Since undergoing scrutiny as a result of 2008 and 2009 Government Accountability Office (GAO) reports, the Defense Contracting Audit Agency (DCAA) has altered policies to alleviate charges that it lacks independence and softens audit results for contractors. One such policy change occurred on March 3, 2009, when DCAA revised its procedures by eliminating the Branch Manager/Resident Auditor approval previously required prior to submission of a fraud referral to DCAA Headquarters and the Department of Defense (DoD) Office of Inspector General (DoD OIG). While this change occurred more than three years ago, the effects are only now hitting contractors with full force, and include unwarranted, expensive, and time-consuming responses to DoD IG investigations.  

Form 2000 “Review” Process: Limited to Clarity and Completeness

For DCAA, the process for referring potential fraud is embodied in Form 2000 and its accompanying instruction. Since its 2009 revision to eliminate management approval prior to submission to DCAA Headquarters, Form 2000 requires only:

  • Field auditor identification;
  • Contractor identification;
  • Government entities affected by the irregularity;
  • Classification of the irregularity (i.e., defective pricing; product substitution; accounting
  • mischarging; billing; labor; accounting; false claim; ethical violation such as kickbacks, gratuities,
  • or bribery);
  • A concise description of the irregularity;
  • Reason for treating as “other than normal questioned costs (e.g., if suspected fraud, where is the
  • material statement, which is false, and why do you think it is known by the maker to be false?);”
  • Estimated loss or impact to the Government; and
  • Signature of auditor and date.

According to DoD OIG’s policy on fraud referrals, auditors should make such referrals “in accordance with their organizations’ guidance” and “should discuss the irregularities or potential fraud indicators with their supervisor and management prior to making a referral.”[1] Although DCAA also recommends its auditors communicate suspected fraud to audit supervisors, those supervisors are limited in their review and are warned not to dissuade an auditor from completing and submitting a DCAA Form 2000.  

DCAA clarified its instructions for reporting suspected contractor fraud on December 23, 2010.[2] As is clear from the form itself, the initiation of a report begins with the field auditor.[3] If requested by the auditor, supervisors and Field Audit Office (FAO) managers may review and distribute such referrals, but there is no guarantee they will even see a referral prior to submission to DCAA Headquarters. If a supervisory auditor is given an opportunity to review, it is solely for a determination of clarity and completeness. Moreover, the guidance strictly states, “[n]o attempt should be made to dissuade an auditor from completing and submitting a DCAA Form 2000.”[4] Although auditors who reasonably suspect fraud may “discuss the apparent unlawful activity with the supervisor, FAO manager and the Regional Investigative Support Division to determine whether a DCAA Form 2000 should be prepared,” such discussions “should not in any way impede the auditor from forwarding a potential unlawful activity referral.”[5]  

How this admonition is interpreted by individual supervisory auditors may vary, but one can easily foresee difficulties in discussing whether the auditor reasonably suspects fraud in a way that would not be interpreted as “in any way impeding” or “dissuading” the auditor from forwarding the referral. DCAA’s guidance lacks any notion of the more experienced, supervisory auditor providing substantive advice or recommendations for the field auditor to consider. If the supervisory auditor does receive a Form 2000 for review, the DCAA Instruction recommends it be submitted to FAO management for a further review for clarity and completeness, but the FAO manager is likewise warned against dissuading an auditor from completing and submitting a DCAA Form 2000.[6] Such warnings, as well as the elimination of a mid-level approval process, have effectively rid DCAA’s fraud referral process of a meaningful, substantive review during an appropriate stage of consideration.  

It is only after DCAA’s Form 2000 is sent to DCAA Headquarters that it is officially approved or rejected before being sent to DoD IG. Yet, even at Headquarters, the review is likewise cabined to one for “completeness and clarity related to the established criteria for irregular activities.” In the unlikely event of a rejection, DCAA Headquarters must notify the preparer in writing of the reason(s) for a decision to reject the submitted Form 2000 and advise the preparer of the availability of the DoD Hotline to report the condition if in disagreement with the Headquarters decision.[7]  

DoD IG Advises DCAA Auditors to Err on the Side of Caution

Given the limited review of a DCAA referral of suspected fraud or other irregular activity, the standards provided to auditors for determining whether to submit a referral are worth reviewing. The DoD’s Office of Inspector General advises that “[a]uditors, their supervisors, and managers should remember that they should make a referral even when they do not have all the information.”[8] No “standard checklist or criteria exists for when an auditor should make a fraud referral” but instead auditors must use “sound professional judgment based on past experience and knowledge.”[9] Auditors are instructed by the  

DoD IG that they “do not need proof” and that when a referral is made, “they are not accusing anyone of committing fraud.”[10] DoD admonishes auditors to “err on the side of caution and, when in doubt, make a referral.”[11] DoD IG’s “key points” for DCAA auditors who must decide whether sufficient information exists to make a referral are as follows:

  • Auditors do not need to determine that criminal intent existed.
  • Auditors should not be influenced by comments about whether an investigation will be opened or
  • actively conducted.
  • The auditor may consider input from an investigator, agency general counsel, or other agency
  • staff, but is ultimately responsible for complying with reporting rules.

