• PRO
  • Events
  • About Blog Popular
  • Login
  • Register
  • PRO
  • Resources
    • Latest updates
    • Q&A
    • In-depth
    • In-house view
    • Practical resources
    • FromCounsel New
    • Commentary
  • Research tools
    • Global research hub
    • Lexy
    • Primary sources
    • Scanner
    • Research reports
  • Resources
  • Research tools
  • Learn
    • All
    • Masterclasses
    • Videos
  • Learn
  • Experts
    • Find experts
    • Influencers
    • Client Choice New
    • Firms
    • About
    Introducing Instruct Counsel
    The next generation search tool for finding the right lawyer for you.
  • Experts
  • My newsfeed
  • Events
  • About
  • Blog
  • Popular
  • Find experts
  • Influencers
  • Client Choice New
  • Firms
  • About
Introducing Instruct Counsel
The next generation search tool for finding the right lawyer for you.
  • Compare
  • Topics
  • Interviews
  • Guides

Analytics

Review your content's performance and reach.

  • Analytics dashboard
  • Top articles
  • Top authors
  • Who's reading?

Content Development

Become your target audience’s go-to resource for today’s hottest topics.

  • Trending Topics
  • Discover Content
  • Horizons
  • Ideation

Client Intelligence

Understand your clients’ strategies and the most pressing issues they are facing.

  • Track Sectors
  • Track Clients
  • Mandates
  • Discover Companies
  • Reports Centre

Competitor Intelligence

Keep a step ahead of your key competitors and benchmark against them.

  • Benchmarking
  • Competitor Mandates
Home

Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Linked In
  • Follow
    Please login to follow content.
  • Like
  • Instruct

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Register now for your free, tailored, daily legal newsfeed service.

Questions? Please contact [email protected]

Register

Government contracts quarterly

Baker & Hostetler LLP

To view this article you need a PDF viewer such as Adobe Reader. Download Adobe Acrobat Reader

If you can't read this PDF, you can view its text here. Go back to the PDF .

USA February 28 2014

Counterfeit Parts & Cybersecurity Regulation  Changes Continue Impact Contractors  

DOD Publishes Proposed Rule Regarding Detection of Counterfeit  Parts.  

