For the past ten years or so, Government contractors and subcontractors have been required to self-disclose "credible evidence" of certain (i) violations of criminal law, (ii) violations of the civil False Claims Act, and (iii) significant overpayments on Government contracts (see FAR 52.203-13). Such disclosures are usually made to the Office of Inspector Generals' (OIG) office for the respective Agency awarding the contract. Within the Defense Department, the DoD-OIG is the Agency designated to receive disclosure from Defense contractors.
So how is the mandatory disclosure program working? The DoD-OIG recently reported that since the inception of mandatory disclosure rules, more than $200 million has been returned to the Government by Defense contractors under the mandatory disclosure program since inception.
Most of the disclosures and subsequent recoveries fall into two, somewhat related categories; labor mischarging (e.g. timecard fraud) and misclassification of costs resulting in inflated indirect rates. Other less significant recoveries included non-conforming or counterfeit parts, false certifications, and theft of Government property.
Typically, the resolution of self-disclosures, in addition to paying the Government back, involve commitments to strengthen internal controls including training.
The OIG also reported that many disclosures involving overpayments or false claims ultimately lead to additional recoveries than initially reported. Cost impact analysis by contractors are typically audited by contract auditors who tend to dig a bit deeper into the data than contractors are wont to do.