220 likes | 479 Views
Contractor Oversight Lessons Learned. Dan Blair Program Director Defense Financial Auditing Service DoD IG (703) 325-6120 daniel.blair@dodig.mil. Overview. COR/COTR responsibilities Sources of Guidance for Contractor Oversight Lessons Learned. Contractor Oversight.
E N D
Contractor Oversight Lessons Learned Dan Blair Program Director Defense Financial Auditing Service DoD IG (703) 325-6120 daniel.blair@dodig.mil
Overview • COR/COTR responsibilities • Sources of Guidance for Contractor Oversight • Lessons Learned
Contractor Oversight • Various administrative duties • COR/COTR is responsible for ensuring that the contractor provides audit services that • Meet the requirements of the SOW • Meet professional standards • Meet other internal requirements • Internal referencing • Workpaper preparation standards
Sources of Guidance • PCIE Best Practices Guide
Sources of GuidancePCIE Best Practices Guide • Actively involved in managing the financial statement audit even when the work is done by a contractor. • A senior IG auditor should be designated as the IG official point of contact. • Facilitate effective and professional relationships between contract auditors and agency representatives.
Sources of GuidancePCIE Best Practices Guide cont. • The appropriate contractor and agency personnel meet when there have been changes in key personnel. • Issue headquarters and field notification letters, and host the entrance and exit conferences, as appropriate. • Arrange for the review and dissemination of contractor developed audit findings and proposed adjustments to CFO personnel.
Sources of GuidancePCIE Best Practices Guide cont. • Communications between contract auditors and agency officials are open and continuous, and that issues are addressed in a timely manner. • IG personnel should review the contractor’s working papers to ensure compliance with Government Auditing Standards and the specific requirements of the contract.
Contractor Oversight Other Sources of Guidance • AU 543, "Part of Audit Performed by Other Independent Auditors" • AU 322, "The Auditor's Consideration of the Internal Audit Function in an Audit of Financial Statements" • AU 336, "Using the Work of a Specialist • Other agency internal guidance
Contractor Oversight Other Sources of Guidance • GAO/PCIE Financial Audit Manual 650 - USING THE WORK OF OTHERS .01 The audit organization should use FAM 650 to design and perform appropriate oversight and other procedures to use the work of other auditors and specialists.
Sources of Guidance FAM 650 cont. The principal auditor exercises considerable judgment in deciding what procedures are necessary to use the work of the other auditor. These judgments include • the type of reporting • the auditor's evaluation of the other auditors' or specialists' independence and objectivity • the auditor's evaluation of the other auditors' or specialists' qualifications and • the auditor's determination of the level of review
Sources of Guidance FAM 650 cont. REVIEW OF DOCUMENTATION • The extent of the auditor's review of the other auditors' documentation depends auditor judgment • For the low level of review, the review of documentation may be limited to key summary planning and completion documentation.
Sources of Guidance FAM 650 Review of Documentation • For the moderate level, review focuses more on important audit decisions • General Risk Analysis or audit plan; • Account Risk Analysis; • Specific Control Evaluations for significant applications, • documentation for high-risk accounts, estimates, and judgments; • analytical procedures; • audit completion checklist; • audit summary memorandum; and • summary of possible adjustments.
Sources of Guidance FAM 650 Review of Documentation • High level of review - the auditor generally should review all of the items for the moderate level of review plus the important detailed documentation. • Hold discussions with management and/or perform tests of original documents. • estimates and judgments generally with the other auditors present. • entrance and exit conferences and other key meetings • supplemental tests
Lessons Learned • Review contract proposals VERY carefully • Watch for assumptions buried in the contract • Changes in these assumptions could result in a modification • Proposals should also be read by people who specialize in contracting
Lessons Learned • Make the SOW tasks explicit to avoid expectation gap • Link tasks to existing internal or external guidance • Workpaper requirements • Referencing draft reports
Lessons LearnedFirm Fixed Price Isn’t ! • Unexpected contract modifications are frequent and expensive • Changes in period of performance • Changes in teaming arrangements • Changes in the scope of work – adding “new” tasks • Granting deviations from any of the established contract terms
Lessons LearnedFirm Fixed Price Isn’t ! Causes of Modifications • Unclear understanding of contract terms • Obligating the Government – telling the contractor to perform additional work • Incomplete reviews of deliverables
Lessons Learned • Contracts contain assumptions that guide the scope of the work • Audit risk or reliance on internal controls • Time to complete the audit • Level of assistance from agency personnel • Understand the assumptions in the proposal/contract because they help define the scope of the work
Lessons Learned • Start early • Know your deliverable date • Consider the time to do the audit + more • Review and scrutinize deliverables • Expect multiple iterations – especially when the contract is not explicit, during first year audits, when there are changes in audit staff