1 / 35

Contractor Business Ethics, Compliance Program and Disclosure

Contractor Business Ethics, Compliance Program and Disclosure. Breakout Session Cost Acct, Internal Controls and DCAA Audit, # 802 Name: Brent Calhoon and John Van Meter Date: April 7, 2009 Time: 3:00 – 4:30 – Happy Hour. 2. Internal Control Systems: Life after “Close the Fraud Loophole”.

archie
Download Presentation

Contractor Business Ethics, Compliance Program and Disclosure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Contractor Business Ethics, Compliance Program and Disclosure Breakout Session Cost Acct, Internal Controls and DCAA Audit, # 802 Name: Brent Calhoon and John Van Meter Date: April 7, 2009 Time: 3:00 – 4:30 – Happy Hour 2

  2. Internal Control Systems:Life after “Close the Fraud Loophole” • Stage 1 - DCAA Audit Status • Internal Control Audits • Access to Records • Incurred Cost Submissions • Stage 2 – Internal Control Systems - Life after “Close the Fraud Loophole”

  3. Today's Internal Control Environment MAR 09 DCAA Policy Revisions IG Referral July 2008 GAO report - Allegations that certain audits at three locations did not meet professional standards were substantiated 2007: Rqmnt for ethics programand system of internal controls Dec 2008 DCAA Policy Revisions ICS audit opinions/ Denial of Access March 2008: DCAA re-defines materiality Dec 2008 “Close the Fraud Loophole” final ethics, compliance, internal controlsand disclosure rule DCAA revises ICAPS approach

  4. Definition of Materiality From PCAOB AS-5 : Materiality "material weakness" as having a reasonable possibility of leading to a material misstatement that will not be prevented or detected on a timely basis. From DCAA Guidance: Materiality On March 3, 2008, DCAA guidance on reporting internal control deficiencies that defined "significant deficiency” " the potential unallowable cost is not clearly immaterial” "internalcontrol deficiencies that result in or could result in costs being charged to Government contracts …should be reported as significant deficiencies and be considered material weaknesses, unless the potential unallowable cost is clearly immaterial."

  5. Audit Opinions Related to Internal Controls Continued reassessment of audit policies – by product of the July 2008 GAO report • Revised audit opinions on internal control systems from three to two • Clarifies what is a significant deficiency / material weakness

  6. DCAA Guidance Audit Opinions Most notable change: • Elimination of “middle” audit opinion • System of internal controls is “inadequate in part” • Going forward “pass” or “fail” binary approach

  7. DCAA Guidance Audit Opinions New Guidance Audit Opinions Internal Control Systems (12/19/2008): • failure to accomplish any control objective tested for in DCAA’s internal control audits will or could ultimately result in unallowable costs charged to Government contracts, even when the control objective does not have a direct relationship to charging costs to Government contracts • failure to accomplish any applicable control objective should be reported as a significant deficiency/material weakness • not necessary to demonstrate actual costs questioned to report a significant deficiency

  8. DCAA Guidance Audit Opinions New Guidance Audit Opinions Internal Control Systems (12/19/2008): Also eliminates the reporting of suggestions for improvement of systems • Not required by GAGAS • Auditor Independence • Unlikely to receive feedback on solutions to reported deficiencies

  9. Effect of new guidance Predictable Effects • Increase in DCAA audit reports expressing an opinion that a system is inadequate • Prior audits with opinions of “inadequate in part” or “suggestions to improve the system” will revert to “inadequate” if procedures or practices were not modified

  10. New DCAA Guidance Limited Scope Audits “Limited Scope Audit” (12/19/2008) • Auditors will not wait to perform a full or follow-up system audit to change the opinion on the contractor’s system when deficiencies are identified in other audits. In essence an audit of an internal control deficiency identified through another audit

  11. New DCAA Guidance Limited Scope Audits • Limited scope audit is a review of control activities related to the applicable control objective identified as a deficiency. • The limited scope audit report will render an opinion of inadequate if the contractor fails to accomplish a single control objective.

  12. New DCAA Guidance Limited Scope Audits • Unlike the guidance on audit opinions there is no wording that applicability is limited to “major contractors” • Consequently, any contractor may be cited by a limited scope internal control audit for inadequate internal controls

  13. Access to Records Documentation required in a timely manner • Requests for information should be (written or verbal) • Clearly state what is needed • When the information should be provided; reasonable time period • Information is generally expected on date requested

  14. Access to Records • Access to records also includes access to personnel • Use of liaison to process requests is seen a potential delay • Inhibits access to personnel responsible for requested information

  15. Denial of Access to Records • Written request within five days of any missed date to VP or CFO with copy to ACO • Formal denial of access if another week goes by • With notification to ACO • Notification to Region with copy to Headquarters

  16. Next Step - Subpoena • RD reviews matter assess if subpoena is appropriate • RD consults with DCAA HQ – Policy and Legal • FAO submits a request for subpoena • DoDIG

  17. Withholding of Costs • Costs related to access issue will be suspended and/or withheld – DCAA Form 1 • Costs related to the denial of records should be questioned • Audit report opinion should be qualified or adverse as a result of scope restriction • Internal control deficiency/material weakness – limited scope audit • Denial of records will still be pursued even if you concur with CQ

