© COPYRIGHT 2014

April 1, 2014

WMACCA Conference on Ethics and Compliance forGovernment Contractors

The Devil is in the Details –Compliance with the BusinessSystems Rule

Metropolitan Area Corporate Counsel Association

#3244043

© COPYRIGHT 2014

Justin A. Chiarodo

• Partner at Dickstein Shapiro LLP

• Over ten years representing companies ingovernment contracts litigation, compliance,and regulatory matters, including DCAA audits,internal investigations, mandatory disclosures,bid protests, and the defense of False ClaimsAct cases

• Graduate of Virginia Tech and the University ofVirginia School of Law

• www.linkedin.com/in/justinachiarodo

• twitter.com/JustinAChiarodo

2

202-420-2706 | ChiarodoJ@dicksteinshapiro.com

© COPYRIGHT 2014

Anne M. Donohue

• Senior Vice President & General Counsel, SRAInternational, Inc.

• Manages all corporate transactions along withbusiness, employment and contract lawactivities

• Graduate of the University of Michigan andThe Catholic University of America

• Active in the American Bar AssociationSection of Public Contract Law

3

© COPYRIGHT 2014

Jason Foster

• Senior Associate, Regulatory Compliance, Booz Allen Hamilton

• Leads Booz Allen’s Business System Compliance team

• Over 20 years of experience in government contract industry compliance,including Disclosure Statement, Incurred Cost, Business Systems, ForwardPricing, and Timekeeping

• Extensive interaction with DCMA, DCAA, and KO community on audit andcompliance matters

4

© COPYRIGHT 2014

Highlights of the Business Systems Rule

• 2012 DFARS regulations that apply to CAS-covered DOD contracts

• Allows government to withhold contractor payments if one or more“significant deficiencies” are found in any of six contractor businesssystems

• DOD may withhold up to 5% for each disapproved system with a10% maximum withhold for multiple disapproved systems

• $300+ million withheld as of October 2013

• Today we will review the rule and discuss practical experiences andcompliance strategies with our panelists

5

© COPYRIGHT 2014

History and Purpose

• Major systems reviews performed for decades

• Internal controls under increased focus since FAR 52.203-13 (ContractorCode of Business Ethics and Conduct)

• Business Systems requirement mandated by the FY 2011 Ike SkeltonNational Defense Authorization Act (PL 111-383):

– “Contractor business systems and internal controls are the first line ofdefense against waste, fraud, and abuse.”

– “Weak control systems increase the risk of unallowable andunreasonable costs on government contracts, unnecessarily draininglimited DoD resources at the taxpayers’ expense.”

• Two proposed rules (January 15 and December 3, 2010); Interim Ruleeffective May 18, 2011

• Final Rule effective February 24, 2012

6

© COPYRIGHT 2014

The Details: Coverage

• Applies to DOD Contracts subject to the Cost Accounting Standards(CAS) (modified or full coverage)

• Contract must contain DFARS 252.242-7005 and the specificbusiness system clause within the contract

• DFARS clause is self-deleting if inapplicable

– Rule does not apply to small business primes (who are notsubject to CAS)

– University Research Centers excluded

• Clause not required to be flowed down

7

© COPYRIGHT 2014

The Details: The Six Systems

• Six contractor business systems are covered by the rule:

8

System DFARS Clause

Accounting (Indirect/ODC, ControlEnvironment, Billing, Labor, General IT)

252.242-7006

Earned Value Management 252.234-7002

Estimating (Budget/Planning) 252.215-7002

Material Management & Accounting 252.242-7004

Property Management 252.245-7003

Purchasing 252.244-7001

© COPYRIGHT 2014

The Details: Systems Review

• Cognizant Contractor Officer, supported by DCAA/DCMA,determines acceptability of business systems

• Acceptable contractor business system? One that complies with theterms and conditions of the applicable clause

• Systems are either “approved” or “disapproved” (or not evaluated)

