We like to question conventional wisdom.

Similar documents
DCAA Finds New Ways to Reduce its Audit Backlog. Written by Nick Sanders

Another option that is becoming more and more prevalent is the use of independent CPAs to perform audits of a contractor s accounting system.

AICPA CITP Credential Examination Series

STUDENT GUIDE. CON 170 Fundamentals of Cost & Price Analysis. Unit 5, Lesson 1 Cost Analysis Process, Players, and Business Systems

Material Transfers and Material Management and Accounting System (MMAS) Next Slide

HUD-US DEPT OF HOUSING & URBAN DEVELOPMENT: Understanding Internal Controls. Ladies and gentlemen, thank you for standing by and welcome to the

Format and organization of GAGAS Auditor preparation of financials is a significant threat to independence 3 party arrangements in government State

Make or Buy Decisions in a Proposal Audit. Next Slide

Treaty of Versailles Simulation*

Chapter 6 Field Work Standards for Performance Audits

PCAOB Auditing Standard 15 addresses audit evidence. What is audit evidence?

Forward Pricing Proposal- Labor Categories. Next Slide

financial management reform within the Department of Defense. CONTINUING LEADERSHIP COMMITTMENT

The Value-Adding Internal Audit Function

The Language of Accountability

Contractor Estimating Systems: System Adequacy Standards and Key Compliance Issues

Contractor Business System MMAS

Integrated Safety Management System

Master Document. Version 2.6, dated November 2017 B-1 Planning Considerations

Ethics and Financial Reporting: Delivering on the Commitment

Don t Bank On It: The FinTech FX

Subcontractor and Vendor Kickbacks. Next Slide

Internal Controls. They Are Everyone s Business. Valdosta State University Office of Internal Audits June 2016

YouTube Marketing Mistakes Top 6 Most Silly Blunders!

Contracting Internal Controls and Risks. Contract Auditing v Contract Monitoring

Policy Changes Needed at Defense Contract Management Agency to Ensure Forward Pricing Rates Result in Fair and Reasonable Contract Pricing

The Dunning-Kruger Effect and Other Reasons People Screw Up. Written by Nick Sanders

By Thomas G. Dolan. What do you do if you ve done everything right, but you still haven t come up with a safety program that really works?

Brought to you by the publishers of COMPLIANCE WEEK

The last four phrases should be sound familiar to any of you practicing agile software development.

Repetitive Bidding of Duplicative Material Costs. Next Slide

Risk-Based Environmental Auditing at Bulk Fuel Terminals

U. S. GAO Government Auditing Standards Update The New Yellow Book

Independent Model Validation through DataRobot s AI Services

Defective Pricing- Material Pricing Deficiencies. Next Slide

Keeping your Business Systems Current in Response to DCAA Initiatives and Emerging Regulations

WELCOA WELLNESS COUNCILS OF AMERICA ABSOLUTE ADVANTAGE 5

Facebook Massive Advertising Mistakes Maintain A Strategic Distance From These Crazy Blunders!

EFFICIENT USE OF AUDIT COMMITTEES

THE NEGOTIATION TAPES. Joshua Stein 1

The Avocado Market: A growth market in a mature food industry

Understanding Internal Controls. Federal Highway Administration New Mexico Division

ebook 7 Proven Tips For Modernizing Your Organization's Policy & Procedure Communication 21st Century P&Ps

Subcontract Management Regulatory Compliance - The Most Current Trends and Issues

Operations Audit Materials and Other Cost

Innovative Marketing Ideas That Work

Mind the Agility Gap

Serene Stambaugh BUSA 320: Enron Project Prof. Gerald Myers

B-1 Preliminary Steps WP Reference

The Control Environment

WORKING WITH TEST DOCUMENTATION

DFARS Business Systems Compliance. March 11, 2015

THE MOST COMMON MISCONCEPTIONS ABOUT IUID AND RFID COMPLIANCE

Terms of Reference for the Inspector General 1

Using Key Principles to Build Rapport

Susan Schmidt Bies: Corporate governance and community banks

Contract Change Management

2-2 The major characteristics of CPA firms that permit them to fulfill their social function competently and independently are:

Incorporating TIP Clauses In CPA Firm Engagement Letters: An Innovative Pricing Concept From VeraSage Founder Ron Baker

Government Contract Controls: Going Beyond Business Systems

Dena Jansen, CPA Partner Maxwell Locke & Ritter LLP

Certified Identity Governance Expert (CIGE) Overview & Curriculum

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

Increasing External Auditor Reliance

Contract Administration Audit: Universal Protection Services, LP

Detecting Fraud Involving Senior Executive Override & Collusion

B-1 Preliminary Steps WP Reference

Examples of solicitation provisions and contract clauses that grant audit access to representatives of the Federal government include:

