Last month we wrote about a provision in the proposed 2013 National Defense Authorization Act (“NDAA”) that would have given the Defense Contract Audit Agency (“DCAA”) statutory authority to demand a company’s internal audit reports in order to audit the efficacy of a company’s internal business systems. Surprisingly, the authorization, as originally proposed, was modified in the final legislation. While Congress directed DCAA to issue new guidance regarding auditor access to internal audit reports, Congress stopped short of giving DCAA actual authority to demand such reports. As such, contractors will remain at loggerheads with DCAA auditors who try to exceed their statutory authority.
The Defense Contract Audit Agency (“DCAA”) has long sought access to contractors’ internal audit reports in connection with the routine audit of contractors’ business systems. Contractors have, in most cases, successfully resisted requests for such access on the grounds that DCAA has no statutory authority to request such documents. But that may soon change. Section 843 of the Senate version of the 2013 National Defense Authorization Act (S. 3254) would grant DCAA broad access to contractor internal audit information.…
A good internal investigation gives equal scrutiny to people and processes. It may be easier to replace or reprimand the “bad apple” employee than to overhaul a system with which employees are familiar and has become ingrained in the operational culture. Nevertheless, it is increasingly vital that companies take a hard look at systems, structures, and processes. A recent opinion from the D.C. Circuit indicates that these organizational elements will be the next battleground in False Claims Act (“FCA”) litigation.
Recently, contractors have begun receiving formal requests for information from the Defense Contract Audit Agency (“DCAA”). The purported purpose of these requests is to “[o]btain an understanding of the management control environment” of major government contractors. In pursuit of this goal, DCAA has crafted a letter that demands, among other things, the following:
- A list of all ethics training, copies of agendas, and attendee lists
- Copies of the company’s written Codes of Conduct, copies of the policies dealing with communications of the Code, and a list of employees who have acknowledged receiving the Code over the past 12 months
- A list of all violations of the Code over the past 12 months
- All “noncompliances” reported through the contractor’s internal control system (such as a hotline) within the past 12 months
- A “company-wide list of any current open investigations”
On March 31, 2009, the FAR Councils issued several new interim rules (effective March 31, 2009) implementing the American Recovery and Reinvestment Act of 2009 (P.L. 111-5) (also known as ARRA, The Recovery Act, or the Stimulus Act). See Federal Acquisition Circular (FAC) 2005-32, published at 74 Federal Register 14621-14652. The FAC issued new interim rules on a number of areas required under the Stimulus Act, including:
- Reporting Requirements for Recipients of Recovery Funds (see 74 Federal Register 14639)
- Publicizing Contract Actions (see 74 Federal Register 14636)
- GAO and IG Access to Company Employees (see 74 Federal Register 14646)
- Whistleblower Protections (see 74 Federal Register 14633)
- Buy American Requirements for Construction Materials (see 74 Federal Register 14623)
This blog focuses on the final three sets of rules – those relating to Auditor access; Whistleblower protections; and Buy American requirements. The first set of rules is discussed separately here.
By now, everyone who has even a passing familiarity with the new “Contractor Code of Business Ethics and Conduct” clause that went into effect on December 12, 2008 knows that “internal controls” are important. In fact, with the stakes under the new clause so high, many government contractor personnel can tell you that, under the clause FAR 52.203-13, they are required to:…