Be prepared: The auditors are coming.

As the intensity of audits increases, smart companies get ready ahead of time

Michael Tinsley is the founder and CEO of NeoSystems Corp., which provides accounting and financial management services to government contractors.

Government contractors are facing an ever-increasing number of stringent audits. Companies that anticipate them will weather the process rather smoothly, while those that do not could have severe and expensive business interruptions, including lost contracts and tarnished reputations.

A central reason for tougher audits is a cultural change at the Defense Contract Audit Agency, the largest auditor of government contracts. In 2008, a Government Accountability Office report was very critical of DCAA’s audit practices and directed the agency to be more independent. Congress and the Defense Department’s inspector general also weighed in with criticisms.

As a result, DCAA, once regarded by some as a business partner with contractors, is taking a different, certainly less friendly, approach. Previously, companies could ask DCAA to discuss and gauge whether planned steps would fulfill auditing standards. Now, not so much.

DCAA will opine as to the adequacy of systems, processes and internal controls, pointing out deficiencies, but they generally will not provide guidance to contractors on steps to remedy deficiencies. Companies must now independently examine DCAA’s findings, design and implement changes to address them, and be ready to defend these solutions to DCAA-identified deficiencies.

In fact, this re-examination process may take months to complete, leaving the contractor in limbo during the interim. Of course, the best course of action is to implement business systems, processes, policies and procedures, and internal controls that are designed to meet rigorous DCAA standards before being audited or reviewed by DCAA.

DCAA is also getting more resources. In fiscal 2008, DCAA had just over 4,000 employees. Today, DCAA has 4,700 employees (about 85 percent are auditors), and additional hires are expected in fiscal 2011.

There are now more requirements in requests for proposals that a contractor already have a certified business system to be considered a qualified bidder. Some recent RFPs stipulate that companies can obtain independent third-party certification that the company meets the government's requirements.

Either way, it is clear that a high-quality business system, used effectively by trained and competent personnel, is essential for companies to keep their existing business and win new contracts. With tightening budgets, a continued push to insourcing, and rising competition, the government can be expected to stick with these standards, if not make them more stringent.

Many companies are now seeking a third party to make an initial assessment as to whether they can potentially meet DCAA requirements. Evaluating the company’s business system for a particular contract can risk significant money, as there is no guarantee the contract will be won. Even if the contractor is notified its bid has been successful, there is no guarantee that the government will not request DCAA to do an additional review before the actual award.

Such pre-award audits are an important part of the contracting process but are not necessarily carried out consistently. While there are clear procedures, the time an auditor spends at a company for such audits varies significantly. A company is best served to anticipate a rigorous, thorough examination.

Government auditors will likely make a random selection of transactions (vendor invoices, employee time cards, travel vouchers) and scrutinize supporting documentation to make sure that the contractor’s processes were followed, approvals documented and internal controls enforced. The related charges will be traced through the system to determine that they are appropriately charged to contracts or indirect cost pools and, ultimately, that such costs, and only such costs, are included on government invoices. Contractors should be prepared to provide auditors with a detailed budget to support indirect rates, and information on written policies and procedures. These will be among the first things requested by auditors.

Indeed, the breadth and depth of audits that a contractor can be subjected to are extensive. There are 98 listed on the DCAA’s website. Common audits include, but are not limited to:

  • Pre-award Reviews.
  • Incurred Cost Examinations.
  • Purchasing System Reviews.
  • Billing System Reviews.
  • Disclosure Statement Reviews.
  • Provisional Rate Reviews.

For a full listing and additional information, visit DCAA’s website at

For most contractors, auditing is a question of when and not if. Those who take the time to anticipate audits and prepare for them will get through the process relatively smoothly and continue to enjoy the benefits of serving the government. For those who don’t….well, let’s not go there.

About the Author

Michael Tinsley is the founder and chief executive officer of NeoSystems Corp., which provides accounting, financial and contract management services to government contractors.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.