The government contractor


Published on

Information and Analysis on Legal Aspects of Procurement

Published in: Law
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

The government contractor

  1. 1. 4-148-190-5 © 2014 Thomson Reuters Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2014. Fur- ther use without the permission of West is prohibited. For further information about this publication, please visit, or call 800.328.9352. Focus FEATURE COMMENT: DCAA Access To Information—What You Need To Know And Strategies For Protecting Your Business The audit environment in 2014 continues to be chal- lenging for defense contractors and others subject to Defense Contract Audit Agency audits. Indeed, DCAA’s Fiscal Year 2013 Report to Congress shows that DCAA is questioning ever-greater percentages of costs compared to total dollars examined, with DCAA questioning 9.8 percent of costs in FY 2013, as compared to 8.0 percent in FY 2012, 9.3 percent in FY 2011, and only 6.0 percent in FY 2010. In many cases, administrative contracting officers are reluctant to question audit findings, thus removing a check on erroneous or overly aggressive findings. Exacerbating these audit risks, recent legisla- tion and guidance have sought to expand DCAA’s access to records, including in the controversial areas of internal audit reports and employee in- terviews. DCAA has aggressively sought access to these information sources for audit leads and in the name of seeking out potential fraud. This Feature Comment highlights DCAA’s authority for seeking contractor records, several recent legislative and policy developments in the area, and strategies for managing DCAA requests for information. Overview of DCAA Access Provisions— Several key statutory and regulatory provisions provide DCAA access to contractor records. First, the heads of all executive agencies or their autho- rized representatives have broad authority to in- spect the plants and audit the records of contractors performing cost-type contracts. 10 USCA § 2313(a). When certified cost or pricing data are required, agencies are further authorized to examine “all records” relating to the contractor’s proposal and the contract itself, among other things. 10 USCA § 2306a; 10 USCA § 2313(a)(2). DCAA carries out these audit functions for all of the Department of Defense, as well as several other agencies, including most notably, NASA and the Department of Energy. Nearly all non-commercial item contracts above the simplified acquisition threshold must also include Federal Acquisition Regulation 52.215-2, which provides a contractual basis for agency au- dits. Pursuant to this provision, the CO or its au- thorized representative (i.e., DCAA) may examine and audit “all” records “related to” certain broad categories of documents when the contractor has been required to submit certified cost or pricing data in connection with the pricing of a contract. In order to enforce these access rights, DCAA may subpoena any records that DOD would be authorized to audit or examine under its statutory audit authority. See 10 USCA § 2313(b). Although civilian agencies do not have subpoena power as expansive, they may also request that DCAA issue subpoenas on their behalf for the production of contractor records which the agency has a right to access. See 41 USCA § 4706(c). Access to Internal Reports—There is little dispute that DCAA needs access to contractor records in order to fulfill its audit role. However, a key area of contention for many years has been DCAA’s desire to access contractor internal reports, including internal audit reports, investigations and other compliance reviews. DCAA has long taken the position that access to such reports is not only necessary, but also authorized as part of DCAA’s broad audit authority. Contractors, on the other hand, maintain that requests for internal reports overstep DCAA’s authority, arguing that DCAA has no need for the conclusions of other auditors when it has access to the underlying data on which those conclusions are based. This debate is largely centered around two 1988 decisions, known as Newport News I and Newport News II, by the U.S. Court of Appeals for the Fourth Vol. 56, No. 30 August 6, 2014 The Government Contractor ® Information and Analysis on Legal Aspects of Procurement
  2. 2. The Government Contractor® 2 © 2014 Thomson Reuters Circuit. The FY 2013 National Defense Authoriza- tion Act has reshaped this debate by providing a purported source of statutory authority for DCAA’s internal report requests. But the scope of DCAA’s authority—and contractors’ corresponding obligations to produce internal reports—are not as clear as DCAA would have it. The Internal Report Debate and the Newport News Decisions: The statute and implementing regu- lations authorizing DCAA’s access to records provide little guidance on what documents DCAA auditors may access. The Fourth Circuit addressed the scope of this authority in two 1988 decisions. In U.S. v. New- port News Shipbldg. & Dry Dock Co., 837 F.2d 162, 164 (4th Cir. 1988) (Newport News I), DCAA sought access to audit reports that Newport News Shipbuild- ing and Dry Dock Co. had developed internally. When Newport News denied access to these reports, DCAA served a subpoena on the company. However, both the district court and the Fourth Circuit refused to en- force the subpoena. The Fourth Circuit explained that “the statutory subpoena power of the DCAA extends to cost information related to government contracts,” and thus, it does not give DCAA “unlimited power to demand access to all internal corporate materials of companies performing cost-type contracts for the government.” The court emphasized that the reports were not “mere compilations of contract cost charges and the underlying documentation,” but rather contained the internal audit staff’s “subjective evaluation” of vari- ous areas. As such, they did not fall within DCAA’s subpoena power, which the court described as “clearly aimed at access to objective data supporting cost charges paid by the government.” Id. at 169. In U.S. v. Newport News Shipbldg. & Dry Dock Co., 862 F.2d 464 (4th Cir. 1988) (Newport News II), the Fourth Circuit examined the related question of whether DCAA’s subpoena power extended to the fed- eral tax returns, financial statements and supporting schedules of the company. The court found that these items were within DCAA’s subpoena power because