In the last quarterly, we discussed the Department of Defense’s  (“DOD”) first round of proposed rules on DFARS changes regarding  counterfeit parts.  On December 3, 2013, the FAR Councils published  the second of three rounds of regulations laying out steps contractors  must take to prevent the use of counterfeit parts in the supply chain.  78  Fed. Reg. 72,620.  This regulation seeks to clarify when to use higherlevel quality standards in both solicitations and contracts.  This  proposed regulation primarily revises FAR 44.303, adding these higherlevel standards to the list of issues which should be considered during  agency review of contractor purchasing systems.  These standards  must also be flowed down to subcontractors when appropriate, making  this proposed rule of interest to subcontractors in the supply chain.  DOD Issues Final Rule on Cybersecurity Information Sharing.  On  November 21, 2013, the final rule went into effect regarding the DOD  Defense Industrial Base (“DIB”) Voluntary Cyber Security and  Information Assurance (“CS/IA”) Activities.  78 Fed. Reg. 62,430.  The  program allows eligible DIB companies to receive cyber threat  information from the government and share information about network  intrusions that could compromise DOD programs and the government.  DIB participants report cyber breaches to the Defense Cyber Crime  Center's DOD-DIB Collaborative Information Sharing Environment  (“DCISE”), which gathers data regarding cyber threats and develops  countermeasures that the DCISE shares with participating companies.   False Claims Act   Recoveries Total Nearly $4 Billion in 2013.  On December 20, 2013,  the Department of Justice (“DOJ”) announced that for FY 2013 the  federal government obtained $3.8 billion in settlements and judgments  from cases involving fraud against the government.  This year’s high  dollar amount is surpassed only by last year’s historical $5 billion in  recoveries.  This total was spurred by 752 qui tam whistleblower  lawsuits, 100 more than the previous record from FY 2012.   Of the total, $2.6 billion came from health care fraud, which has been  a high priority under the Obama administration.  Additionally, $887  million came from procurement false claims, with $664 million of that  coming from a judgment against United Technical Corp., the largest  judgment in the history of the False Claims Act (“FCA”).  That  judgment is currently under appeal.    US Chamber of Commerce Recommends False Claims Act  Reforms.  Despite the DOJ’s staggering recoveries, a recent report  issued by the U.S. Chamber of Commerce (“COC”) may give  contractors reason for hope.  The report, titled Fixing the False  Claims Act: The Case for Compliance-Focused Reforms, released  October 23, 2013, states that the FCA is “simply ineffective at  preventing fraud as it is currently structured and enforced.”  The  COC proposed numerous reforms to improve the FCA that include:  (1) a reduction to a relator’s share in government recovery; (2) a bar  on qui tam actions brought by former or present government  employees arising out of such person’s employment; (3) a concrete  definition of “false or fraudulent claim” to exclude the judiciallycreated concept of “implied false certification” liability; (4) raising the  standard for proving FCA liability to “clear and convincing evidence”;  (5) amending the FCA damages provision to better reflect actual  government loss; (6) capping statutory damages; (7) amending the  Wartime Suspension of Limitations Act to clarify that it only applies to  criminal sanctions; (8) requiring the DOJ, once it receives a qui tam  complaint, to notify all relevant government agencies and employees  to preserve documents and that failure to do so allows for an  adverse inference be drawn against the government; and (9) a bar  on qui tam suits if the company had previously reported the same  allegations to appropriate government authorities. The COC also  recommended a voluntary compliance program in which participation  would allow for lower damage multipliers. Whistleblower Rule Changes   Contractor Whistleblower Protection.  The FAR Councils issued  an interim rule amending the FAR that will protect employees of  contractors and subcontractors from whistleblowing retaliation.  78  Fed. Reg. 60,169.  The changes, which are implemented in the new   Counterfeit Parts   Cybersecurity   False Claims Act   Whistleblower Protections   Safeguarding Technical Information   Consultant Cost Allowability   Executive Compensation   Legislative & Regulatory Updates   Guest Article — DCAA Is Changing Its  Audit Focus: Are You Ready?  www.bakerlaw.com The Government Contracts Quarterly Update is published by BakerHostetler’s government contracts practice group to inform  our clients of the latest developments in federal government contracting.     This Quarterly Update is for informational purposes only and does not constitute specific legal advice or opinions. Such  advice and opinions are provided by the firm only upon engagement with respect to specific factual situations. This communication is considered Attorney Advertising. FAR 3.908, modify the existing rule by extending application to  subcontractors and expanding the type of disclosures that can be  made and to whom they can be disclosed.  Whistleblowing  protection includes disclosures of gross mismanagement of a  contract, waste of funds, abuse of authority, danger to public  safety, or violations of the law.  The protection does not extend,  however, to disclosures relating to the intelligence community.     Limiting Whistleblowing Legal Costs.  The FAR Councils  issued an interim rule that makes legal proceedings costs  unallowable if a proceeding results in a finding of contractor  liability, the imposition of a monetary penalty, or the head of an  agency orders corrective action.  78 Fed. Reg. 60,173.  This  change, which is implemented through revisions to FAR 31.206- 47, modifies an ambiguous area of the existing rule by clarifying  that reimbursement of contractor legal costs are unallowable if  any kind of corrective action is ordered.  Subsequently, legal  costs related to a whistleblowing complaint cannot be recovered  if there is an order for corrective action.    