• “Significant Deficiency” – a shortcoming in the system thatmaterially affects the ability of officials of the Department of Defenseto rely upon information produced by the system that is needed formanagement purposes

• “Materiality” is the key concept

9

© COPYRIGHT 2014

The Details: DCAA/DCMA Roles

• DCAA’s responsibilities include:

– Audits of the Accounting Systems, Estimating Systems, andMaterial Management & Accounting Systems

– Following up on prior reported deficiencies and evaluatingcontractor corrective action plans

• DCMA’s responsibilities include:

– Oversight of all 6 business systems

– Conducting reviews for the Purchasing System, GovernmentProperty System, and EVMS (in coordination with DCAA)

– Determining whether significant deficiencies exist, issuingnotifications, pursuing correction of significant deficiencies, andwithholding payments

10

© COPYRIGHT 2014

The Details: Timeline

• The CO communicates approval or disapproval within 10 days ofreceiving a functional specialist report

– The CO must describe significant deficiency in sufficient detail toallow the contractor to understand the deficiency

• The contractor has 30 days to respond to the initial determination

• COs must issue a final written determination of system adequacywithin 30 days of receipt of the contractor’s response(WITHHOLDING BEGINS HERE)

• The CO must obtain the review of the Contractor Business SystemsReview Panel if the decision would be contrary to a DCAA auditrecommendation

11

© COPYRIGHT 2014

The Details: Timeline

• The contractor has 45 days to respond to the final determination ofsystem adequacy. During this time, contractors can correctdeficiencies or submit a corrective action plan (CAP)

• COs have 15 days to review the CAP and/or corrective actions

• Once a final determination has been issued, the contractor may alsodispute the final determination that a significant deficiency exists bysubmitting a Contract Disputes Act claim

12

© COPYRIGHT 2014

The Details: Withholding

• After a final written determination, the CO identifies one or morecovered contracts containing DFARS 252.242-7005 from whichpayment will be withheld

• DOD may withhold 5% for each disapproved system, up to 10%

• If the CO determines that the contractor’s CAP is acceptable, theCO can reduce withholdings to 2%

– If the CAP is not followed, withholding will be increased to theoriginal amount

– If the CAP is not evaluated within 90 days, the CO is required toreduce remaining withholds by 50%

13

© COPYRIGHT 2014

The Details: Corrected Deficiencies

• When the contractor notifies the CO that significant deficiencieshave been corrected, the CO will:

– Request a verification from an auditor/functional specialist and

– Make a determination of correction

• The amount withheld will be released once all deficiencies havebeen corrected and systems have been deemed approved

• DCAA/DCMA do not intend to be prescriptive regarding what mustbe done to correct a deficiency since there may be more than oneway to meet the criteria set forth for each system

14

© COPYRIGHT 2014

DCAA Guidance: Accounting System Audits

• DCAA issued internal guidance in April 2012 shedding light on“significant deficiency” and “materiality” (See DCAA MemorandumNo. 12-PAS-012(R) (April 24, 2012))

• In making a materiality determination, auditors will consider factorssuch as:

– The nature/frequency of the noncompliance

– Whether the noncompliance is material considering the nature ofthe compliance requirements

– The root cause of the noncompliance

– The effect of compensating controls

– Possible future consequences of noncompliance

– “Qualitative considerations” such as “serving the public interest”

15

© COPYRIGHT 2014

DCAA Guidance: Accounting System Audits

• Not necessary to show an actual monetary impact to support afinding of a significant deficiency/material weakness

• Auditors instructed to also consider the following indicators of asignificant deficiency/material weakness:

– History of noncompliance found in contractor assertions (e.g.,public vouchers, incurred cost submissions, proposals) requiringcorrection

– Material noncompliance with laws and regulations

• Key instruction: “There only needs to be a reasonable possibilitythat the noncompliance with the DFARS criteria will result in amaterial noncompliance with other applicable government contractlaws and regulations, thus materially affecting the reliability of thedata produced by the system.”