DLA Enterprise Supplier Conference and Exhibition

Your committee: Evaluates the "tone at the top" and the company's culture, understanding their relevance to financial reporting and compliance

FRAUD AWARENESS UPDATE

Chapter 2. The CPA Profession

5 Ways to Grow Your Practice

INTERNAL CONTROL SYSTEMS

The Defense Industry Enters a New Era

Benefits of organisational whistleblowing

CASE STUDY. City of Tucson implemented the Spikes Cavell Observatory to deliver improved spend and contract visibility.

Preventing Conflict at Work

International Relations. Simulation: The Treaty of Versailles This activity accompanies slide 15 of The Treaty of Versailles (part 1).

Standards for Internal Control in New York State Government 2016 Update

Proving Marketing Impact:

REQUESTS CORRECTIVE ACTION PERFORMING ROOT CAUSE ANALYSIS FOR

Case Study. How Gemalto s Trust ID Network is revolutionizing self-sovereign digital identities by leveraging R3 s Corda blockchain platform

7 Interview Questions You Need to be Asking

INTRODUCTION THE PROBLEM AND ITS CONSEQUENCES

WHITE PAPER----Dollar Days Website Author: Chuck Vance, President, MaskMail.com

TEAM ALIGNMENT TRUST INSIDE. report. assessments. for Team Name January 30, 2010

WORLD WAR II ( ): FALL OF FRANCE 1940

The slightest perception of something negative happening can affect an employee s emotional state.

Community-based Forest Restoration in the Southwest: A Needs Assessment

How to Pass an ALGA Yellow Book Peer Review Training by the Association of Local Government Auditors (ALGA) Tampa, Florida September 20, 2013

Conference Wrap-Up. Bruce J. Summers

The Single, Easiest Branding Thing To Do On The Internet for Financial Practices. A free report provided by USA Financial

Revenew s Cost Recovery and Cost Containment services return dollars to your budgets. We recover over $100 million for our clients annually.

5 Digital Marketing mistakes that Insurance Brokers make, and how to avoid them

So You Just Got Invited To Brief the Board of directors on Security

Oversight Review March 16, External Quality Control Review of the Defense Logistics Agency Audit Organization. Report No.

AICPA Peer Review Program Compliance: Responding to Latest Developments

Drive Your Business. Four Ways to Improve Your Vendor Risk Program

Speech by SEC Staff: Remarks before the 2007 AICPA National Conference on Current SEC and PCAOB Developments

Transcription:

For defense contractors (and non-m&o Dept. of Energy contractors), business systems are the first line of defense against fraud, waste, and abuse. How many times have we heard that phrase? It s been in the Federal Register several times, and in Agency guidance several additional times. The line has been in a Public Law. It s been all over the place. The phrase has become conventional wisdom by this point. We like to question conventional wisdom. On August 11, 2009, the Commission on Wartime Contracting (CWC) conducted a hearing to obtain testimony from government officials and contractors on the adequacy of contractor business systems. At that hearing The Commission learned that unreliable data from business systems produced billions of dollars in contingency-contract costs that government auditors often could not verify. The government s ability to detect contract cost errors and material misstatements is seriously impeded by contractors inadequate internal controls over their business systems. Further, the two primary government agencies involved, the Defense Contract Management Agency (DCMA) and the Defense Contract Audit Agency (DCAA), are not effectively working together to protect government interests. The CWC subsequently published a report in September of that year, entitled Defense Agencies Must Improve their Oversight of Contractor Business Systems to Reduce Waste, Fraud, and Abuse. The first line of that report was Contractor business systems and internal controls are the first line of defense against waste, fraud, and abuse. And that s how it started. Flash-forward 5+ years and there has been a profound sea-change in the focus on contractor business systems since the CWC sounded its warnings. The landscape is entirely different. We have six business systems (not 10 internal control systems). We have deficiencies and significant deficiencies. Significant deficiencies mean disapproval (or inadequacy) and that leads, inexorably, to mandatory payment withholds. Reviewing contractor business systems 1 / 5

has become a cottage industry, with consultants and attorneys eager to assist contractors with creating adequate business systems, or remediating those systems that failed DCAA or DCMA audit. And now we have reenergized DCMA functional specialists and refocused DCAA auditors, with new and improved audit programs to help them evaluate business systems. We have peer reviews of ACO business system adequacy determinations, and at least two levels of Review Boards to help adjudicate disagreements between the ACO and those who performed the reviews. We have process upon process, and guidance upon guidance all to help focus oversight on the first line of defense against fraud, waste, and abuse. The thing of it is: it s all nonsense. It s pretty much a big waste of taxpayer funds. Allow us to explain. Let s talk about the Maginot Line. The Maginot Line was France s first line of defense against German invasion. Constructed between World War I and World War II, the Maginot Line was designed to stop the Germans cold. From Wikipedia 2 / 5