DOD Issues Final Rule Mandating Higher  Security and Reporting Requirements for  Unclassified Technical Information   On November 18, 2013, DOD issued a final DFARS regulation  which enacted intensified safeguards and reporting requirements  for DOD contractors who work with unclassified controlled  technical information.  78 Fed. Reg. 69,273.  The new rule will be  implemented through DFARS 204.73 and a new clause, 252.204 -7012.  The new clause is mandatory, with no exceptions for  small businesses.  The clause imposes two requirements: (1)  providing adequate security for information systems that contain  unclassified controlled technical information; and (2) reporting  cyber incidents or any compromising of information systems.   Contractors should consider taking steps to comply with this new  requirement.  First, in any system containing unclassified  controlled technical information, the contractor should identify  what data needs to be protected, and follow the information  systems safety protocols outlined in the National Institute of  Standards and Technology (“NIST”) publication identified in the  DFARS clause.  Otherwise, the contractor should speak to the  contracting officer about how to provide adequate security.   Second, the contractor should track, investigate, and report any  potentially compromising cyber incidents, and conduct a damage  assessment as required by the new clause. Consultant and Professional Costs are  Increasingly Questioned by Auditors   On December 19, 2013, the Defense Contract Audit Agency  (“DCAA”) issued an audit alert regarding consulting and  professional service cost audits of cost reimbursable contracts  submitted with incurred cost proposals.  FAR 31.205-33(e) and  (f) leave the door open for inquiry by auditors by requiring  vaguely described levels of evidence and documentation that is  then viewed in the auditor’s potentially subjective judgment.     FAR 31.205-33(e), which addresses the documentation for  retainer fees, requires that retainer fees be supported by  evidence that the services are necessary and customary, justified  by the level of past services and “reasonable in comparison with  maintaining an in-house capability to perform the covered  services.”  The DCAA audit alert explained that while FAR 31.205- 33(f) requires there to be an agreement between contractor and  consultant, copies of invoices, and an explanation of what the  consultant accomplished, the audit team should not focus on a  specific set of documents. Rather, the audit team should evaluate  all evidence, including contemporaneous evidence supporting an  earlier claim.   While the new guidance will help contractors resist auditors that  claim specific types of documents are necessary, auditors still  possess great discretion in determining what level of detail is  sufficient to be rendered acceptable.  These provisions may be  especially onerous to new contractors who have not been  previously audited and do not know what level of detail to maintain  in their billing during the course of their contract with an agency.  OMB Sets Maximum Executive  Compensation   On December 4, 2013, the OMB gave notice that $952,308 is the  “benchmark compensation amount” for FY 2012 government  contracts, an increase of nearly $190,000 over FY 2011.  78 Fed.  Reg. 72,930.  The amount was raised pursuant to Section 29 of  the Office of Federal Procurement Policy Act, as amended (41  U.S.C. § 1127), despite disapproval by the White House.  This  new benchmark applies to both civilian and defense agencies.   This benchmark caps the total annual amount the government will  reimburse contractors for the compensation a contractor provides  to each of its employees for work done on government contracts.   The contractor is, of course, free to pay their employees more  than the cap amount, but they will not be reimbursed for any  amount over the benchmark.  The cap is set by finding the median  compensation level from a data field containing the five most  highly paid employees in management positions at all publicly  owned U.S. companies with annual sales over $50 million.  DCAA Is Changing Its Audit Focus:   Are You Ready?  Guest authors Kellye Jennings, Bill Keating*  Recently-published data on Defense Contract Audit Agency  (“DCAA”) audits has identified a major shift in the focus of the  agency.  From FY 2011 to FY 2012, the number of DCAA audits for  forward pricing, special audits and other audits decreased.   However, the number of incurred cost proposal audits from 2011 to  2012 is up from 349 to 1,795.  In addition, for the first five months of  FY 2013, an additional 2,197 incurred cost proposal audit reports  have been issued.  At this rate, over 5,000 incurred cost proposal  audits will be issued in FY 2013.  However, this only puts a minor  dent into the backlog as approximately 26,000 incurred cost  proposals remained unaudited as of the end of FY 2012.     An incurred cost proposal (“ICP”) is a claim by a contractor for costs  reimbursable under flexibly-priced contracts.  The incurred cost audit  determines if costs chargeable to auditable government contracts  Page 2 are allowable, allocable and reasonable in accordance with contract  terms and applicable government acquisition regulations.  The audit  process generally involves gaining an understanding related to the  basis of the costs and from where the numbers/amounts are derived.   In addition, a walk-through of the submission is generally performed  whereby the auditor obtains documentation of the key controls for  preventing or detecting material noncompliance.  The auditor will then  determine if the company is high or low risk.  Low risk contractors are  audited every three years while high risk contractors are audited  every year.   The DCAA auditor may audit multiple years at one time.     The following are the items that we see as being most frequently  challenged:   Subcontractor costs on time-and-materials (“T&M”)  contracts:  Billing at cost versus labor category billing  rates.   Excessive pass-through costs:  Contracts on Schedule H  of the ICP with subcontracts exceeding 70% of costs  would likely be scrutinized.   