16

© COPYRIGHT 2014

Statistics

• As of October 22, 2013:

– $305.9 million in withholding

– 64 systems have been disapproved

• Of those, 16 systems were subsequently approved

• Of the 48 remaining systems, 17 still had withholds

– 9 systems are subject to 5% withholding

– 7 systems are subject to 2% withholding

– 1 system is subject to 1% withholding

• In February 2013, DCMA said that approximately 1/3 of all systemsdisapproved/subject to withholding were Accounting systems; 1/3were Purchasing systems; 1/3 all other types

17

© COPYRIGHT 2014

Statistics

• Risk of significant withholdings:

– As of September 2013, DOD reported $195 million withheldrelating to F-35 Joint Strike Fighter contract

• Withholding started at 2%; was later increased to 5%

– As of November 30, 2013:

• Major withholdings from contractors of $19 million, $5.2million, $1.2 million

• 75 systems have been reviewed by the Contractor BusinessSystems HQ Review Panel (as of Oct. 2013)

– 88% concurrence with CO’s recommendation for disapproval

– 30 Accounting; 16 Government Property; 14 Estimating; 10EVMS; 5 Purchasing; 0 MMAS

18

© COPYRIGHT 2014

Emerging Issues: Counterfeit Parts

• DOD has issued two proposed rules relating to Section 818 of theFY 2012 National Defense Authorization Act to define, identify, andprevent the use of counterfeit electronic parts in DOD procurements

– DFARS Case 2012-D055 (May 16, 2013)

– DFARS Case 2012-0352 (December 3, 2013)

• The proposed rules impose significant requirements for acontractor’s purchasing system to be deemed “acceptable”:

– The contractor must ensure that deliverables meet specifiedquality standards, which may be unilaterally selected by the CO

– Significant detection and avoidance requirements

19

© COPYRIGHT 2014

Emerging Issues: Counterfeit Parts

• “Counterfeit parts” are defined broadly as any “new, used, oroutdated, expired item from a legally authorized source that ismisrepresented by any source to the end-user as meeting theperformance requirements for the intended use.”

• The proposed rules place the responsibility of detecting andavoiding the use or inclusion of counterfeit parts on the contractor

– Essentially a “strict liability” standard

– Contractors responsible for any rework or corrective action thatmay be required to remedy the inclusion of counterfeit parts

20

© COPYRIGHT 2014

Emerging Issues: Counterfeit Parts

• Under the proposed rule, purchasing systems must have counterfeitavoidance procedures

– No specific standards, benchmarks, or best practices have beenidentified by DOD

– Places significant risk on contractors to develop an appropriatesystem out of an abundance of caution

• Non-compliance may trigger withholding

– The Purchasing system is most directly implicated

– One counterfeit incident could cause DOD to withdraw itsapproval of the Purchasing system

– Could impact other systems too – e.g., Material Managementand Accounting

21

© COPYRIGHT 2014

Emerging Issues: Beyond DOD?

• The Department of Energy has issued an “Acquisition Letter”implementing its own business systems rule, which largely parallelsthat of DOD

– The Acquisition Letter states that it is effective upon issuance

• First issued 5/2/13; revised 2/12/14

– DOE has also issued a notice of proposed rulemaking regardingits business systems rule

• The rule does not apply to Management and Operating contractors

• The rule adopts five of the six DOD business systems (all butMMAS)

• Will other agencies follow suit?

22

© COPYRIGHT 2014

Nine Tips for Effective Compliance

1. Have a written compliance program – and follow it

2. Know your business systems and routinely evaluate them

3. Document, document, document

4. Monitor enforcement actions and regulatory developments

5. Understand your exposure and potential cash flow issues

6. Invest the needed resources (people and technology)

7. Educate your team – at all levels

8. Communicate – internally and externally (subs, auditors, etc.)

9. Be proactive, not reactive

23