On November 30, 2023, the Inspector General of the Department of Defense (“DoD IG”) released a Special Report: Common Cybersecurity Weaknesses Related to the Protection of DoD Controlled Unclassified Information on Contractor Networks (the “Report”). Between 2018 and 2023, the DoD IG reports it conducted five audits related to DoD contractors’ protection of Controlled Unclassified Information (“CUI”), in accordance with the cybersecurity requirements in National Institute of Standards and Technology (“NIST”) Special Publication (“SP”) 800-171. Additionally, the Report states that since 2022, the DoD IG has provided support/assessments for five investigations under the Department of Justice’s (“DOJ”) Civil Cyber Fraud Initiative (“CCFI”).[1] Continue Reading DoD IG Report Provides Insight Into Common Missteps When Protecting CUI
Audits
Government Contracts Cost and Pricing: The Truth in Negotiations Act, or Whatever the Kids Are Calling It These Days (Part 3)
Welcome back to the Cost Corner, where we provide practical insight into the complex cost and pricing requirements that apply to Government Contractors. We just completed two articles on the Truth in Negotiations Act (TINA) [1] and, before that, two articles on Defense Contract Audit Agency (DCAA) audits. This issue of the Cost Corner concludes our coverage of TINA by addressing DCAA Truth in Negotiations (TIN) compliance audits (defective pricing audits) and identifying best practices for contractors to mitigate defective pricing risk.Continue Reading Government Contracts Cost and Pricing: The Truth in Negotiations Act, or Whatever the Kids Are Calling It These Days (Part 3)
Government Contracts Cost and Pricing – DCAA Audits (Part 2)
Welcome back to the Cost Corner, where we provide practical insight into the complex cost and pricing compliance issues facing Government contractors. This is the second installment of a two-part article on Defense Contract Audit Agency (DCAA) audits. DCAA’s mission is to conduct contract audits and to provide accounting and financial advisory services to all Department of Defense (DoD) components responsible for procurement and contract administration. Part 1 of this article provided an overview of DCAA’s mission, organization, and audit rights, as well as the types of audits conducted by DCAA. Part 2 focuses on DCAA’s standard audit procedures across audit types and identifies best practices for contractors dealing with DCAA audits.Continue Reading Government Contracts Cost and Pricing – DCAA Audits (Part 2)
The Cost Corner: Government Contracts Cost and Pricing – DCAA Audits
Summer is here and we’re back with another edition of the Cost Corner, where we provide practical insight into the complex cost and pricing requirements that apply to Government contractors. We just completed a two-part series on the Truthful Cost or Pricing Data Statute, commonly known as the Truth in Negotiations Act (TINA).[1] We will return to TINA in a few months to address the Defense Contract Audit Agency’s (DCAA) playbook for defective pricing audits. But first, we embark on a two-part series regarding DCAA audits generally. Part 1 (this article) provides an overview of DCAA’s mission, organization, audit guidance, and audit rights. We also address the types of audits DCAA conducts and recent DCAA audit statistics. Part 2 (our next article) will focus on DCAA’s audit guidance, audit procedures, and best practices for contractors dealing with DCAA audits.Continue Reading The Cost Corner: Government Contracts Cost and Pricing – DCAA Audits
The Special Inspector General for Pandemic Recovery Calls For Increased Funding and Expanded Jurisdiction In Its Quarterly Report To Congress
On July 30, 2021, the Special Inspector General for Pandemic Recovery (“SIGPR”), Brian D. Miller, submitted his quarterly report to Congress. SIGPR was created as an independent watchdog of the Department of the Treasury under the CARES Act. It is tasked with investigating fraud and abuse of federal stimulus funds in response to COVID-19, and works in collaboration with law enforcement and U.S. Attorney’s Offices throughout the country. These investigative efforts have resulted in civil and criminal enforcement actions against recipients of federal funding throughout the country, and such enforcement action investigations are sure to continue. The quarterly report showed that the federal government has been active in investigating fraud and abuse related to stimulus funds, and its call for additional funding signals an increase in future enforcement against recipients of federal stimulus funds.