Labor category conformance issues:  Determine if  employee qualifications (i.e., education and experience)  comply with contract provisions.   Reasonableness of executive compensation:  An area of  on-going scrutiny as a high level of judgment is often  involved.   Directly associated costs:  Costs that would otherwise be  allowable that are associated with unallowable costs  (e.g., payroll taxes on unallowable compensation costs).   Inadequate documentation:  Another judgment call in  many cases.   Missing records:  If items cannot be substantiated with  records, then they are going to be disallowed.  In addition, DCAA is actively enforcing the provision for penalties on  expressly unallowable costs.  Such penalties are equal to the amount  of the disallowed cost.  As several years of ICPs are open for many government contractors,  the ICP audit process may raise practical issues for many  companies. For example, many companies may encounter difficulties  related to accessibility to systems reports. If the systems records  have been archived or the system has been replaced or updated, it  may be difficult to run reports that would be needed to provide  information to DCAA. Access to source documents may also pose an  issue, as many companies have retention policies that might result in  records being archived or disposed of before the ICP audit occurs.  Finally, turnover in accounting or finance personnel could lead to a  loss of continuity in the audit process. If there are judgmental areas  involved in the ICP, the new team may not have the historical  information to respond to any questions that might arise regarding  these areas.     When DCAA does contact you, it is a good idea to keep in mind the  following “best practices” in dealing with a DCAA audit:   Understand what is being audited.  The notification letter  should clearly indicate what type of audit is being  conducted.  It could be an incurred cost audit, a preaward audit, a post-award audit or some other type of  special audit.   Be prepared.  Understand the programs that the  auditor will be using.  It is much easier to respond to  questions and requests when you understand the  context and objective of the questions and have time to  think through them before responding to them.  The  DCAA programs are public information and can be  found at www.dcaa.mil/cam.html.  Note that the DCAA  audit guidance for incurred cost audits is located in  Chapter 6.   Establish an audit liaison.  It is important to assign a  “point person” to coordinate the information flow  between the company and the DCAA auditor to help  control and track the information that is being  requested and reviewed.  Insist on an entrance and an exit conference.  It is easier  to manage the audit process if you understand how long  DCAA will be on site, how many people will be on site as  well as the length of time the audit is expected to take.   This information is normally communicated in an  entrance conference.  Once DCAA is wrapping up and is  in the process of leaving your site, an exit conference is  important as it gives you the opportunity to respond to the  remaining questions by having a face-to-face dialogue.   Once the auditor leaves the field, it is difficult to make  sure that he or she has the correct information and facts.   Request periodic status meetings for extended audits.   Such meetings enable the contractor to monitor the  government auditor’s activities and provide a forum for  responding to ongoing questions and issues that the  government auditor has preliminarily identified.  Be prompt in your responses and diligent about  meeting deadlines.  Once auditors have drafted their  reports, they are under pressure to have the reports  finalized.  If you do not respond within the requested  period or within a reasonable period of time, the draft  report could become finalized.  At this point, it is very  difficult to deal with factually incorrect or incomplete  findings.    Understand that not all government auditors are the  same.  As with every profession, each auditor has a  different level of expertise and tenure.  It is in the best  interest of your company to be patient with them and  explain things clearly based on their level of  experience and proficiency.    While DCAA’s renewed push to clear out its backlog of ICP audits  may pose a new challenge for your company, there is still time to  prepare. Putting in the time up front to understand what the audit  entails and ensure there are systems in place to handle it will save  time and headaches down the road.  * Guest Authors:  Ms. Jennings is a partner and Mr. Keating is a  managing director with BDO USA, LLP, a professional services  firm providing assurance, tax, financial advisory and consulting  services to a wide range of publicly traded and privately held  companies.  Page 3 Code   Number Agency Regulation Description Last   Action Effective  Date 48 CFR Parts  212, 215, 225,  and 252 DoD To amend the DFARS to further implement DOD policy relating to competitive  acquisitions in which only one offer is received, providing additional exceptions,  and further addressing requests for data other than certified cost or pricing data  from the Canadian Commercial Corporation Final Rule 10/31/13  48 CFR Parts  204, 208, 212 DoD To amend the DFARS to allow the DOD to consider the impact of supply chain  risk in specified types of procurements related to national security systems Interim  Rule 11/18/13  48 CFR Parts  204, 212, and  252 DoD To amend the DFARS to add a new subpart and associated contract clause to  address requirements for safeguarding unclassified controlled technical information Final Rule 11/18/13  48 CFR Parts 44,  46, and 52 DoD,  GSA,  NASA To amend the FAR to clarify when to use higher-level quality standards in solicitations and contracts, and to update the examples of higher-level quality standards  by revising obsolete standards and adding two new industry standards that pertain to quality assurance for avoidance of counterfeit items Proposed  Rule 12/3/13  48 CFR Parts  211, 212, 218,  246, 252 DoD To amend the DFARS to update and clarify requirements for unique identification  and valuation of items delivered under DOD contracts Final Rule 12/16/13

