Transcript None - NCMA

DCAA’s New Direction
March 10, 2010
Presentation By:
James W. Thomas
PricewaterhouseCoopers LLP
PricewaterhouseCoopers
PwC
Topics for Discussion
• DCAA Audit Issues
• GAO September 2009 Report
• DoD Policy Update
• DFARS Proposed Rule on Contractor Systems
• Cost Disputes
• Future State of Compliance Controls
PricewaterhouseCoopers
Slide 2
DCAA Audit Issues
• Audit Quality
-
GAO investigation
-
DoD IG Peer Review Expiration
-
GAGAS exception effective August 27, 2009
-
GAO audit report – September 23, 2009
-
Change in DCAA leadership
• DCAA Guidance and Direction
-
Independence issues
-
Pressure on contractor system assessments
-
Expectations on contractor responsiveness
-
Access to records and people
• “Disclosure” audits
• DCAA / DCMA authority issues
PricewaterhouseCoopers
Slide 3
GAO Findings on DCAA Audit Quality
• DCAA’s management established policies, procedures and
training that emphasized a large quantity of audits over audit
quality
• Quality problems at DCAA offices nationwide, including:
- Compromise of auditor independence
- Insufficient audit testing
- Inadequate planning and supervision
- Lack of fraud risk detection procedures
- Inadequate auditor understanding of controls
- Reporting problems
PricewaterhouseCoopers
Slide 4
Legislative and Other Actions Recommended by GAO
• Leadership and Stability
-
Senate confirmation of a presidentially appointed DCAA Director
-
Mandate permitting DCAA Director to hold a renewable term appointment
between 5 to 7 years
-
Conflict of interest provisions for DCAA Director and other key personnel
• Access to Independent Legal Counsel
-
DCAA Director not always apprised of legal decisions by DoD Counsel that
impact DCAA operations
• Increased Authority and Independence
-
Provide same level of access to records and personnel available to IG
• Reporting and oversight of audit results
-
DCAA currently has no external reporting requirement
-
Legislation could expressly allow DCAA to provide audit results to other
agencies, which would improve its visibility and effectiveness
PricewaterhouseCoopers
Slide 5
Commission on Wartime Contracting
Report on Contractor Business Systems- September 21, 2009
PricewaterhouseCoopers
Slide 6
Resolving Contract Audit Disputes
•
New DoD policy issued on December 4, 2009 applies when, in setting a
pre-negotiation objective, there is a significant disagreement between
DCMA and DCAA
•
Policy threshold - when the contracting officer plans to sustain less than
75% of the total recommended questioned costs by DCAA for proposals
valued at $10M or more
•
When significant disagreements occur:
-
The CO shall discuss and document the disagreement prior to
negotiations
-
If unresolved, DCAA’s management may request DoD Component’s
management review
-
If unresolved, DCAA Director may contact Shay Assad, Director of
Defense Procurement & Acquisition Policy
-
Final stage of disagreement may be elevated to Under Secretaries for
Defense, Acquisition, Technology, Logistics, and Comptroller
PricewaterhouseCoopers
Slide 7
DoD Panel on Contracting Integrity
2010 Areas for Review and Development
•
Prime contract surveillance and pricing of subcontracts
•
DoD policy regarding the definition of adequate price competition
•
Training to related to the current structure of contracting integrity
•
Use of level-of-effort contracts, including firm fixed-price and cost-plus
awards
•
Use of senior mentors/advisors/highly qualified experts and potential
conflicts of interest
•
Requirements placed on DCAA for reports and reviews to determine if all
are necessary or can be performed by others
•
Contracting peer review process
•
DoD policy covering contractor business systems to include reviews,
approvals and surveillance
PricewaterhouseCoopers
Slide 8
Proposed DFARS Rule
Effectiveness of Contractor Systems
(Jan 15, 2010 DFARS Parts 215, 234, 242, 244, and 252)
• Allows administrative contracting officer to withhold a
percentage of payment when contractor’s business system
contains deficiencies
• Business system includes accounting system, estimating
system, earned value management system, material
management and accounting system, property management
system, purchasing system
• If the ACO determines that there are one or more system
deficiencies that are highly likely to lead to improper contract
payments, or represent an unacceptable loss to the
Government, then 100% of payments will be withheld until
deficiencies are corrected
PricewaterhouseCoopers
Slide 9
Cost Allowability Cases
Tecom (U.S. Court of Appeals, 5/19/09, 53 CCF ¶79,109)
• A lower court decision granting summary judgment in favor of
Tecom, holding that defense costs and settlement payments
associated with a sexual harassment suit are allowable in
accordance with FAR 31.205-47, was reversed
• U.S. Court of Appeals held that defense and settlement costs
are allowable only if the contractor can show the lawsuit had
very little likelihood of success
• Requirement for the allowability of cost is that it must comply
with the terms of the contract (FAR 31.201-2). An adverse
judgment in a title VII suit would not be allowable under the
contract, which specifically prohibited discrimination on the
basis of sex
PricewaterhouseCoopers
Slide 10
Cost Allowability Cases
Bearing Point (ASBCA 55354 and 55555, 10/16/09, 09-2 BCA ¶34289)
• An appeal of disallowed labor and transportation costs was
sustained when the contractor met its burden of proof on allocability:
- Allowable Cost and Payment clause did not require the
contractor to substantiate labor costs with time sheets
- Audits and Records clause did not prescribe the form
records or other evidence must take
- Documentation for Payment clause did not describe the
requisite level of detail for the contractor’s books and records
- Contract payment and audit clauses were consistent with
FAR 31.201-2(d), which refers broadly to a contractor’s
responsibility to maintain documentation for claimed costs
• An appeal of disallowed compensation related costs was denied
when the government met its burden of proof on allowability by
citing specific contract limitations
PricewaterhouseCoopers
Slide 11
Cost Allowability Cases
• Teknowledge Corporation (U.S. Court of Federal Claims No. 06-310C, 01/07/09)
-
Amortization of contractor’s software development costs were disallowed as
not allocable to government contracts
-
Contractor relied on GAAP (FAS 86), whereby software development costs are
amortized based on current and future revenue
-
Government relied on FAR 31.201-4, which requires that costs “benefit” the
Government
• Fiber Materials, Inc
(ABSCA No. 53616, 4/17/07).
