Monday, October 21, 2013

Compliance Reviews for Scanned Records

Last Friday, we wrote about the FAR (Federal Acquisition Regulations) requirements for contractors who which to preserve their original source documents in an electronic format. Briefly, these requirements include:

  1. Established procedures to ensure that the imaging process preserves accurate images of the original records
  2. An indexing system to permit timely and convenient access to the imaged records, and
  3. Retention of the original records for a minimum of one year after imaging (to permit periodic validation).

A question arises as to who is going to test contractors' compliance in this area? Well, DCAA (Defense Contract Audit Agency) will, for one. We don't know if DCAA was somehow assigned to task of testing for compliance or they took it upon themselves since (with DCMA's (Defense Contract Management Agency) ascendancy, DCAA is finding itself with reduced functionality) the Agency has extra time to do those things. But, DCAA recently issued guidance to its auditors on the need to validate contractor practices EVERY YEAR!.

The guidance provides that auditors should test the contractor's scanned images annually. The testing will cover the previous 12-month period and allow auditors to make easy determinations on whether reliance can be placed on the scanned images. If the auditors perform tests and do not identify any deficiencies, they can rely on the veracity of the scanned images.

Here are some of the steps that the auditor will perform as part of their annual testing.

  • Test a sample of the images to original documentation from the preceding 12-month period
  • Ensure the contractor is able to provide timely access to the imaged records to test whether the contractor maintains an effective indexing system to permit timely and convenient access.
  • Ensure the scanned image accurately reflects the original record, including signatures and other written or graphic images.
  • Ensure the contractor's transfer procedures maintain the integrity , reliability, and security of the original computer data
  • Ensure the contractor retains an audit trail describing the data transfer.

No comments:

Post a Comment