  18. Lost or Destroyed Records • Denial of access should not be pursued • Written statement from company management • Coordinate with ACO and perform audit

  19. Timely Final Rate Settlement • DCAA will only program and schedule incurred cost audits when adequate submissions are on hand • Coordinate with DCMA proactive measures for obtaining adequate submissions • Aggressively pursue late submissions

  20. Timely Final Rate Settlement - Proactive Measures • Limit proposal extensions • Unilateral rates • Decrement billing rates • Establish withholds for inadequate systems

  21. Timely Final Rate Settlement - Proactive Measures • Rescind authorization for direct billing if submission is late and ACO extension not obtained • Internal control deficiency/material weakness – limited scope audit

  22. Timely Final Rate Settlement - DCMA Guidance Feb 10, 2009 • Grant extensions only in exceptional circumstances • Provide DCAA a written explanation of the exceptional circumstances that warrant the extension • Work with DCAA to identify inadequate submissions

  23. DCMA Guidance Feb 10, 2009 ACO should take aggressive actions to obtain adequate submissions • Establish unilateral rates • Decrement provisional billing rates • Establish contract withholds

  24. Status of DCAA Audit and Internal Controls Internal Control Systems:Life after “Close the Fraud Loophole” Legislation

  25. Disclosure Requirements - The Basics • Amendments to FAR 3.10, 9.4, and 42.15, and 52.203-13 • Requires disclosure of certain crimes, False Claims Act violations, and Overpayments • Applies to all contractors (large, small, commercial-item, OCONUS) • Effective Date: December 12, 2008 • Noncompliance is grounds for suspension or debarment

  26. Internal Control Systems:Life after “Close the Fraud Loophole” • Final Rule Effective 12 December 2008 • Critical Impact of Mandatory Disclosure, Internal Control Systems • Final rule amends FAR 3.10, 9.4, and 42.15, and 52.203-13 • Code Of Ethics and Conduct • Compliance Awareness • Due Diligence to Prevent and Detect Crimes • Internal Control Systems • Flow Down Requirements

  27. Applicability - Ethics, Compliance Awareness and Internal Controls Components • Future contracts awarded after 12 December 2008 • All contracts with a value expected to exceed $5,000,000 and performance of >120 days, small business and commercial item contracts exempted from specific compliance awareness and internal controls requirement • However, all contractors must • Have a written code of business ethics and conduct (30 days after award); • Make the code available to all employees involved in performance of the contract; • Exercise due diligence to prevent and detect improper conduct; • Promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law

  28. Ethics, Compliance Awareness and Internal Control Components • Within 90 days of contract award • Key Elements • Include reasonable steps to communicate periodically and in a practical manner the Contractor's standards and procedures and other aspects of the Contractor's business ethics awareness and compliance program and internal control system • Deliver effective training programs and otherwise disseminating information appropriate to an individual's respective roles and responsibilities. • The training conducted under this program shall be provided to the Contractor's principals and employees, and as appropriate, the Contractor's agents and subcontractors.

  29. Requirements - Internal Control System Requirements • Within 90 days of Contract Award • Must establish procedures to facilitate timely discovery of improper conduct in connection with government contracts. This includes at a minimum:  • Responsibility at a sufficiently high level with adequate resources • Exclude Code violators as principals - don’t employ violators as managers or supervisors • Periodic reviews of company practices, policies, proceduresand internal controls for compliance with the code and the requirements of government contracting • Monitoring and auditing to detect improper conduct

  30. Requirements - Internal Control System Requirements (continued) • Periodic risk assessmentsof improper conduct and implementation of appropriate steps to address the risks identified • Hotline Mechanism • Disciplinary action for engaging in or failing to take reasonable steps to detect and prevent improper conduct, as well as incentives to encourage compliant behavior • Timely Disclosure

  31. Challenge to Disclosure: Internal Control Expansion Traditional Compliance Internal Control Systems • Gnrl Envrnmnt • Accounting • Purchasing • Estimating • Billing • Labor • Material • Budgeting/Planning • General IT • Compensation • Risk Analysis, Disclosure • Gifts to Gov’t Employees • Hiring Government Employees • Significant Overpayments • Proposal Reps and Certs • Oral Proposals • Employee Qualifications • Failure to perform tests • Source and Origin • Product Substitution • Obstruction of Federal Audit • Additional Internal Control Rqmnts • Export Controls • Gov’t Property • EVMS • Business Development • Quality • Program Management • HR • Legal

  32. What’s a Contractor to do? • There will be existing disagreements on adequacy of internal control systems measured by a number of third parties (external financial auditors, DCAA, contracting officers). Companies must self evaluate adequacy of internal control systems in a structured approach including: • Self Risk Assessment Measured Against “Traditional” and Disclosure Areas • Define Materiality/Sensitivity for Federal Contracting • Define Disclosure Process • Focus on Key Controls – acknowledge compensating controls • Leverage Control Environment and Fraud controls from SOX if available • Establish Testing/Monitoring Program • Effectively Communicate/Train • Implement System Controls/Forensic Tools for Exception Reporting

  33. Questions Questions ?

  34. Navigant Consulting Bill Keating William.Keating@navigantconsulting.com John Van Meter John.VanMeter@navigantconsulting.com 703 734-5900

More Related