When the DCAA comes into your company for an entire business system audit, scrutiny and dissection are two words that come to mind. In our 20-plus years of experience, we’ve seen it take somewhere between a year and a year and a half, with companies and accountants literally at the edge of their seats.
Here’s the purpose and scope of their audit program (taken from the 11070 Compliance with DFARS 252.242-7006 Accounting System Administration Requirements Audit AP file from the DFARS site):
The compliance with DFARS 252.242.7006, Accounting System Administration requirements audit is conducted to examine contractor compliance with the system criteria as prescribed in section (c), System Criteria. As a part of the examination, auditors will:
- Obtain an understanding of the contractor’s compliance with DFARS 252.242-7006(c);
- Determine if the contractor is compliant with the accounting system criteria prescribed in DFARS 252.242-7006(c);
- Report both significant deficiencies and less severe significant deficiencies in compliance with the DFARS criteria.
This 37-page document is available in full from the DCAA website.
The first part of the audit is the risk assessment stage. It asks for a “Description of System and Controls Designed to Comply with DFARS 252.242-7006”. That’s a 20+ page form that needs to be filled up with information, which is broken down into subsystems:
- System and IT Overview
- Structure of your Organization
- General Accounting Procedures
- Timekeeping and Payroll Systems for your Laborforce
- Indirect Costs
- Direct Materials and Subcons and Other Direct Costs
These subsystems are then further broken down into smaller sub-areas, and the contractor must further provide the information:
- How you are in compliance with specific system criteria
- Enterprise Resource Planning and Organization Structure
- Your Significant Process Flows
- All Important Controls
- Key Procedures, Policies, Desk Instructions both formal and informal
- All Key Personnel
This form that’s requested by the DCAA is very time-consuming and resource exhaustive. Not only will you be submitting a very long report, but the DCAA auditors will also be expecting a comprehensive walkthrough of all areas of your accounting system that reflects your submitted form.
After the risk assessment, the auditors will review every procedure, policy, and practice and contrast it against DCAA compliance with specific DFARS criteria for a suitable accounting system.
Like your high school teacher that kept on giving you tons of homework, not caring that you had a life outside of school; your auditors will ask you for a lot of data, set up numerous interviews, and meets with your accounting and management, with very little care that they are taking away time from your daily toil.
You should also concern yourself with their “specific” criteria as a lot of these are open to some interpretation. Your team should understand the criteria and have enough information in support of your own interpretation of the criteria.
There will be times when deficiencies are discovered and corrections are needed. This would require DCAA supervision. Payments may end up being withheld until the corrections are done.
You can prepare for the audits as much as possible, but when asking for help is more practical and efficient, especially in the time-constrained world of Government Contracting. Peter Witts CPA PC has been in Government Contract Accounting for more than 20 years, we’ve filled up thousands of forms, designed multiple accounting systems, and implemented many more strategies for companies that had the thumbs up from the DCAA. Why? Peter is a former DCAA auditor who knows the system’s ins and outs. It’s an advantage we’d love for you to have.