The Defense Contract Audit Agency (DCAA) recently issued its Fourth Annual Report to Congress dated March 25, 2015. Once again, the report shows DCAA is making modest improvements in the timeliness of its audits, and continues to seek regulatory changes that would provide DCAA greater access to contractors’ data, internal audits, and personnel.

Congress began requiring annual reports from DCAA in 2011 following well-documented and widely reported criticisms of DCAA that ranged from allegations about failure to comply with professional standards, questions about the timeliness of audit reports, and the well-publicized increased backlog of incurred cost proposals requiring audit. Section 805 of the 2012 National Defense Authorization Act requires DCAA to submit an annual report by March 30th of each year. Each report must provide statistics on DCAA’s audit performance during the previous fiscal year and address “Significant Deficiencies and Recommended Actions to Improve the Audit Process.”

Sections 1 and 2 of FY 2014 report address DCAA’s mission, structure and staffing, and look very similar to past reports. Section 3 discusses DCAA’s Fiscal Year 2014 audit performance. This section highlights DCAA’s efforts to reduce the backlog of incurred cost audits, noting that it had performed 1,919 incurred cost audits, up only slightly from FY 2013 but more than six times the number of incurred cost audits conducted in FY 2011. See DCAA 2011 Report to Congress. Although reduction of this backlog was a priority for DCAA, in the Report, DCAA notes that it plans its audits based on the highest risk areas to the Government rather than type of audit.

For FY 2014, DCAA reported that its highest priority audits were those related to Overseas Contingency Operations (“OCO”) and forward pricing. DCAA prioritized OCO audits due to the high concentration of foreign contractors and subcontracted work. It prioritized forward pricing audits because it recognized those audits must be completed before contract negotiations to be useful to a Contracting Officer. Despite this prioritization, however, DCAA only slightly improved the time needed to complete forward pricing audits—from 97 days in FY 2013 to 95 days in FY 2014. This time period is likely still insufficient for the needs of Contracting Officers trying to negotiate with contractors. DCAA’s time to complete audits over the past three fiscal years was summarized in the Report as follows:

graph2

Section 4 of the Report, addressing DCAA’s deficiencies and recommended actions for improvement, focuses mainly on DCAA recommendations to Congress for statutory and regulatory changes that DCAA believes will make it more effective and efficient. These recommendations will be familiar to readers of previous reports. Among them:

  1. DCAA recommends Congress expand DCAA’s subpoena authority in section 10 U.S.C. § 2013 to include “data other than certified cost or pricing data” as defined in FAR 2.101. Currently, DCAA’s subpoena authority is limited to cost or pricing data. As the Report notes, while the FAR allows Contracting Officers to request this data, there is no current authority to compel its production. DCAA asserts that such a change is even more important given the Department of Defense’s Better Buying Power Initiative and its goal of using more commercial items. DCAA had worked with DoD to submit legislative proposals consistent with this change in FYs 2014 and 2015 without success. DCAA indicates it will work with DoD to submit yet another legislative proposal to address this issue.
  2. DCAA cites its lack of access to contractor internal audit reports as a significant challenge, and asserts that access to these records is essential to meeting its goals. DCAA revised its guidance in the Defense Contract Audit Manual (“DCAM”) to address the documentation requirements mandated by section 832 of the 2013 NDAA. In November 2014, GAO issued a Report analyzing that guidance and found that DCAA had not implemented sufficient controls “to ensure that the internal audit reports are not used for purposes unrelated to evaluating and testing the efficacy of internal controls and the reliability of business systems.” The Report acknowledges the GAO’s recommendations and states that DCAA will make the necessary changes to its guidance.
  3. Finally, DCAA noted that its lack of access to contractor employees also hinders its effectiveness. Although FAR 52.215-2(d) explicitly gives the GAO rights to interview any officer or employee, it provides no such rights to DCAA. A previous legislative proposal to address this point was withdrawn with the explanation that DCAA already has authority to interview contractor employees during the course of an audit if necessary to complete the audit. Not everyone agrees with this interpretation, however. Contractors have taken the position that because subsection (c)(1) of 10 U.S.C § 2313 explicitly mentions GAO, but not DCAA, the only authority rests with the GAO. The Report advocates a change to the statute to clarify this issue once and for all.

In sum, DCAA is not hiding its desire for additional access to contractor data, information, and employees. Contractors should continue to expect DCAA to aggressively seek this information. A proactive contractor with a good working relationship with its DCAA representatives is often the first step in resolving many issues. But as this Report indicates, the agency will not hesitate to aggressively seek data that it believes is necessary to complete its audit function.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Susan B. Cassidy Susan B. Cassidy

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors…

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors on compliance with FAR and DFARS requirements, with a special expertise in supply chain, cybersecurity and FedRAMP requirements. She has an active investigations practice and advises contractors when faced with cyber incidents involving government information, as well as representing contractors facing allegations of cyber fraud under the False Claims Act. Susan relies on her expertise and experience with the Defense Department and the Intelligence Community to help her clients navigate the complex regulatory intersection of cybersecurity, national security, and government contracts. She is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. In 2023, Chambers USA quoted sources stating that “Susan’s in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Her clients range from new entrants into the federal procurement market to well established defense contractors and she provides compliance advices across a broad spectrum of procurement issues. Susan consistently remains at the forefront of legislative and regulatory changes in the procurement area, and in 2018, the National Law Review selected her as a “Go-to Thought Leader” on the topic of Cybersecurity for Government Contractors.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

  • Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 7012, and NIST SP 800-171 requirements,
  • Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 and limitations on sourcing from China
  • Federal Acquisition Security Council (FASC) regulations and product exclusions,
  • Controlled unclassified information (CUI) obligations, and
  • M&A government cybersecurity due diligence.

Susan has an active internal investigations practice that assists clients when allegations of non-compliance arise with procurement requirements, such as in the following areas:

  • Procurement fraud and FAR mandatory disclosure requirements,
  • Cyber incidents and data spills involving sensitive government information,
  • Allegations of violations of national security requirements, and
  • Compliance with MIL-SPEC requirements, the Qualified Products List, and other sourcing obligations.

In addition to her counseling and investigatory practice, Susan has considerable litigation experience and has represented clients in bid protests, prime-subcontractor disputes, Administrative Procedure Act cases, and product liability litigation before federal courts, state courts, and administrative agencies.

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Prior to joining Covington, Susan served as in-house senior counsel at Northrop Grumman Corporation and Motorola Incorporated.