DCAA Compliance and First Audit – This Should Be a Happy (But Careful) Time

I recently attended a workshop that was so spot-on I’ll even mention the speaker and his company: Kevin Grimes of CFO Leasing. I never met Kevin prior to that workshop but was very impressed with how clearly and succinctly he conveys the pitfalls and nuances of becoming DCAA compliant.

Getting a notice that you are going to be audited by DCAA should not be frightening, but should be a joyful notice. The fact that your company has gotten the attention of DCAA means that you are about to be awarded a large contract or your business has grown so successfully that you are a larger federal contractor; both reasons to be happy, not frightened. However, at this point, you need to understand that:

  • The fact that you have never been subject to an audit does not mean you did not have to comply with FAR (more on this later) if you have been doing contracts
  • Your IRS/GAAP accountant who has served you so well in the past may not have the capability to assist you with this specialized DCAA audit
The rules by which you must comply are in The Federal Acquisition Regulation (FAR) book. As Kevin states so eloquently, FAR has 1,792 pages and almost two and a half inches thick, most of which is Latin and Greek. A sister companion book, the government Cost Accounting Standards (CAS) is 841 pages and must be written by the same authors with similar obtuse writing styles. These two publications make up the rules and regulations all government contractors must follow and reinforce the fact that accounting for government contracts adds significant complexity to that required for commercial business.

This complexity frequently causes smaller businesses to ignore the rules in these books. And for a short while, not a single person complains or asks you any questions about how and what you do to create quotes, invoice the government or how you arrive as your costs. But then the DCAA audit letter (actually an email) arrives, and it is very friendly (“Please contact us with any questions”) and descriptive of what they want (an onsite visit for a Financial Capability Risk Assessment and a Pre-Award Accounting Survey). Sounds innocuous enough, right?

Well, they will most likely ask for an onsite audit meeting within a week or so; unless you understand FAR and how your processes (how many companies have ALL their employees record time on a daily basis, exempt and non-exempt, and record all hours, whether paid or not?) are codified in your company documentation. Do you understand how to allocate indirect costs, allowable and non-allowable, G&A to your quotes, contracts and invoices?
To help you through this, you need a relationship with a software and technology partner who specializes in serving government contractors. You need a partner who can deliver a software/technology needs assessment that unearths your requirements, and can implement, configure a financial software system that is fully FAR and CAS compliant and ready to withstand DCAA audits. This partner should also be able to recommend a set of policies and procedures to operate that system and guide your organization. KTL Solutions and Microsoft Dynamics SL can help you through this with a DCAA compliant system and processes, but don’t wait until the audit letter arrives, contact us today!

STEVE HAMMETT | Director of Sales

Steve graduated from University of Maryland, Baltimore, with a Bachelor of Science (B.S.),  in Economics and a few years later, a Master of Science (M.S.), in Information Technology. He has helped organizations for over fifteen years to solve business problems using technology. He is well informed with all Microsoft Business Solutions and is a Solutions Certified Sales Representative. For fun he looks to the outdoors, whether water, where he is a sailor (Coast Guard certified in Costal Piloting and Navigation), a PADI certified scuba diver, and a certified Red Cross Water Safety Instructor, or land, where he is a skier, hiker and mountain biker.

Share this post

Related Posts

Checking Your CMMC Progress

Written by Alec Toloczko With Cybersecurity Maturity Model Certification (CMMC) requirements on the horizon, it’s crucial for organizations handling Controlled Unclassified Information (CUI) to adhere

Read More »