On January 15, 2010, the U.S. Department of Defense (“DoD”) released a proposed rule concerning the internal controls and business systems contractors must have. 75 F.R. 2457 (Dec. 24, 2009). Though the general requirements appear familiar—and probably should be redundant with contractors’ existing compliance apparatus—once final, this rule may result in a significant change in DoD’s ability to impose severe penalties for deficient business controls. Comments on the proposed rule are due on or before March 16, 2010. Contractors affected by the proposed rule would be well-served by submitting thorough and compelling comments regarding how the proposed rule could be changed to enhance predictability in audits and even-handedness in enforcement.

The specific changes the proposed rule would make are these: (1) clarification of the concept of contractor business systems; and (2) implementation of compliance enforcement mechanisms based on this more precise definition of what contractors must have in place, and what will be examined by the Defense Contract Management Agency (“DCMA”) and the Defense Contract Audit Agency (“DCAA”).

The proposed rule would define “deficiency” as “failure to maintain an element of an acceptable” business system. “Business systems” would be defined to include accounting systems, earned value management systems, estimating systems, material management and accounting systems, property management systems, and purchasing systems. If an audit revealed deficiencies in these systems, contracting officers would be required to notify the contractor, withhold payments, and monitor the contractor’s implementation of a remediation plan. The contract clause implementing the proposed rule would be required in any solicitation for the following: (1) cost-reimbursement, incentive type, time-and-materials, or labor-hour contracts; (2) fixed-price contracts with progress payments made on the basis of costs incurred by the contractor or on a percentage or stage of completion; or (3) construction contracts that include the clause 52.232-27 of the Federal Acquisition Regulation (“FAR”), Prompt Payment of Construction Contracts.

The proposed rule contains long lists of criteria business systems must meet to be “acceptable.” For example, with regard to cost-estimating systems, to be acceptable, such systems must: (1) be maintained, reliable, and consistently applied; (2) produce verifiable, supportable, and documented cost estimates that are an acceptable basis for negotiation of fair and reasonable prices; (3) be consistent with and integrated with the contractor’s related management systems; and (4) be subject to applicable financial control systems. DoD auditors will evaluate estimating systems to ensure that the systems accomplish these tasks:

Establish clear responsibility for preparation, review, and approval of cost nnestimates

  • Provide a written description of the organization and duties of the personnel responsible for preparing, reviewing, and approving cost estimates
  • Assure that relevant personnel have sufficient training, experience, and nnguidance to perform estimating tasks in accordance with the contractor’s established procedures
  • Identify the sources of data and the estimating methods and rationale used in developing cost estimates
  • Provide for appropriate supervision throughout the estimating processnn
  • Provide for consistent application estimating techniques
  • Provide for detection and timely correction of errors
  • Protect against cost duplication and omissions
  • Provide for the use of historical experience, incuding historical vendor pricing nninformation, where appropriate
  • Require use of appropriate analytical methods
  • Integrate information available from other management systems, where appropriate
  • Require management review, including verification that the company’s estimating policies, procedures, and practices comply with this regulation
  • Provide for internal review of and accountability for the acceptability of the nnestimating system, including the comparison of projected results to actual results, and an analysis of any difference
  • Provide procedures to update cost estimates in a timely manner throughout nnthe negotiation process
  • Address responsibility for review and analysis of the reasonableness of subcontract prices

At first blush, this list of attributes seems to address matters of common sense. The “rub” is that the proposed rule would allow the contracting officer to withhold payments reimbursing the contractor for costs incurred, incentive payments, or progress payments based on any deficiencies. In addition, the language used to describe the attributes an estimating system must meet is sufficiently vague that reasonable people could disagree regarding a system’s compliance with them. Thus, the proposed rule enhances the risks contractors face in establishing and maintaining their estimating systems.

The proposed rule should be understood in the context of the current public-policy climate. DCAA has come under fire for failing to police contract accounting adequately. A September 23, 2009 report from the U.S. Government Accountability Office accused DCAA of having “[a] management environment and agency culture that focused on facilitating the award of contracts and an ineffective audit quality assurance structure.” Moreover, the Obama Administration has made one of its key policies the eradication of waste and abuse in connection with government contracts, and implemented this policy by supporting legislation, such as the Fraud Enforcement and Recovery Act passed in March 2009, which “beefs up” the government’s enforcement capability with respect to procurement contracts. Therefore, contractors should expect that auditors and contracting officers will be aggressive, if the proposed rule is passed, in using their new cost-disallowance authority to withhold payments based on deficiencies in business systems. This fact, combined with the subjectivity involved in determining whether a particular business system meets the criteria set forth in the proposed rule, makes the proposed rule worthy of defense contractors’ attention.

So what should contractors do? We offer two suggestions for practical steps contractors can take to address the proposed rule. First, consider drafting and submitting comments on the proposed rule. In particular, comments that propose more definite standards or provide a template for the policies and procedures companies can use to implement their business systems would enhance certainty. Alternatively, contractors could propose amendments to the proposed rule that cite to, or incorporate by reference, existing accounting or internal control standards that the contractors’ systems already meet. In other words, contractors could submit comments suggesting the proposed rule be modified to include a statement such as, “estimating systems meeting ISOXXXX certification shall be presumed to meet the listed characteristics and this presumption may be overcome only by written findings citing specific facts showing that the systems in question do not meet the standard.”

Second, contractors should conduct some level of self-evaluation against the standard proffered by the proposed rule. Create a checklist and evaluate whether existing business systems meet each element. If existing systems are lacking, now is the time to address deficiencies, before the rule becomes final and any deficiencies can be used by contracting officers to withhold payment under certain contracts.