they constitute “objective factual records that reflect upon the accuracy of overhead cost charges submit- ted to the government.” Newport News II, 862 F.2d at 464, 469. The court explained that these records assist DCAA in corroborating cost data—a key aspect of the auditing process. Although the Fourth Circuit ruled in favor of DCAA in Newport News II, its reasoning is consistent with Newport News I. Both cases pro- vide authority that DCAA may subpoena contractor records that contain “objective” information, but not those records that merely contain subjective evalua- tions of such data. In the years following the Newport News deci- sions, DCAA continued to seek access to contractor internal reports, claiming that those reports were necessary to its audits even though the Newport News decisions cut against this claim. In fact, DCAA has even claimed that it must access contractors’ internal documents for purposes such as determining whether contractors are taking appropriate corrective action when they identify irregularities, are not overcharg- ing the Government, and are making appropriate disclosures in compliance with the FAR. See DOD, Report to Congress on FY 2013 Activities at the De- fense Contract Audit Agency (March 24, 2014). Statutory Authority for Access to Internal Audit Reports and DCAA Guidance: Section 832 of the 2013 NDAA provides new ammunition for DCAA’s internal audit report requests, but it does not expand DCAA’s authority as interpreted by the Newport News deci- sions. The NDAA provision was prompted in part by a 2011 Government Accountability Office report in which GAO found that DCAA’s access to internal au- dit reports was limited because, among other factors, DCAA did not routinely request access to internal reports, and contractors frequently refused to provide access in light of the Newport News decisions. How- ever, a close reading of § 832 reveals that it does not expressly broaden DCAA’s subpoena power; rather, it sets forth certain requirements for when DCAA seeks access to contractor internal audit reports. Specifi- cally, § 832 required DCAA to issue revised guidance directing auditors to maintain certain documentation when requesting access to internal audit reports, including, • a written determination that access to such re- ports is necessary to complete required evalu- ations of contractor business systems; • a copy of any request from DCAA to the con- tractor for access to such reports; and • a record of the response received from the con- tractor, including the contractor’s rationale if access was not granted. Section 832 is far less expansive than the origi- nal draft legislation considered by the Senate. The original proposed legislation would have imposed significant sanctions on contractors who denied ac-
  3. 3. Vol. 56, No. 30 / August 2014 3© 2014 Thomson Reuters cess to internal audit reports. Not only does the final provision not impose sanctions, but it does not clearly require that contractors provide access to internal audit reports. Instead, its language merely presumes that such access will sometimes be “necessary to complete re- quired evaluations” of business systems, while also recognizing that contractors might continue to deny access to such reports. In fact, while § 832 notes that DCAA may use internal audit reports “provided by a contractor” for certain purposes, its language does not actually compel contractors to provide access to such reports. Given that § 832 does not authorize broader access to internal reports, Newport News should be viewed as the prevailing standard, although contrac- tors can expect DCAA to cite to § 832 as authority that access to such records is necessary. Notably, even DCAA has recognized that further legislation may be needed—a matter which it says can be more fully assessed once it has gathered empirical data on its requests for access to internal audit reports pur- suant to § 832. See DOD, Report to Congress on FY 2012 Activities at the Defense Contract Audit Agency (March 29, 2013). On April 23, 2013, DCAA issued guidance pursu- ant to § 832. See Updated Audit Guidance on Access to Contractor Internal Audit Reports, DCAA MRD No. 13-PPS-007(R) (April 23, 2013). The guidance advises that prior to obtaining access to contractor internal audit reports, DCAA will first make a written deter- mination that access to such reports is necessary to complete its evaluation of the contractor’s business systems. The guidance interprets § 832 as allowing access to internal audit reports for the purposes of as- sessing contractor business systems and understand- ing the efficiency of the contractor’s internal controls, but only if DCAA can demonstrate a nexus between the requested report and the risk assessment or au- dit procedures in a current, on-going audit. Although DCAA is likely to argue otherwise, this guidance likely does little more than reiterate the Newport News test laid out by the Fourth Circuit in 1988. What Contractors Should Know: In light of § 832, contractors can expect DCAA to continue to push ag- gressively for access to internal reports, even though its statutory basis for doing so has not materially changed since the Newport News decisions. DCAA recognizes that a nexus between internal reports and its risk assessment or audit must exist, but it will likely continue to take an expansive view in its search for that nexus. When deciding whether to provide internal audit materials, contractors must balance the competing goals of protecting sensitive proprietary or privileged information with the need to cooperate with DCAA. The consequences of not providing access to inter- nal reports may be severe for contractors. For exam- ple, failure to timely provide requested records may be deemed a denial of access to records. See DCAA Contract Audit Manual § 1-504.4(d). If access is de- nied, DCAA may determine that it cannot evaluate certain costs and, thus, will question all such costs—a matter which may result in significant disallowances. DCAA may also escalate the matter by issuing a sub- poena. Subpoenas, of course, can add another layer of complexity and animosity to the collection of data, and possibly result in expensive litigation. As a related issue, contractors should be aware that DCAA frequently seeks documents that may be privileged, and it may still consider the failure to provide access to such documents a denial of access to records, despite