence provided in the report is more helpful if it is current.” Accordingly, the audit report recommended that DCAA implement policy guidance to ensure DCAA auditors were compliant with GAGAS.

The DOD IG wrote—

We recommend that DCAA Headquarters develop written agency-wide policy and guidance on the need to test current data to support opinions on the contractor’s internal controls and business systems. The policy and guidance should include criteria when the auditor should expand testing and perform additional work.

DCAA concurred with the findings and the recommended corrective action. In fact, it was Director Patrick Fitzgerald who concurred, on behalf of his agency.

The DOD IG audit report stated—

By November 2011, DCAA will issue guidance, which will include the requirement for auditors to (i) perform sufficient testing of data that is relevant to the audit objectives, including the period or point in time covered by the report, (ii) perform testing of data generated by the system throughout the period under audit, and (iii) issue timely audit reports. For audits of contractor business systems, DCAA will perform compliance attestation engagements and report on the contractor’s compliance during a period of time or as of a point in time, consistent with the applicable attestation reporting standards (AT 601.55b) in AICPA’s Statements on Standards for Attestation Engagements. Circumstances where auditors would need to expand testing to obtain sufficient evidence for the conclusions expressed in the report should be limited since the transactions being evaluated in the audit will coincide with the defined period covered by the audit. DCAA agrees with the guidance in GAGAS A8.02g, that the evidence provided in the report is more helpful if it is current and, therefore, timely issuance of the report is an important reporting goal for auditors.

Note that the corrective action was due to have been completed by not later than November, 2011. That was more than one year ago as this article is being written. And so far DCAA has not generated the agreed-upon policy guidance to its auditors.

Why is DCAA blowing its CAP? Well, one self-identified DCAA auditor had this to say about the situation—

One reason and I think it is the [paramount] reason for no MRD is the number of DCAA audit assignments that would either have to be cancelled or have to be reworked. In my office there are over 40 assignments that are from the 2008-2010 time frame that are open and no one has worked on [them] for years. So most of them would have to be cancelled as their relevance has now dissipated. So [multiply] our 40 by another 100 DCAA [FAOs] and you would see [four] thousand audits [that] would need to be cancelled and a couple million taxpayer dollars down the drain.

So there you go. How many audit assignments would get cancelled if DCAA HQ issued the agreed-upon audit guidance? How many audit assignments would be delayed past the applicable statute of limitations? How many audit findings and how many questioned dollars would be thrown out of court when the auditor testified that his or her testing failed to comply with GAGAS, as interpreted by DCAA?

So perhaps that’s why DCAA has chosen to forget about its Corrective Action Plan. And there have been no repercussions. The DOD Inspector General has said nothing. The Director of DCAA has said nothing. And nobody seems to care a whit.

But the auditors remember. And they care.



Effective January 1, 2019, Nick Sanders has been named as Editor of two reference books published by LexisNexis. The first book is Matthew Bender’s Accounting for Government Contracts: The Federal Acquisition Regulation. The second book is Matthew Bender’s Accounting for Government Contracts: The Cost Accounting Standards. Nick replaces Darrell Oyer, who has edited those books for many years.