To gain DoD customer approval of the Purchasing System, the organization builds an infrastructure of related operations – from requisitioning to supplier Order closeouts. Efforts primarily focus on a) procedures that comply with regulations, and b) documentation of actual practices that comply with those procedures. Typically the Defense Contract Audit Agency (DCAA) conducts the Contractor Purchasing System Review (CPSR). The Defense Contract Management Agency (DCMA) might perform or join the audit.


Policies, Procedures, and Forms
Formal policies state, "What we do, here." Formal procedures state, "This is how we do that." Forms facilitate consistent practices that comply with organization-wide policies and procedures. Forms include checkbox options, checklists to verify completion of tasks, and decision flowcharts to determine applicability. Procedures strengthen internal controls. Management is responsible for protecting employees from unnecessary distrust; if one person has access to all components of a function, that person is the first suspect after fraud, theft, or other irregularities are discovered. The buyer of periwinkle, outdoor paint is not also the requisitioner, especially if his/her house happens to be periwinkle. Also, in an environment where Government funding (ultimately) pays for costs, the risk of non-compliance or even suspension/debarment outweighs the inconvenience of implementation. Controls affecting purchasing include:

Staff Training
Subcontracts, outsourced services, and independent contractors are (typically) purchases, not Direct Labor from employees. Source documents, such as requisitions and the Aging Report of supplier payments, are (mostly) created by staff outside the Purchasing Department. Purchasing must have the authority to reject incomplete, unsupported, and inaccurate source documents (including significant supplier bills). Source documents (such as requisitions) with the correct job, as well as account number or name (from the general ledger), foster an approved Purchasing System.

The Purchase and Change Orders (and other contractual documents) that result are the responsibility of the Purchasing Department. A CPSR holds Purchasing accountable for the entire function, all operations, and the adequacy of the whole Purchasing System – from acceptance of the requisition through final, supplier payment and closeout. Training helps implement regulatory-compliant policies and procedures. The resulting purchasing files, which evidence procedure-compliance, are not limited to accomplishments initiated within the Purchasing Department.

Training does include:

An award-dollars and contract type hierarchy of requirements;

• Tips for reducing workload with good supplier-RFB practices;

• Risk assessment for Cost or Pricing Data (and the Truth in Negotiations Act) for both supplier support plus responsibility on customer sales;

• Excluded parties (such as debarred or suspended suppliers) list, with which dates to verify absence for supplier award; and

• Alternate methods of justifying source and price, in unique circumstances.

Analysis of Supplier Proposals
A supplier bid or proposal Price Analysis considers the one total price, including direct costs, indirect expenses, and fee or profit. For example, a written comparison of competitive prices and award to the lowest overall submitter usually suffices. Justification of a purchase price (especially for a sole source Purchase or Change Order) might be addressed by a documented Cost Analysis.  Instead of the all-inclusive total price, cost elements are evaluated separately. Organization-wide consistencies (direct versus indirect-pool among all projects, from year to year, and so on) and unallowable costs affect each indirect rate. The Cost Analysis examines whether supplier general ledger accounts are allocable to the proposed project (e.g., bonuses for commercial sales), the reasonableness of both need (e.g., twice the historical scrap rate) and lower-tier suppliers' pricing (e.g., competitive), plus whether specific accounts and transactions are allowable (per regulations). Several types of Price Analyses provide adequate support for an Order. The Cost Analysis usually supports a negotiation with the supplier; an adequate Negotiation Memo supports each offer and counter-offer (even if made via email or telephone). The purpose of either Analysis is not to prove that the money will be (or has been) spent – but that the price is justified.


An analysis of supplier proposals results in a report with recommendations plus a copy of either top-level or all working papers, at the option of the client.


Mock Audits
The population of Orders, from which a sample is selected for audit, considers each Purchase Order and each Change Order, separately. The population of individual Orders covers a specific period of time, such as the most recent fiscal year or – for newly implemented Systems – the most recent six calendar months, or some other period. The population data is sorted by absolute (adding decreases to increases) dollars, by contract type (such as Fixed Price or Time and Material). The more Orders audited during the Mock Audit, the more likely that those sampled by DCAA and/or DCMA are included.


Each Order is carefully evaluated for two types of findings. The Mock Audit is an outsourced, internal (i.e., for the benefit of management – not for a third party) audit. Most effort and feedback relates to repeated practices with likelihood of a significant customer finding. In addition, individual inadequacies and inaccuracies might be reported with recommended mitigating or eliminating action. Recommendations do not camouflage irregularities, but ensure that the circumstances surrounding the (real or apparent) finding are fully and accurately disclosed. Often, major findings result from poorly worded documentation – not from actual non-compliance.

Note that a Mock Audit is an internal audit. DCAA has authority to review all internal audit reports, without specific, additional approval by the organization. DCAA considers management's self-assessment a strong basis for lowering DCAA conclusions about risk. If repeated practices, reported as findings in the Mock Audit report, are improved or eliminated, management's actions further reduce risk to the Government customer.