the fact that providing them may waive the privilege in other forums. See DCAA MRD No. 12-PPS-018(R) (July 25, 2012); DCAA Contract Audit Manual § 1-504.4(g). In In re: Kellogg Brown & Root, Inc., No. 14-5055 (D.C. Cir. June 27, 2014), the D.C. Circuit recently clarified the scope of the attorney-client privilege in the context of internal cor- porate investigations in its decision in the appeal of U.S. ex rel. Barko v. Halliburton. In that case, the D.C. Circuit rejected a narrow construction of Upjohn and held that the attorney-client privilege applies when- ever obtaining legal advice is a significant purpose of the investigation, “even if there were also other purposes.” Id. In light of this expansive interpretation of privilege, companies should pay close attention to the fact that documents may lose their privileged status if provided to DCAA. When undergoing an audit, contractors should carefully consider whether they wish to provide internal investigation or audit reports that may create exposure on multiple fronts, including false claims suits, derivative lawsuits and whistleblower actions. Given these issues, contractors should consider adopting a consistent policy that they will not pro- vide internal audit reports that contain subjective evaluations to DCAA. To be sure, cooperation is key to avoiding a formal denial of access finding, which could result in a subpoena and potential litigation;
  4. 4. The Government Contractor® 4 © 2014 Thomson Reuters but with Newport News still arguably the prevail- ing standard, contractors can credibly maintain that DCAA is entitled only to objective data—rather than the subjective analyses and normative judgments of the company set forth in internal reports. Contractors will need to document any objections and should be sure that their objections carefully track the language of the FAR and the Newport News standard, as well as any company policies on the provision of information to DCAA. Contractors can expect DCAA to push back on this approach, citing § 832. However, as discussed above, that provision does not clearly expand DCAA’s access rights—a fact that DCAA has implicitly acknowledged in noting that further legislation may be needed. By setting a clear boundary as to the type of material that will be provided to DCAA and consistently following that approach, contractors can most effectively mitigate risk while ensuring that their objections to DCAA’s requests are rational and based on current law. Access to Employees—A related issue for con- tractors is DCAA requests for access to employees during the course of its audits. DCAA frequently asks to interview contractor employees about “actual or suspected fraud.” During these interviews, DCAA seeks the employees’ subjective opinions about fraud, which can be informed by any allegations of fraud— regardless of the source of the information. While DCAA itself cannot issue findings regarding fraud, it often reports suspected fraud to the DOD inspec- tor general. Accordingly, contractors that make their employees available for DCAA interviews may face significant exposure based solely on the subjective opinions of a small number of employees, regardless of whether those employees are fully informed about the circumstances surrounding their suspicions. DCAA’s Guidance on Employee Interviews: DCAA cites no statutory, regulatory or contractual authority for conducting investigatory interviews of contractor employees. Indeed, while FAR 52.215-2 gives DCAA access to certain records, it does not authorize access to individuals. Nor do DCAA auditors have any obvi- ous training or expertise in conducting investigatory interviews. Despite this, in July 2013, DCAA issued guidance encouraging auditors to interview contractor employ- ees about allegations of fraud and to follow up with those employees as they deem appropriate. See DCAA MRD No. 13-PAS-014(R) (July 30, 2013). Auditors are encouraged to be proactive in identifying and refer- ring possible fraud to the appropriate investigative organization, and these referrals may be based on contractors’ compliance with the mandatory disclo- sure rule, among other things. See Auditor Fraud Resources, Office of the Inspector General, DOD, www. DCAA’s fraud interviews are designed to be open-ended and expansive, and may concern actual or suspected fraud. DCAA encourages the auditors to use their “professional judgment” in determining whom to interview, but it explains that they should interview anyone responsible for day-to-day man- agement or accomplishment of major accounting or estimating functions. Because the interviews will seek the subjective opinions of employees, they tend to be more akin to an investigation than to an audit. In that regard, auditors are also encouraged to meet with employees face-to-face so that they can measure responses, ask follow-up questions, and identify other employees who can corroborate responses. See DCAA MRD No. 13-PAS-014(R) (July 30, 2013). Importantly, auditors are encouraged to refer pos- sible fraud to the DOD IG, even if unconfirmed and even if the potentially improper costs have already been excluded as unallowable. Auditors have been instructed that in making these referrals, they do not need proof of fraud and they are not accusing anyone of committing fraud, and thus, they should err on the side of caution and make a fraud referral—even when in doubt as to whether fraud may have occurred. As with internal audit reports, DCAA may deem a con- tractor’s refusal to provide access to its employees to be a denial of access, which could result in a finding of a significant deficiency. What Contractors Should Know: DCAA con- tinues to aggressively seek to interview contractor employees about fraud, despite the lack of any clear authority to do so. Moreover, under the Newport News standard, DCAA is arguably only entitled to seek ac- cess to objective data, rather than to management’s subjective conclusions as to whether fraudulent activ- ity has occurred. DCAA auditors are not trained investigators and are acting beyond their mandate if they take on an investigative function. Given the subjective nature of fraud, interviews may quickly deviate from the objective facts that auditors are supposed to review to employees’ speculation about matters with which they are not fully acquainted. As such, audits may result in constantly moving targets and open-ended interviews.
  5. 5. Vol. 56, No. 30 / August 2014 5© 2014 Thomson Reuters Contractors should be aware that these interviews could encompass potentially anyone in the company, including personnel responsible for areas such as mandatory disclosures, and could address topics such as the decision of whether to make disclosures. Thus, contractors should seek to establish clear boundaries for any interviews to which they agree. In that regard, the company should provide an appropri- ate management point of contact for DCAA inquiries and direct all inquiries to that person—this normally would be the liaison with DCAA for a particular audit. The contact should be capable of providing fact-based responses regarding questions about the systems under review by DCAA. If DCAA seeks any additional interviews, con- tractors should discuss with the auditor the topics to be covered beforehand, and they should ensure that appropriate employees who have knowledge of the relevant facts are available to answer questions about those systems. Contractors should inform DCAA of the scope of responsibilities for the individuals be- ing interviewed, and explain that the detection and mitigation of potential fraud does not fall within the purview of these employees. Rather, that is a separate process that is entirely distinct from the system under review. After any interviews, contractors should also be prepared to discuss any concerns that the auditor may have, and should provide a full explanation of any potential fraud to ensure that the auditor has a complete picture. As a separate matter, in light of the fact that DCAA may second-guess contractors’ decisions not to make disclosures pursuant to the mandatory disclo- sure rule, contractors may wish to make more disclo- sures out of an abundance of caution. Regardless of whether this strategy is employed, contractors should proactively implement policies designed to address possible fraud indicators. Doing so will allow contrac- tors to maintain strong internal controls so that they can most effectively detect and prevent fraud. Contractors should also ensure that their policies address compliance with the mandatory disclosure rule and are consistently followed. Maintaining a strong compliance regime will position contractors to address auditor concerns about potential fraud quickly, thereby mitigating the risk that the auditor will make a fraud referral. There is no guarantee that the auditor will not make a fraud referral, but dem- onstrating a strong compliance regime and providing a full explanation to address any auditor concerns will best position the contractor to mitigate such risk. In formulating a desired approach, contractors must be aware that, as with the release of internal audits, employee interviews will not be privileged and may even result in waiver of the privilege for any underlying documents identified or discussed dur- ing the interview. Moreover, any statement against interest made to the auditors during an interview could be used against the company in any subsequent litigation. Conclusion—As DCAA continues to push for access to contractor information, contractors must be aware of the bounds of DCAA’s authority so that they can appropriately push back when DCAA over- steps those bounds. Even when DCAA oversteps its authority, the consequences of not cooperating may be severe—resulting in disallowances of significant costs, the issuance of subpoenas and litigation over those subpoenas, as well as fraud investigations by the DOD IG. Accordingly, contractors should establish prac- tices as to what types of information will be provided, and they should provide a thorough rationale of any decision not to provide access to records or employees. Proactively addressing any concerns identified by the auditor will also go a long way in mitigating exposure. F This Feature Comment was written for The Gov- ernment Contractor by Dave Nadler and Justin Chiarodo, partners, and Stephanie Zechmann, an associate, with Dickstein Shapiro LLP. Messrs. Nadler and Chiarodo and Ms. Zechmann specialize in Government contracts matters, including DCAA audits and investigations. Mr. Nadler is a vice chair of the ABA’s Account- ing, Cost and Pricing Committee, and may be contacted at Mr. Chiarodo may be contacted at ChiarodoJ@ Ms. Zechmann may be contacted at