Overall, the guidance issued by DoD IG to DCAA could encourage even a somewhat reticent auditor to refer an ambiguous set of circumstances. The message is that DoD IG will conduct the further investigation, and that DCAA’s job is merely to identify potential instances of fraud and refer them appropriately. Although DoD IG advises auditors to use their best judgment, its admonition that ultimate responsibility resides with the field auditor – combined with the lack of a required mid-level approval process – has resulted in a surge of fraud referrals.

Recommendations: the DCAA Fraud Referral System in Practice

In some cases, DCAA referrals appear to be based on a specific concern about potential fraud. However, due to the current lack of meaningful intermediate management review, those concerns are not always well founded. As a result, an improvidently issued Form 2000 may cause both the government and the contractor to spend time and resources on an investigation that turns out to be unnecessary. In this context, making an effort to reach out to the IG agent early in the process can pay substantial dividends. Although this type of proactive communication may be rebuffed, it may give the contractor an opportunity to better understand the nature of the allegations and potentially to defuse them by clearing up what may be nothing more than a misunderstanding of the governing law or the facts on the ground.  

In other instances, the Form 2000 referrals appear to be due to frustration with the speed or thoroughness of a contractor’s responses to audit requests. The result of this type of referral is essentially a super-audit, in which the IG community carries DCAA’s water and issues a subpoena that includes wide-ranging audit-type requests rather than a focused set of requests aimed at uncovering particular fraudulent activities. In these instances, DCAA’s line auditors may be taking their cue from the DoD IG’s guidance that “Denials of audit access to DoD programs and operation or a pattern of untimely responses to audit requests may be a fraud indicator.”[12] In that event, however, the auditors are overlooking the rest of the DoD IG’s guidance on this point, which instructs that referrals of this kind are appropriate only “when the auditor has reason to believe that such actions [i.e., denials or delay in access] are an attempt to prevent [DCAA] from discovering or reporting a potential fraud which the auditor identified.” Id. In other words, a Form 2000 should not be issued solely due to denials or delays in access, which in and of themselves are not necessarily a fraud indicator. Rather, denials or delays in access should result in a Form 2000 only where the auditor has some pre-existing reason to believe that fraud has occurred and that the contractor is attempting to conceal it. In the case of a Form 2000 referral based solely on delayed audit responses, early intervention with the IG agent again may be advisable, to attempt to clarify and respond to the government’s true concerns.  


The elimination of a mid-level approval process for suspected fraud referrals reflects DCAA’s desire to reduce the likelihood of improper filtering by supervisors, who were found by the GAO in 2008 and 2009 to have exerted improper influence over audit findings to contractors’ benefit.[13] Yet

DCAA’s elimination of the mid-level review and approval process, and its accompanying instruction to supervisors to advise solely on issues of “clarity and completeness,” has created the opposite extreme: a surge of referrals that in many cases are unjustified and would not pass a more experienced auditor’s assessment of a reasonable suspicion of fraud or other unlawful activity. DoD IG’s guidance to auditors in determining whether to submit a referral has likewise fueled auditors to make the referrals even when substantial questions exist about the level of proof or lack of intent, and where auditors may disagree about whether to submit such a referral. For now, contractors who find themselves the subject of Form 2000 referrals are left with the daunting and often frustrating task of finding a knowledgeable and accountable representative from either DCAA or DoD IG, with each agency potentially disclaiming the ability to answer meaningful questions about the reason for the referral or the scope of a DoD IG subpoena issued following such a referral. DCAA would be well-advised to review its fraud-referral process in conjunction with DoD IG to determine whether greater communication between the two agencies, perhaps earlier in the process and without a formal referral, might alleviate some of the burden on both contractors and the government of responding to unjustified suspected fraud referrals. For their part, contractors may benefit from a proactive response to Form 2000 referrals and resulting DoD IG subpoenas. Early efforts to define and, to the extent possible, address the true concerns underlying a referral may save substantial time and expense in responding to a full-fledged investigation.