-
Legal defense costs in a criminal proceeding were unallocable and therefore
unallowable. The legal costs were found to be too remote to satisfy the FAR
benefit test (non-CAS contract)
-
Sales commissions were allocable and allowable as indirect costs because the
contractor treated sales commissions as indirect costs (G&A) consistently
-
Patent amortization costs were expressly unallowable when not required by the
contract
-
Penalties – government bears the burden of proving expressly unallowable
costs, “sufficiently colorable” claims are not expressly unallowable and penalties
must be waived if the claimed expressly unallowable costs are $10k or less
PricewaterhouseCoopers
Slide 12
Future State of Compliance Controls
• Control systems are critical
• Record integrity and retention (electronically stored
information)
• Long-standing cost accounting practices may be
questioned by DCAA without a change in
circumstances
• Continuing disputes over DCMA vs. DCAA authority
• New compliance and reporting obligations
PricewaterhouseCoopers
Slide 13
Contractual Compliance Requirements
What Does This Mean for Contractors?
• Higher level of scrutiny by government auditors
• Increased business and reputational risk
• More resources needed for government audits
• Cash flow and margin implications
• Financial reporting (i.e., SOX) controls may address some
aspects of compliance
• A systematic approach is needed to increase confidence and
efficiency in the compliance function
PricewaterhouseCoopers
Slide 14
Rationalizing Internal Controls
• Holistic framework to address
internal control requirements
• COSO internal controls
framework used extensively to
address compliance needs
• COSO framework addresses
five areas of internal controls
• DCAA system audit objectives
are within the COSO
framework
PricewaterhouseCoopers
DCAA is focused
primarily on the
compliance
objectives within the
COSO model.
Slide 15
Compliance Effectiveness Methodology
Control Environment
Risk Assessment
Control Activities
Information &
Communication
Monitoring
Sets the tone of an
organization, influencing the
control consciousness of its
people.
The entity's process for
identifying and analyzing risk
to achieve its objectives and
form a basis for determining
how risk should be managed.
The policies and procedures
that help ensure that
management directives are
carried out.
Systems and programs that
support the identification,
capture, and exchange of
information.
Ongoing process of ensuring
the quality of internal control
performance.
•
•
•
•
•
Approach and
Methodology
Guiding
Principles
COSO
Areas
The methodology focuses on driving compliance while decreasing overall cost . It focuses on using existing technology and existing compliance efforts to
achieve this goal.
Evaluate, recommend,
and/or design
procedures used by
management to establish
an effective control
environment
•
Develop or evaluate risk
assessment to identify
compliance requirements
and potential risk areas
Inventory compliance
requirements including:
• Contractual clauses
• CAS
• FAR
• DCAA internal
control matrices
• Other
•
•
•
Evaluate government
contract compliance
policies and procedures
Map “as is” controls to
compliance requirements
including DCAA control
objectives
Perform gap analysis
and compliance
readiness assessment
Identify opportunities for
improvement and
develop remediation
plans
•
Identify opportunities for
automation of control
activities
Develop training
programs on FAR, CAS,
other regulatory
requirements and
identified remediation
activities
•
Develop test plans and
self-assessments that
allow management to
evaluate operating
effectiveness of controls
Test remediation plans
as developed and
implemented
Enabling
Technology
Underlying the success of our methodology is a focus on utilizing technology to support each area through:
•
•
•
•
Understanding current system capabilities to support compliance efforts
Identifying risks in current technology infrastructure
Identifying opportunities to further leverage systems to increase effectiveness and efficiency of compliance programs
Leveraging our experience with ERP systems such as Costpoint, SAP, JDE, Oracle, and PeopleSoft to reduce the cost of compliance
PricewaterhouseCoopers
Slide 16
Defining Internal Controls Optimization
Efficient and
systematic
process to
define risks
Implement
management
oversight and
reporting
structure
Redesign,
automate or
implement new
controls
PricewaterhouseCoopers
Establishing
the right
controls at
the right
cost
Quantification
of costs,
process impact
and validation
of these
controls
Leverage higher
level controls
Slide 17
Opportunities for integration of related internal control activities
X
X
X
X
X
Control monitoring
X
X
X
KPIs/KRIs
X
X
X
Control testing/validation
X
Advisory
X
X
X
X
IT problem
management
Risk/control assessment
X
Credit/
market risk
X
Business
continuity
planning
X
Information
security
X
Records
management
X
Legal
SOX (bus
and IT)
X
Anti-fraud
Operational
risk
Event definition/scoping
Illustrative
Internal
audit
Regulatory
compliance
Common governance, risk and control functions
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Policy and procedure
X
X
X
X
X
X
Incident management
X
X
X
X
X
X
Deficiency management
X
X
X
X
X
X
X
X
X
X
X
Reporting
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Change management
Records management
X
X
X
X
Communications
X
X
X
X
Training
X
X
X
X
PricewaterhouseCoopers
X
X
X
X
X
X
X
X
X
X
X
X
Slide 18
Question and Answer Session
PricewaterhouseCoopers
Slide 19