The Maginot Line was impervious to most forms of attack (including aerial bombings and tank fire), and had state-of-the-art living conditions for garrisoned troops, air conditioning, comfortable eating areas and underground railways. It seemed like a really good idea at the time. Unfortunately, the Germans didn t cooperate. They didn t use the same strategy they had employed in World War I. As Wikipedia noted The French established the fortification to provide time for their army to mobilize in the event of attack, allowing French forces to move into Belgium for a decisive confrontation with Germany. The success of static, defensive combat in World War I was a key influence on French thinking. French military experts extolled the Maginot Line as a work of genius, believing it would prevent any further invasions from the east. While the fortification system did prevent a direct attack, it was strategically ineffective, as the Germans invaded through Belgium, going around the Maginot Line. The German army came through the Ardennes forest and the Low Countries, completely sweeping by the line, causing the French army to surrender and conquering France in about six weeks Moreover, the Wikipedia article asserted that the Maginot Line, proved costly to maintain and subsequently led to parts of the French Armed Forces being underfunded and not provided with the troops, equipment and communications needed for the war. Consequently, reference to the Maginot Line is used to recall a strategy or object that people hope will prove effective but instead fails miserably, giving way to the Maginot Line mentality. Sound familiar? The focus over the past 5 years on contractor business systems is the Maginot Line of today s DoD oversight function, especially the oversight provided by the Defense Contract Management Agency. Like the French focus on their fixed fortifications, it is the wrong strategy. It is the wrong focus. And it takes funding and resources away from other, more critical, areas. The focus on contractor business systems is not a focus on preventing fraud, waste, and 3 / 5

abuse. Instead, it is a focus primarily on policies and procedures. Contractors can best prove the adequacy of their business systems by having really thick policies and procedures that address every one of the applicable adequacy criteria. The best way to pass a business system review is to have a lot of really good policies and procedures; the actual practices are of lesser importance. That s not to say that certain metrics won t be part of the review; they will be. It s just that the corrective action plan to remediate any findings will almost certainly consist of writing better and more robust policies and procedures, and ensuring employees are trained in their contents. The adequacy criteria themselves are largely ambiguous and subjective, and so disagreements arise easily during audit. As we ve noted before, DCAA has taken the definition of significant deficiency found in the regulations and created something not envisioned by the rule-makers so that the auditors can comply with GAGAS. The irony there is that the AICPA s ays the adequacy criteria aren t auditable, and so it s tough to see how any auditor could ever comply with GAGAS no matter how terms are defined. The focus on contractor business system adequacy is an imaginary line of defense because policies and procedures are not nor have they ever been the first line of defense against fraud, waste, and abuse. The first line of defense is people. People who make good decisions when faced with conflicting priorities. People who have the training to make those decisions, and the resources to call upon when things get tough. That s your first line of defense. People are always the first line of defense and all the policies and procedures in the world won t stop bad decisions from being made by poorly trained and poorly supported people. Any approach that focuses on ambiguous, subjective, adequacy criteria, that focuses on written policies and procedures, is a Maginot Line approach. And while DCMA and DCAA are focused on six contractor business systems, too many contractor employees continue to engage in wrongdoing, including such activities as bribery, kick-backs, and other corrupt behavior. Indeed, the adequacy of a contractor s business 4 / 5

systems is absolutely no guarantee that its employees are engaging in ethical decision-making. The best policies and procedures in the world don t ensure ethical decision-making. Just ask the executives of Enron. It s past time for DoD policy-makers to admit that oversight of contractor business systems, in its current form, is not the first line of defense against fraud, waste, and abuse. They are not the first line of defense, nor have they ever been. In fact, the business systems adequacy criteria have very little to do with preventing waste, fraud, and/or abuse. It s past time for DoD to admit that the focus on contractor business systems is a mistake, one that takes resources and funding away from more important things. It s time to get DCAA out of business systems audits altogether and, to the extent DCMA wants to review certain contractor practices and controls, it should do so in a streamlined fashion, without the multiple layers of bureaucracy and without the nuclear option of payment withholds. 5 / 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback