On July 15, 2014, the U.S. Department of Defense (“DOD”) issued a proposed rule that imposes new requirements for third-party audits of three contractor business systems, as well as a requirement for contractors to self-report deficiencies uncovered in these audits or in internal reviews of these business systems. The three business systems at issue are a contractor’s accounting system, its estimating system, and its material management and accounting systems (“MMAS”). The impetus for the proposed rule appears to be the serious backlog in audits waiting to be performed by the Defense Contract Management Agency (“DCMA”) and the Defense Contract Audit Agency (“DCAA”). According to a recent GAO reports, both agencies suffer from high workloads that prevent them from meeting their auditing obligations in the business systems area.

Outsourcing Requirements:  DOD’s proposed solution to this backlog is to outsource some of the auditing responsibilities to third-party certified public accountants (“CPA”) and require contractors to self-report any deficiencies. Although this approach could reduce DCAA’s and DCMA’s auditing backlog and address industry concerns that these two agencies are too quick to find significant deficiencies in contractor business systems, such a “solution” is not without risks and costs to contractors.  We provided a more detailed analysis of the proposed rule in the attached Law360 Article entitled Inside_The_Proposed_DFARS_Business_Systems_Rule.

Although the contractor — together with its CPA — would be responsible for assessing and auditing these three business systems, DOD still would perform its own review on top of the contractor’s review. If the contracting officer (“CO”)determined that there were one or more significant deficiencies or that the contractor had not complied with the applicable reporting and audit requirements, the CO would have 30 days to respond in writing to the initial determination, after which the contracting officer would make his/her “final determination” of whether there were any remaining deficiencies or noncompliance. The CO also would have discretion to withhold payments to the contractor upon a final determination of significant deficiencies or noncompliance with applicable reporting and audit requirements. However, the withholding of payments does not limit the other remedies that the CO may seek against a contractor because of harm caused by a deficient business system. The proposed rule would not impact DCMA’s existing role in reviewing and auditing contractors’ purchasing, government property and management, and earned value management systems. It bears noting, however, that payments may be withheld for significant deficiencies under any of the six contractor business systems pursuant to the existing procedures under DFARS 252.242-7005, even though the proposed rule reaches only estimating, MMAS, and accounting systems.

Impact of the Rule:  The proposed rule does not address the ambiguities and risks inherent in the current rules governing business systems compliance, but it does create a new dynamic among contractors, their private auditors, and the government. The proposed rule may allow the government to approve a contractor’s systems more quickly, which would be welcome news for the contractor community. The backlog of government audits has been an issue for some time, and some contractors may embrace the use of third party auditors if they are waiting for government resolution on a number of fronts. It is not clear, however, whether this new proposed framework will realize meaningful time efficiencies. Government auditors who review third-party CPA audits may not be inclined to rubber stamp those findings. Moreover, the required disclosure of deficiencies is troublesome. Should an audit uncover information that puts a company at legal risk, the audit will not have been conducted under a privileged review. Thus, the disclosure requirement in the proposed rule may be at odds with a contractor’s desire to more fully investigate any issues raised by an audit and could force a quicker resolution to the matter than would be required otherwise under the FAR mandatory disclosure requirement.

DOD has solicited written comments in response to the proposed rule, which must be submitted by Sept. 15, 2014.

 

 

Photo of Susan B. Cassidy Susan B. Cassidy

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors…

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors on compliance with FAR and DFARS requirements, with a special expertise in supply chain, cybersecurity and FedRAMP requirements. She has an active investigations practice and advises contractors when faced with cyber incidents involving government information, as well as representing contractors facing allegations of cyber fraud under the False Claims Act. Susan relies on her expertise and experience with the Defense Department and the Intelligence Community to help her clients navigate the complex regulatory intersection of cybersecurity, national security, and government contracts. She is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. In 2023, Chambers USA quoted sources stating that “Susan’s in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Her clients range from new entrants into the federal procurement market to well established defense contractors and she provides compliance advices across a broad spectrum of procurement issues. Susan consistently remains at the forefront of legislative and regulatory changes in the procurement area, and in 2018, the National Law Review selected her as a “Go-to Thought Leader” on the topic of Cybersecurity for Government Contractors.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

  • Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 7012, and NIST SP 800-171 requirements,
  • Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 and limitations on sourcing from China
  • Federal Acquisition Security Council (FASC) regulations and product exclusions,
  • Controlled unclassified information (CUI) obligations, and
  • M&A government cybersecurity due diligence.

Susan has an active internal investigations practice that assists clients when allegations of non-compliance arise with procurement requirements, such as in the following areas:

  • Procurement fraud and FAR mandatory disclosure requirements,
  • Cyber incidents and data spills involving sensitive government information,
  • Allegations of violations of national security requirements, and
  • Compliance with MIL-SPEC requirements, the Qualified Products List, and other sourcing obligations.

In addition to her counseling and investigatory practice, Susan has considerable litigation experience and has represented clients in bid protests, prime-subcontractor disputes, Administrative Procedure Act cases, and product liability litigation before federal courts, state courts, and administrative agencies.

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Prior to joining Covington, Susan served as in-house senior counsel at Northrop Grumman Corporation and Motorola Incorporated.

Photo of Scott A. Freling Scott A. Freling

Scott is sought after for his regulatory expertise and his ability to apply that knowledge to the transactional environment. Scott has deep experience leading classified and unclassified due diligence reviews of government contractors, negotiating transaction documents, and assisting with integration and other post-closing…

Scott is sought after for his regulatory expertise and his ability to apply that knowledge to the transactional environment. Scott has deep experience leading classified and unclassified due diligence reviews of government contractors, negotiating transaction documents, and assisting with integration and other post-closing activities. He has been the lead government contracts lawyer in dozens of M&A deals, with a combined value of more than $76 billion. This has included Advent’s acquisition of Maxar Technologies for $6.4 billion, Aptiv’s acquisition of Wind River for $3.5 billion, Veritas Capital’s sale of Alion Science and Technology to Huntington Ingalls for $1.65 billion, and Peraton’s acquisition of Perspecta for $7.1 billion.

Scott also represents contractors at all stages of the procurement process and in their dealings with federal, state, and local government customers. He handles a wide range of government contracts matters, including compliance counseling, claims, disputes, audits, and investigations. In addition, Scott counsels clients on risk mitigation strategies, including obtaining SAFETY Act liability protection for anti-terrorism technologies.

Scott has been recognized by Law360 as a MVP in government contracts. He is a past co-chair of the Mergers and Acquisitions Committee of the ABA’s Public Contract Law Section.

Photo of Kayleigh Scalzo Kayleigh Scalzo

Ranked by Chambers USA among government contracts practitioners, Kayleigh Scalzo represents government contractors in bid protests and other high-stakes litigation matters with the government and other private parties. She has litigated bid protests in a wide variety of forums, including the Government Accountability…

Ranked by Chambers USA among government contracts practitioners, Kayleigh Scalzo represents government contractors in bid protests and other high-stakes litigation matters with the government and other private parties. She has litigated bid protests in a wide variety of forums, including the Government Accountability Office, U.S. Court of Federal Claims, U.S. Court of Appeals for the Federal Circuit, FAA Office of Dispute Resolution for Acquisition, federal and state agencies, and state courts.

Kayleigh a co-chair of the American Bar Association Public Contract Law Section’s Bid Protest Committee. She is also a frequent speaker on bid protest issues.

Kayleigh maintains an active pro bono practice focused on immigration issues and gender rights.