Keeping your Business Systems Current in Response to DCAA Initiatives and Emerging Regulations

Transcription

1 Keeping your Business Systems Current in Response to DCAA Initiatives and Emerging Regulations James W. Thomas PricewaterhouseCoopers LLP Brian D. Taylor Accenture Federal Services

2 Business Systems and Counterfeit Parts Business Systems Audit Cycle & DCAA Initiatives Statistics and Emerging Regulation Documenting and Monitoring Counterfeit Parts Final Rule 2

3 Business Systems: Audit Cycle DCAA Forward Pricing Audit DCMA Expect frequent DCMA activity Purchasing Property EVMS MAARs (Floorchecks) ALL Business Systems Incurred Cost Audits Demand Audits (Proposal) DCAA Incurred Cost Audit Backlog May report a Significant Deficiency during other audits (e.g, FPRP) Accounting Estimating Material Management Purchasing Property EVMS 3

4 Business Systems Emerging Regulation Current 139 systems were reviewed by DCMA HQ as of Sept. 23, 2014: 53 Accounting 31 Property 21 Estimating 17 Purchasing 17 EVMS 0 MMAS 73 systems have been disapproved 46 have been re-approved *Ms. Joan Sherwood, DCMA presentation to GWSCPAs, June 13, systems remain disapproved $170.1 M in current withholds DFARS Proposed Rule DFARS D042 DoE Proposed Rule FR Potential Future Requires contractor to demonstrate compliance with 3 business systems (Accounting, Estimating & MMAS) if applicable Self-assess against criteria and engage independent audit (Similar to SOX) Includes 5 business systems (No MMAS) Includes language re: demonstrating compliance with criteria Differs from DFARS language: 90 day provision for lifting withhold when adequate info of corrective action

5 Business Systems: Proposed DFARS Rule (2012-D042) Accounting CAS covered USG Audit Program review - $100M flexibly priced costs incurred/billed Proposed DFARS Rule Annual self assessment Estimating $50M/$10M+ TINA awards (TA) USG Audit Program review - $100M+ TA Triennial audit (by independent CPA) Excludes small business MMAS $50M+ qualifying sales (QS) USG Audit Program review - $100M QS

6 Government CPA Firm Contractor Business Systems: Proposed DFARS Rule (2012-D042) Annual Assessment Evaluated with applicable criteria Complies in all material respects Discloses any significant deficiencies Status of any significant deficiencies disclosed in assessment Corrective Action Plan (CAP) Triennial audit Qualified to perform the audit Does not perform non-audit services Independent and objective Disclose any independence issues Written representation Monitoring Compliance Reporting Review the plan and identify potential issues DCAA assessment of CPA audit report & related documentation Access to Contractor & CPA documentation and work papers Access to Contractor selection criteria for CPA firm 6

7 Business Systems: Proposed DFARS Rule (2012-D042) Key Provisions Industry Concerns and Comments (AICPA, CODSIA, ABA) Applies to contractor Estimating, Accounting and MMAS systems Requires contractors to submit an annual report for each system regarding its compliance with the applicable business system criteria Requires contractors to undergo a business system compliance audit at least once every three years conducted by an independent and objective CPA firm Requires contractors to make available to the Government the results of internal or external reviews or monitoring conducted to ensure compliance Requires DCAA to review the CPA firm s audit strategy, risk assessment, and audit plan and perform an assessment of the CPA audit report Concerns that the DFARS business system criteria is not sufficiently objective or measureable and may be subject to wide interpretations Inconsistencies with existing Professional Standards for CPAs, such as use of defined terms (e.g., significant deficiency), auditor independence and making prospective opinions on contractor corrective action plans Concerns that employing DCAA to review and assess the CPA firm s audit strategy, risk assessment, audit plan and audit report will lead to unnecessary redundancy, disruption and conflicts in professional judgments Concerns that proposed rule will result in increased costs and lack of clarity on the allowability of those costs Concern that proposed rule would give the government broad and unnecessary access to contractor records Suggestion that the DOD should either contract directly with the CPA firms or allow the contractors to engage the CPA firms without DCAA intervention Suggested use of various working groups to further define the DFARS audit criteria and rule processes

8 Business Systems: Document & Monitor Control Environment Recurring Monitoring and Reporting Business System Owner Internal Controls Regulatory Compliance Accounting : Controller Estimating: FP&A/Pricing Purchasing: Procurement Property: Property Admin EVMS: EVM Team/COE MMAS: Depends on structure Document control activity Testing frequency Testing Plan Exceptions Regulatory requirements Internal Policy Report results Subject Matter Expert Monitor emerging regulation Monitor emerging audit trends Review policies, procedures Advise Leadership Advise Stakeholders Advise on DFARS rules Report to Leadership Results, Effectiveness, Remediation, Corrective Action 8

9 Counterfeit Parts Final Rule: DFARS Case 2012-D055 Detection and Avoidance of Counterfeit Electronic Parts May 6, In response to requirements of Sections 818 and 833 of the National Defense Authorization Act (NDAA) for Fiscal Years 2012 and 2013 Amends several DFARS sections to hold contractors responsible for detecting and avoiding the use of counterfeit/suspected counterfeit electronic parts in DoD acquisitions Significant DFARS changes: A new subsection Cost of remedy for use or inclusion of counterfeit electronic parts and suspect counterfeit electronic parts that makes expressly unallowable the costs of counterfeit electronic parts or suspect counterfeit electronic parts and the cost of rework or corrective action that may be required to remedy the use or inclusion of counterfeit electronic parts Applies to CAS-covered contractors that supply electronic parts or products under CAS-covered contracts and their subcontractors Small businesses are not subject to the requirements in solicitations and contracts from the government 9

10 Counterfeit Parts Final Rule: DFARS Case 2012-D055 Detection and Avoidance of Counterfeit Electronic Parts Exceptions if: i. Contractor has an operational system to detect and avoid counterfeit parts and suspect counterfeit electronic parts that has been reviewed and approved by DoD pursuant to , ii. iii. Counterfeit electronic parts or suspect counterfeit electronic parts are Government furnished property as defined in FAR , and The contractor provides notice within 60 days to the Government A new subsection Contractors counterfeit electronic part avoidance and detection systems prescribes policy and procedures for preventing counterfeit parts from entering the supply chain Requires contractors and their subcontractors to establish and maintain an acceptable counterfeit electronic part avoidance and detection system failure may result in purchasing system disapproval and payment withholding 10

11 Counterfeit Parts Final Rule: DFARS Case 2012-D055 Detection and Avoidance of Counterfeit Electronic Parts Detection and avoidance system criteria includes: i. Training ii. iii. iv. Inspection and testing Processes to abolish counterfeit parts proliferation Traceability of parts to suppliers v. Use and qualification of trusted suppliers vi. vii. viii. ix. Reporting and quarantining of counterfeit and suspect counterfeit electronic parts Methodologies to identify and determine if a suspect part is counterfeit The design, operation, and maintenance of systems to detect and avoid counterfeit and suspect counterfeit electronic parts, and Flow down of counterfeit avoidance and detection requirements to subcontractors 11