Baker & Hostetler LLP - Hilary S. Cairnie and Kelley P. Doran

Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Linked In
  • Follow
    Please login to follow content.
  • Like
  • Instruct

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Filed under

  • USA
  • Internet & Social Media
  • IT & Data Protection
  • Projects & Procurement
  • Baker & Hostetler LLP

Topics

  • Computer security
  • Whistleblower
  • Qui tam
  • Legal burden of proof

Organisations

  • US Department of Defense

Popular articles from this firm

  1. Is It Just a Puff? *
  2. IRS reporting requirements for class action settlement payments and court awarded damages *
  3. Giving Birth to Federalized Pregnancy Accommodation Standards: Pregnant Workers Fairness Act and Providing Urgent Maternal Protections for Nursing Mothers Act *
  4. A Recent DoorDash Opinion Addresses Several Pivotal Arbitration Issues *
  5. Current State of BIS Export Controls in Response to the Russian Federation's Invasion of Ukraine *

If you would like to learn how Lexology can drive your content marketing strategy forward, please email [email protected].

Powered by Lexology

Related practical resources PRO

  • How-to guide How-to guide: How to draft a privacy policy, and privacy and data security provisions in contracts (USA) Recently updated
  • Checklist Checklist: Drafting a consumer privacy policy (USA) Recently updated
  • Checklist Checklist: Completing a data incident response plan assessment (USA) Recently updated
View all

Related research hubs

  • Whistleblower
  • USA
  • Internet & Social Media
  • Projects & Procurement
Back to Top
Resources
  • Daily newsfeed
  • Commentary
  • Q&A
  • Research hubs
  • Learn
  • In-depth
  • Lexy: AI search
  • Scanner
Experts
  • Find experts
  • Legal Influencers
  • Firms
  • About Instruct Counsel
More
  • About us
  • Blog
  • Events
  • Popular
Legal
  • Terms of use
  • Cookies
  • Disclaimer
  • Privacy policy
Contact
  • Contact
  • RSS feeds
  • Submissions
 
  • Login
  • Register
  • Follow on Twitter
  • Follow on LinkedIn

© Copyright 2006 - 2023 Law Business Research

Law Business Research