Before discussing the audit process, it is important to understand the roles of two organizations that play a pivotal contracting function for the Department of Defense (DoD) – these are the Defense Contract Management, Agency also referred to as DCMA, and the Defense Contract Audit Agency, also referred to as DCAA. DCMA’s mission is to assure that contractor supplies and services are delivered on time, at projected cost, and meet all performance requirements. The specific responsibilities vary widely and are too numerous to mention here. A complete list of responsibilities can be found at FAR 42.302, which includes potential oversight of virtually every aspect of a contractor’s business. For a typical small business, the DCMA may be involved in pre-award evaluation of pricing and assuring that the contractor has adequate management systems in place. After award, continuing through contract closeout, the DCMA closely monitors the contractor for compliance with all contract terms.
By contrast, the Defense Contract Audit Agency, or DCAA, has the primary responsibility for monitoring and auditing the accounting systems of contractors in doing their work for the DoD. The Defense Contract Audit Agency also provides these same services to other government agencies, but usually charges the other agencies for that service. The bulk of the DCAA’s work is with the Defense Department, although it does some work for the Department of Energy (DOE) and for the National Aeronautics and Space Administration (NASA).
So what is the relationship between the DCMA, the DCAA, and the contractor? If you win a DoD SBIR or STTR award and become a Defense contractor you will deal with both DCMA and the DCAA, whether you realize it or not. Your contracting officer, or CO, normally comes from the DCMA organization. These are the people who are authorized to make a commitment on behalf of the government. By contrast, when a DCAA auditor comes to your company to review your financial system, he or she can make a recommendation back to the DCMA, but the DCAA cannot bind you to a commitment to the government.
Depending on the nature of the effort and agency procedures, a contract may require different types of contracting officers. The Procurement Contracting Officer, or PCO, evaluates proposal submissions and supports the program office with its missions. A PCO may be asked to handle all planning and contract actions up to and including award of a contract. Then, as part of that matrixed organization, the Administrative Contracting Officer, or ACO, provides the scrutiny that is needed to manage the contract. The ACO usually assumes responsibility for administering the day-to-day contractual activities after award has been made. Your contracts are signed by the PCO, but there is also a block right on the front of the contract that designates the ACO. You will want to work with both. The PCO represents the organization that will provide the funding for the contract. For example, a contract may be fully funded or incrementally funded by the PCO’s agency. Incremental funding means funds are added to the contract in gradual amounts instead of all at once. It is the PCO who provides more funding. The ACO, who manages all government contractors in your area, approves your bills to the government and assures that you don’t bill for more than the amount funded on a contract. The DCAA, although a large and important player in this whole process, does not have the regulatory authority to dictate what happens on the contract. Whatever happens on the contract, it must go through the PCO and the ACO. The ultimate decisions come from the PCO, in combination with the ACO, on everything that occurs on your contract.
Add to this alphabet soup some additional actors you may meet on the government side. The Contracting Officer’s Technical Representative, or COTR, can also be called the Technical Point of Contact, or TPOC. These individuals are the technical program managers of the contract. Their focus is making sure that the final product or service meets the contractual technical requirements. Contract language will stress that these technical counterparts have no authority to change or waive contract requirements. They must advise the contracting officer who is the only one authorized to initiate and make changes to the contract on behalf of the government.
So, what kind of things should you expect to see in a DoD contract? The Federal Acquisition Regulations, or FAR, dictates what goes into a contract. The FAR is actually a subset (Title 48) of a larger body of regulations referred to as the Code of Federal Regulations but it is sufficient for you to focus on the FAR. A hyperlink to the FAR can be found in the Links section of this tutorial. It is a huge and rather intimidating document. You are not expected to master the FAR. However, it is important to review and be aware of the compliance required within the FAR clauses that appear in your contract.
In dealing with the Department of Defense, you’re also going to see reference to the Defense Federal Acquisition Regulation Supplements, or DFARS. The DFARS describe the specific requirements in contracting with the Defense Department. Be aware that DFARS clauses may appear in your contract in addition to FAR clauses. The FAR and DFARS clauses in your contract are the items that each organization must sift through and with which it must comply. And in both of those cases, they may reference other regulations within the government, such as those from other sections of the “Code of Federal Regulations.” All of these requirements taken as a whole is a maze of regulations that can be quite confusing for a new awardee.
For the Small Business Innovation Research (SBIR) program, contractors will want to focus on contract clauses derived from the FAR and DFAR Parts 16, 27, 31 and 42. Part 16 addresses contract types and implements billing and cost techniques a contractor must follow. Part 27 delineates data and intellectual property rights, important subjects for SBIR/STTR funded firms. Part 31 provides a general framework for an adequate accounting system along with articulating cost allowability rules for a list of typical expenses. Part 42 defines the roles and responsibilities for the management of government contracts. Again, there are hyperlinks in the Links section that will take you directly to these sections.
Before discussing the types of audits, let’s introduce the different types of contracts, so that you can understand why some contracts have more comprehensive audits than others. There are three primary types of contracts that you are likely to encounter: (1) Fixed Price; (2) Cost Reimbursement; and (3) Time and Materials. There are different levels of risk, for the government, associated with each of these. As the level of risk goes up for the government, its need for control and review of the contractor’s systems becomes greater because they’re trying to mitigate that risk.
The accompanying figure contrasts the government's risk by contract type. You will notice that the fixed-price contracts have the least amount of risk to the government because this contract type places all the risk on the contractor to perform, and to perform at a price specified in the contract. It’s easy for a contractor to get into trouble with Fixed-Price contracts, especially when they’re for services, because of “scope-creep”, where the government says, “Oh, that’s nice. Can you do this?” And, the contractor looking to please says, “Oh, sure, that’s easy to do” even though it’s not in the original scope of work. So, the contractor ends up spending more time and delivering more, while still receiving a fixed amount of money for what they deliver. And, if the contractor has looked closely at their labor costs, they would see that it’s exceeding what they’re getting from the government. So, that’s a risk to the contractor. All Phase I awards with the DoD are Firm-Fixed Price. As an aside here, managing contract changes is a subject requiring a degree of specialized knowledge, since it is often an area where disputes arise. Identifying and communicating changes to the contracting officer that are out of scope of the work effort is a contractor’s responsibility. In fact, your contract may include FAR 52.243-7 which requires precisely that. Larger contracts manage this process by instituting a change management process where the contractor operates a Change Board for the express purpose of identifying, classifying, pricing, and negotiating contract changes.
Now back to contract types. The government also uses Cost Reimbursable contracts for many of the services that it acquires, and especially for research and development. Cost Reimbursable contracts are most frequently used by DoD with Phase II SBIR awards. In this situation, the government is assuming more of the risk, therefore they want to have more control to assure that billed expenses are valid, allowable, and as a way of addressing any threat of exceeding contract cost targets. They want to avoid the cost overrun stories we hear from time-to-time. As a result, the government has instilled controls to prevent similar results. With cost reimbursable contracts, the risk is greater for the government, which is why auditors become more interested in your accounting system and how you operate it. With that as background, let’s shift now to a discussion of audits – those occasions when the government will send an auditor from DCAA to spend time at your facility looking over your accounting and record-keeping systems.