Monday, June 13, 2016

DCAA Still Trying to Dig Out from Under Its Incurred Cost Audit Backlog

DCAA (Defense Contract Audit Agency) recently revised its audit guidance concerning incurred cost audits with ADV (auditable dollar volume) under $5 million that will help reduce the backlog of incurred cost submissions requiring audit. By way of background, when contractors submit their annual incurred cost submissions to the contracting officer, DCAA performs an adequacy check to ensure they meet all of the specific requirements of FAR 52.216-7, Allowable Cost and Payment. Once the adequacy check is completed, DCAA conducts a high-risk/low-risk determination. There are a number of factors that could lead to a high-risk determination. Most of these factors are based on something in the past, such as questioned costs in prior years, audit leads from other audits, or concerns expressed by a contracting officer. Incurred cost submissions that are considered high-risk are subject to audit. Those that are low-risk, are dumped into a pool for random selection. Those that are not selected are "administratively" accepted and closed, meaning there will be no audit.

Auditors being auditors however, it was difficult for them to realistically assess risk and an inordinate number of annual incurred cost submissions under $5 million were classified as high-risk, sometimes based on the "gut instinct" of the auditor performing the high-risk/low-risk determination. So DCAA decided to tighten up on the risk assessments - leaving less discretion to the auditor. In DCAA's words, the "... changes will ensure that we are effectively identifying incurred cost proposals that have relevant and substantial risk that would warrant an audit, specifically in the area of proposals with less than $5 million in auditable dollar volume (ADV).

The new guidance will require that auditors reassess all assignments that are classified as high-risk with an adequate incurred cost submission and ADV less than $5 million. If, based on that reassessment, an audit is warranted based on significant relevant risk, the auditor, supervisor, and manager will have to submit justification to regional management before it is authorized to proceed with an audit. In reality, who in their right mind is going to endure the rigors of writing up justification to for everyone in the chain of command to second-guess, scrutinize, and return for rework when they can take a pass and call the incurred cost submission low-risk. It's pretty obvious that DCAA no longer wants to expend audit effort on low-dollar, low-risk proposals.

The new risk-assessment policy allows for a limited probe into a specific area when justified. These audits or reviews would be like surgical probes into specific areas that raised concern and thus justifying a high-risk rating. However, these would be very limited in scope and there would be no audit opinion on direct and indirect costs.

No comments:

Post a Comment