Today we present Part 4 in our discussion of the optional items that may be requested in connection with the audit of annual incurred cost submissions. This listing is found in FAR 52.216-7(d)(2)(iv) and are identified as items not necessary to support a submission's adequacy but items that may be required during an audit of the incurred costs. Today we look at internal audits, tax returns and SEC filings.
List of all internal audit reports issued since the last disclosure of internal audit reports to the Government. We don't know what benefit a listing of internal audits will contribute to an audit of incurred costs. Perhaps in reviewing the listing, an auditor might spot something that speaks to incurred costs. But a listing is not the audit itself and contractors should know that there is nothing in FAR that requires them to furnish internal audits to the Government. In fact, this all played out in the 2013 NDAA (National Defense Authorization Act) where the Government made a concerted effort to require contractors to provide their internal audits to Government auditors. It didn't happen. What did happen is DCAA was told to go back and document contractor responses to requests for internal audits - this many contractors said "yes" and this many said "no". You can read more about that circus here.
DCAA is going to conduct the audits that, based on risk assessments, need to be conducted to protect the Government's interests. In theory, if the contractor has already audited the systems that DCAA plans to audit, DCAA could review those audits and rely on some or parts of the work, thereby reducing the level of testing it needs to perform. Sounds good in theory but in practice, it doesn't work. When we were auditors, some contractors routinely provided their internal audit reports and accompanying workpapers. We don't recall a single instance where those reports were helpful in the audits we needed to accomplish. Part of the reason was because the contractors were not about to spend time auditing areas that they knew that DCAA was going to audit. And DCAA was not going to audit areas that were of no consequence to Government contracting (like internal controls over the petty cash fund).
Bottom line here is that contractors are not required by contract or FAR to provide the Government access to their internal audit reports. They can if they want but its not mandatory. Contractors shouldn't be too skittish about doing so however. In most cases, such reports are benign from a contract auditors perspective. In a perverse thought, giving the auditors access to internal audits will waste their time and take away from the hours they have to do real auditing.
Annual internal audit plan of scheduled audits to be performed int he fiscal year when the final indirect cost rate submission is made. This relates somewhat to the discussion above on internal audits and it is not clear as to the purpose of such a listing as it pertains to audits of historical costs. We could probably make some kind of nexus if we tried but from a practical sense, we just don't see how future internal audits will impact the propriety of historical costs.
Federal and state income tax returns. If contractors claim state income tax as an expense item (allowable under FAR 31.205-41), they're going to have to provide a state tax return to support the costs. Beyond that, there is great angst among contractors in releasing tax returns. Some do willingly while others are very reluctant to do so. One major contractor allows auditors to view and take notes but not to make copies (DCAA grudgingly accepted this restriction). Sole proprietors don't want to show their entire tax return but may be willing to extract the Schedule C from the return and give it to the auditors.
Years ago, an auditor was reviewing a tax return and noted that Research and Development costs for R&D tax credit was much lower than the amount claimed under Government contracts. The Government opened a fraud case but closed it quickly when they realized the definitions of R&D for tax purposes were different than they were under the FAR. That illustrates one of the problems with allowing auditors unfettered access to not only tax returns but other information where they may jump to the wrong conclusions.
Securities and Exchange Commission (SEC) 10-K annual report. This qualifies as the dumbest item on the list and shows how out of touch these folks are. The 10-K reports (and a lot of other information) are available on SEC's EDGAR (Electronic Data Gathering, Analysis and Retrieval System) website for anyone in the world to download.
Tomorrow, the conclusion of this series.