On February 24, 2012, the Department of Defense (DoD) “adopted as final, with changes, the interim rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to improve the effectiveness of DoD oversight of contractor business systems.” In other words, after nearly four years of intense regulatory debate and proposed rule iterations, the Business Systems Rule has been finalized. Despite many industry comments, the changes that were made from the previous interim rule to the final rule were less than substantive. Many of the changes actually made included clarifications that lead to rewording language in the rule. Hotly contended items such as the withholding percentage (to 10%) and qualifying contracts (Fixed price as well as Cost Reimbursable Contracts, subject to CAS threshold), remained applicable in the final rule.

When does the business System Rule Apply

The rule applies to any DoD contract or subcontract awarded subsequent to May 18, 2011 for which no exemptions from CAS are available. For DoD CAS covered contracts that include the clause 252.24.-7005 Contractor Business Systems, and one of the following:

252.215-7002, Cost Estimating System Requirements

  1. The clause is prescribed when the contract award is based on certified cost or pricing data
  2. However, the system requirements and withhold authority only applies to large businesses that received DoD prime contracts and subcontracts totaling more than $50M (sometimes $20M) in their prior fiscal year based on certified cost or pricing data.

 

252.234-7002, Earned Value Management System

  1. When the contract requires the contractor to use EVMS
  2. However, in DoD, EVMS is only applicable to cost or incentive contracts valued at $20,000,000 or more

252.242-7004, Material Management and Accounting System

  1. Award value is for non-commercial item and award value is over simplified acquisition threshold;
  2. Not awarded to small business, educational institution, or not-for-profit organization
  3. Award is either cost-reimbursement or fixed-price with progress payments based on cost

252.242-7006, Accounting System Administration

  1. Cost-reimbursement, incentive type, time-and-materials (T&M), or labor- hour (LH) contracts
  2. Contracts with progress payments based on cost or percentage or stage of completion

252.244-7001, Contractor Purchasing System Administration

  1. Contract contains the clause 52.244-2, Subcontracts
  2. All cost-reimbursement
  3. Letter contracts, T&M, LH > SAT
  4. Fixed-price > SAT with anticipated unpriced options
  5. However, within DoD, CPSRs are only conducted if a contractor’s sales to the Government are expected to exceed $25 million during the next 12 months.
  6. Excluding competitively awarded firm- fixed-price and competitively awarded fixed-price with economic price adjustment contracts and sales of commercial items pursuant to Part 12

252.245-7003, Contractor Property Management System Administration

  1. Contract contains the clause 52.245-1, Government Property
  2. All cost-reimbursement & T&M; Labor Hour when Government property is expected to be furnished
  3. Fixed-price when the Government will provide Government property
  4. Awards under FAR Part 12 when Government property over Simplified Acquisition Threshold is furnished

While the Business Systems Rules are to be limited to CAS qualified contracts, in which Foreign owned companies are for the most part exempt, DCAA has audit policies/programs which state that “DFARS Business Systems Criteria is suitable criteria for determining the acceptability of any contractor’s system”. Hence, any accounting or other system touched by A DCAA audit is at risk for issues involving compliance with one or more of the DFARS Business Systems Criteria.

Not only has DCAA incorporated the Business System criteria in the Defense Contract Audit Manual (DCAM), the DCMA has also incorporate the criteria in its published policies for the following systems:

  1. Contract Property management
  2. Contractor Purchasing System Review
  3. Material management and Accounting systems (MMAS) Review
  4. Earned Value Management System Compliance Review

What are the common Business System Requirements/Expectations?

  1. Policies and Procedures
  2. Defines roles & responsibilities
  3. Identifies people, processes, and technology used in the business system
  4. Provides guidance on compliance with company policies, contract requirements
  5. Training
  6. Educates personnel on their job responsibilities
  7. Ensures awareness of policy & procedure information
  8. Sound Organizational Structure
  9. Ensures proper segregation of duties
  10. Defines roles, responsibilities, and authority limits for personnel in the business system
  11. Management Oversight & Review
  12. Provides management with insight into system performance and compliance
  13. Reduces the risk of fraud, waste, and abuse

What are the common Business System disapprovals themes?

  1. Accounting:
    1. CAS non-compliances (logical and consistent method for the accumulation and allocation of indirect costs)
    2. Questioned costs (Incurred Cost Audit)
    3. Billings not reconciled to the cost accounts for both current and cumulative amounts claimed and comply with contract terms
    4. Unallowable cost
    5. Inadequate Timekeeping practices
    6. Cost accounting: By contract clause if required (Limitation of Cost or Funds, Allowable Cost & Payment), Readily calculate indirect cost rates from books
  2. Estimating: Supplier cost/price analysis, Defective Pricing, Documentation
  3. Purchasing: Supplier cost/price analysis (LTAs, etc), Documentation
  4. Property: Inventory and Asset controls, Documentation
  5. EVMS: Inadequate variance analysis documentation, Cost and schedule
  6. integration, Data integrity issues
  7. MMAS: Key metric monitoring, Inventory management, Documentation

What is an acceptable contractor business system?