Continue Reading The Special Inspector General for Pandemic Recovery Calls For Increased Funding and Expanded Jurisdiction In Its Quarterly Report To Congress
OIG Investigations (Without Subpoena Bells and Whistles) Coming to a Program Near You
The Inspector General Act of 1978 aimed to “consolidate existing auditing and investigative resources to more effectively combat fraud, abuse, waste and mismanagement in the programs and operations of [the executive branch].” To fulfill this mandate, the Act created the Offices of Inspector General (“OIG”) in various executive departments and agencies, including the Department of Defense (“DOD”), and authorized them to conduct and supervise audits and investigations to prevent and detect fraud, waste, and abuse. The DOD OIG’s primary investigative weapon has been the subpoena. More recently, however, the DOD OIG has subtly expanded its investigative arsenal by calling upon the Defense Contract Audit Agency (“DCAA”) to step up its fraud inquiries and by conducting more “Quality Assessments” and “Audits” without sounding the warning shot of the subpoena.
Continue Reading OIG Investigations (Without Subpoena Bells and Whistles) Coming to a Program Near You
Smash & Grab Redux – Congress Seems to Give DCAA Permission But Forgets to Give It Authority
Last month we wrote about a provision in the proposed 2013 National Defense Authorization Act (“NDAA”) that would have given the Defense Contract Audit Agency (“DCAA”) statutory authority to demand a company’s internal audit reports in order to audit the efficacy of a company’s internal business systems. Surprisingly, the authorization, as originally proposed, was modified in the final legislation. While Congress directed DCAA to issue new guidance regarding auditor access to internal audit reports, Congress stopped short of giving DCAA actual authority to demand such reports. As such, contractors will remain at loggerheads with DCAA auditors who try to exceed their statutory authority.Continue Reading Smash & Grab Redux – Congress Seems to Give DCAA Permission But Forgets to Give It Authority
Smash & Grab – DCAA Poised to Gain Access to Contractor Internal Audit Reports
The Defense Contract Audit Agency (“DCAA”) has long sought access to contractors’ internal audit reports in connection with the routine audit of contractors’ business systems. Contractors have, in most cases, successfully resisted requests for such access on the grounds that DCAA has no statutory authority to request such documents. But that may soon change. Section 843 of the Senate version of the 2013 National Defense Authorization Act (S. 3254) would grant DCAA broad access to contractor internal audit information.Continue Reading Smash & Grab – DCAA Poised to Gain Access to Contractor Internal Audit Reports
Final Rule for IR&D Reports Fails to Address Most Serious Questions
By David S. Gallacher and Kerry O’Neill
Last April, we wrote about proposed changes to Department of Defense ("DoD") reporting requirements for independent research and development ("IR&D"), raising concerns about how the proposed change would tie recoverability of IR&D costs to new reporting and disclosure requirements. Recently, Defense Federal Acquisition Regulation Supplement ("DFARS") 231.205-18(c) was finalized, with changes. See 77 Fed. Reg. 4632 (Jan. 30, 2012). This final rule is a mixed bag that got some things right, but also leaves some of the most serious issues unresolved.Continue Reading Final Rule for IR&D Reports Fails to Address Most Serious Questions
From Attestation Reviews To Examinations: The GSA OIG Expands The Scope Of Its Pre-Award Audits
So there I was, just sitting there minding my own business. It was the third day of the GSA OIG’s site visit being conducted as part of a routine pre-award audit (or as the OIG called it, a pre-award “attestation review”), and all was going well. The auditor, who was quite a nice guy frankly, had had many questions, as was to be expected, but nothing for which this particular mid-sized GSA Schedule contractor did not have a reasonable response. No Price Reductions Clause violations. No overbillings. No resume qualification issues. Overall, a pretty darn good preliminary report if you ask me. But then, out of the blue, he says, “okay, I’d like to interview your personnel now.” Interview my personnel?! Come again!?
Continue Reading From Attestation Reviews To Examinations: The GSA OIG Expands The Scope Of Its Pre-Award Audits
The Times They Are A Changin’ – Independent Research and Development May Not Be So “Independent” Any More
Those familiar with Government contracting know at least a little bit about the elusive and fickle regulatory requirements for Independent Research and Development (“IR&D” or “IRAD”) costs. IR&D is a means by which the U.S. Government supports a Contractor’s independent R&D efforts. By reimbursing a Contractor’s independent R&D costs, the Government long has hoped to advance the state of the art without stifling a contractor’s innovation under the weight of a federal bureaucracy, while simultaneously banking on the fact that the U.S. Government also will benefit from the technology advancements. But two recent developments may change the essential nature of IR&D, making it less “independent” and more “dependent” on Government rights and oversight. To quote Bob Dylan – “the times they are a changin’.”
Continue Reading The Times They Are A Changin’ – Independent Research and Development May Not Be So “Independent” Any More