Mock DCAA Audits
Before the Defense Contract Audit Agency (DCAA) performs an audit of the operations and functions that make up the Accounting System – or any portion of it – many organizations aspire to minimize unhappy surprises. The goal is zero significant findings for the DCAA compliant Accounting System. One method is an internal Mock DCAA Audit or pre-audit, with results that reach internal management, instead of the customer. Often, needed corrections, additions, and training trigger changes in practices, for reduced findings during the customer audit.
We evaluate the compliance, internal controls, and good business judgment of the accounting function. The most important link in the Accounting System is the completeness and accuracy of records created outside of the Accounting Department. Timesheets, vendor bills against Purchase Orders, and other source documents – mostly approved outside of the Accounting Department – trigger recording of transactions that comprise the General Ledger.
The actual audit uses two phases. The customer audit and our internal mock DCAA audit follow these consecutive steps. Significant findings must be absent for both steps to have a DCAA compliant Accounting System. First, written policies and procedures, signed by the responsible manager (or higher level) over each respective function, are compared to laws, contract terms, plus efficient and effective operations. The pre-audit includes evaluation of internal controls, such as segregation of incompatible duties; ease of determining Actual Incurred Costs for each separate project, allowing month-to-month and budget-to-actual comparisons; and assessment of indirect rates, for treatment of unallowable costs and for reasonableness of the causal or beneficial relationship between each pool and its base.
A “rehearsal” gives staff time to adopt compliant practices.
Phase two occurs after evaluation of current (effective date) written procedures approved by oversight or management. Each step, separately, evaluates processes of a DCAA compliant Accounting System. The actual review of source documents and observation of activities determine whether actual practices match the written policies and procedures. Policies and procedures control the organization as a whole, not one contract or group of contracts. If the formal policies, procedures, and related documents comply – then DCAA evaluates whether actual practices comply with the formal policies, procedures, and related documents authorized by management.
This means that a practice that is compliant with regulations can result in a reportable finding, for not complying with the policies and procedures (i.e., management’s stated intent).
A mock DCAA audit can begin with billings on cost-reimbursable awards. Typically, the most comprehensive method begins with the General Ledger. Information in the General Ledger is traced to the source documents that triggered the recorded transactions. For example, the Travel – Lodging account might be $30,000 for one month, including one transaction of $660. Drilling down from the General Ledger shows the $660 on a trip by Jane, an employee. The Travel Reimbursement Form shows a six-night stay at the Acme Hotel & Breakfast Bar. The per diem rate for the applicable location and date is $110. The Travel Reimbursement Form has a lodging receipt attached, for six nights at $120 per night. The excess $60 was recorded in an Unallowable account. Contact information for the hotel is on the lodging receipt (so that information can be verified, by audit).
For the internal mock DCAA audits, the most heavily audited transactions come from:
- Accounts with the highest dollars
- Accounts with the highest dollars on U.S. Government, cost-reimbursable awards
- Accounts that DCAA considers highest risk (which includes Travel)