Defense Contract Audits: Actions Needed to Improve DCAA's Access to and Use of Defense Company Internal Audit Reports
Highlights
The Defense Contract Audit Agency (DCAA) has a critical role in contract oversight. DCAA audits are intended to help provide reasonable assurance that defense company policies for safeguarding assets and complying with contractual requirements are fulfilled. Defense companies also maintain their own internal audit departments to monitor policies, procedures, and business systems related to their government contracts. GAO was asked to assess the role of defense companies' internal audit departments and their ability to provide DCAA with information on their internal controls. GAO assessed (1) selected defense companies' adherence to standards for internal audits, (2) the extent to which those companies' internal audit reports address defense contract management internal controls, and (3) DCAA's ability to examine internal audits and use information from these audits. GAO reviewed a nongeneralizable sample of seven major defense companies including the five largest defense contractors and two smaller contractors; analyzed information on their 2008 and 2009 internal audits, which were the latest available when GAO began its assessment; and reviewed DCAA's ability to examine and use the audits in carrying out its oversight.
Recommendations
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Department of Defense | To increase DCAA's access to and use of internal audits, the Secretary of Defense should direct the Director of DCAA to ensure that DCAA's central point of contact for each company coordinates issues pertaining to internal audits. For some companies, this would be the Contract Audit Coordinator. For companies without a Contract Audit Coordinator, a point of contact would need to be designated except when DCAA officials have determined that a company does not have an internal audit function that produces reports that may be relevant to DCAA's audit responsibilities. Coordination responsibilities should include (1) obtaining sufficient information from the companies on their internal audit reports so DCAA auditors can better identify and request relevant audit reports and workpapers and (2) tracking DCAA auditors' requests for access to internal audit reports and workpapers and the companies' disposition of those requests. |
In August 2012, DCAA issued a revision to the Contract Audit Manual (CAM 4-202.c(2)) to implement this recommendation. The revision specifies that the DCAA Contract Audit Coordinator offices and Field Audit Offices (FAO) must establish a process and a central point of contact to obtain and monitor DCAA's access to and use of internal audits. The process is to include a method for tracking requests and the contractor's dispositions of these requests. The CAM has also been revised to include the specific duties of the central point of contact and to outline the process auditors and supervisors should follow to access internal audits as a part of their ongoing audits. A memorandum announcing the changes states that for non-major contractors the process is not mandatory but acknowledges that the internal audit reports are still useful and cites procedures to follow. Further, the memorandum states that when access is denied, the responsible supervisor will implement access to records procedures per DCAA Instruction 7640.17 dated December 2008 and states that if the efforts prove unsuccessful the Regional Director should review the matter and determine if a subpoena should be requested.
|
Department of Defense | To increase DCAA's access to and use of internal audits, the Secretary of Defense should direct the Director of DCAA to periodically assess information compiled by the central points of contact regarding the number of requests for internal audits and their disposition to determine whether additional actions are needed. Such additional actions could include senior level engagement with company officials to change company access policies or, as warranted, the issuance of subpoenas. |
In August 2012, DCAA issued a revision to the Contract Audit Manual (CAM 4-202.c(2)) to implement this recommendation. The revision specifies that the DCAA Contract Audit Coordinator offices and Field Audit Offices (FAO) must establish a process and a central point of contact to obtain and monitor DCAA's access to and use of internal audits. The process is to include a method for tracking requests and the contractor's dispositions of these requests. The CAM has also been revised to include the specific duties of the central point of contact and to outline the process auditors and supervisors should follow to access internal audits as a part of their ongoing audits. A memorandum announcing the changes states that when access is denied, the responsible supervisor will implement access to records procedures per DCAA Instruction 7640.17 dated December 2008 and states that if the efforts prove unsuccessful the Regional Director should review the matter and determine if a subpoena should be requested.
|
Department of Defense | To increase DCAA's access to and use of internal audits, the Secretary of Defense should direct the Director of DCAA to reaffirm with DCAA staff through guidance and training how and under what circumstances company internal audit reports can be accessed and used to improve the efficiency of audit planning and execution. |
In addition to issuing the August 2012 guidance regarding access to internal audits, training related to accessing contractors' internal audit reports will be presented at DCAA's Semi-annual Field Audit Office Assistant for Quality Workshop scheduled for early 2013 with training slides to be made available to attendees for additional dissemination at Field Office staff conferences.
|