Contractor business systems that comply with the terms and conditions of applicable business systems clauses listed in the definition of “contractor business system” in this clause.

What is considered a significant deficiency?

A shortcoming in the system that materially affects the ability of officials of the DoD to rely upon information produced by the system that is needed for management purposes.

DCAA MRD (12-PAS-012(R)) Audit Guidance on Auditing Contractor Business Systems and Contractor Compliance with DFARS 252.242-7006, Accounting System Administration

“If there is a reasonable possibility that the identified noncompliance with the DFARS criteria will result in a material noncompliance with other applicable Government contract laws and regulations (emphasis added), either individually or in combination, it is a significant deficiency/material weakness”

DCAA MRD (14-PAS-009(R)) – Audit Guidance on Reporting Business System Deficiencies

  1. Report less severe noncompliance separate from significant deficiencies
  2. Either separate section in the same audit report or in a memorandum to the ACO

What is the risk for noncompliance?

“If the Contracting Officer issues the final determination with a notice to withhold payments for significant deficiencies in a contractor business system required under this contract, the Contracting Officer will withhold five percent of amounts due from progress payments and performance- based payments, and direct the Contractor, in writing, to withhold five percent from its billings on interim cost vouchers on cost-reimbursement, labor- hour, and time-and-materials contracts until the Contracting Officer has determined that the Contractor has corrected all significant deficiencies…”

The total percentage of payment withheld …shall not exceed:

1.  Five percent for one or more significant deficiencies in any single contractor business system; and

2. Ten percent for significant deficiencies in multiple contractor business systems

However it is important to note that DCMA is maxing this out by applying on a contract by contract basis when multiple systems are disapproved. Another words the withhold percentage is being applied not to the company as a whole but to each contract.

What can you do?

  1. Establish clear and concise policies and procedures and ensure compliance with those policies and procedures.
  2. Maintaining a positive working relationship with DCAA and DCMA is essential.
  3. Be proactive in your compliance program – do not wait until the Government schedules and audit
    1. Know what business systems applicable to your company require Government approval and how DCAA/DCMA will likely audit or review
    2. Map your controls to the DFARS evaluation criteria in advance
    3. Identify system gaps based on DFARS evaluation criteria, the DCAA Audit program/ICM and your business system controls
    4. Consider establishing an on-going compliance management planning process to identify and periodically review control risks and mitigation plans to ensure the company is on track.
    5. Ensure that policies and procedures are consistent across the organication – Policy vs. Procedure vs. Manual, etc
    6. Ensure all roles and responsibility are documented
    7. Do not write the company policies for compliance; write them for the business and incorporate compliance components within.
    8. Develop an internal control matrix that serves as a data base for internal controls and identifies
        1. Control objectives, risks and owners
        2. Location in policies, procedures, and process flows
    9. Develop a process flowchart that:
        1. Documents the work flow and highlight internal controls
        2. process flowcharts and internal controls’ matrix that demonstrate compliance
    10. Use these documents during system walkthroughs with auditors/reviewers to help them gain an understanding of each systems policy and procedures
  4. Develop a process for maintaining a compliant business system
    1. Assess the system’s adequacy against DCAA/DCMA requirements
    2. Remediate any deficiencies identified by developing a Corrective Action Plan (CPA) and a time line for implementation.
    3. Prepare compliance documentation – Process Flow documentation and Policy and Procedure development
    4. Develop a monitoring and maintenance Plan
      1. Develop and implement a control testing plan
        1. Determine test objectives
        2. Determine sample size
        3. Make steps repeatable
        4. Identify appropriate reviewers
        5. Determine frequency
      2. Develop and implement a training Plan
        1. Document attendance and course materials
        2. Plan should include
          1. Functional policies and procedures
          2. Business Ethics and Code of Conduct
          3. Applicable laws and regulations
      3. Policy and Procedure Review Plan
        1. Review for changes in process/organization/regulations and update as needed

TD Government Solutions can help (TDGS) ! We have developed an effective, efficient methodology to move contractors towards compliance. We provide a detailed compliance gap analysis with recommendations towards remediation along with a comprehensive set of customized policies / procedures. TDGS has performed these projects for a number of the government contract firms in the industry.