shopify stats

DCAA Audit Survival Guide


The Defense Audit Agency (DCAA) was founded in 1965 with the sole purpose of making it easier for the Department of Defense to audit contractors. Recently, the DCAA has been afforded more power by Congress to gather and demand audit materials. Therefore, it is more important than ever before that contractors be prepared to properly manage a DCAA audit. Contractors are often not aware of their rights and obligations during an audit and so incur increased compliance costs associated with defective audit procedures and findings that could result in penalties, cost disallowances, contract payment withholdings, and False Claims Act allegations.


The DCAA performs several different kinds of audits such as financial capability, incurred cost, systems review (e.g., accounting systems, budget systems), and Cost Accounting Standards compliance audits. They also perform pre-award surveys of prospective contractors. Contractors that engage in cost contracting and have a large volume of government sales are generally subject to all types of DCAA audits. Conversely, contractors focused more on fixed-price contracts and with a smaller volume of sales to the Government may find themselves exempt from certain DCAA audits.


The DCAA has authority to examine and audit contractors’ books, records, documents, accounting procedures and practices, and any other evidence for the purpose of evaluating accuracy, completeness, and pricing data. However, the DCAA does not have unlimited powers. Their authority is limited to records that are kept in the ordinary course of business. Thus, the DCAA does not have authority to demand preparation of any records that the contractor does not already have. Although, the DCAA has no clear statutory, regulatory, or contractual authority to support this position, the DCAA consistently asserts its right to do so. For example, other than commercial items, time and materials, or labor hour contracts, there is no authority granting the DCAA the power to interview employees.


Before any DCAA audit begins, contractors should insist on an entrance conference with the DCAA in order to set the specific objectives of the audit. The contractor’s objectives should include:


  • determining the purpose of the audit
  • agreeing on the scope and plan for performance
  • determining the types of records and data the auditor intends to review
  • pressing for specificity so that an internal plan for compliance with audit requests can be developed
  • identifying and preparing key personnel
  • evaluating the DCAA’s level of access to documents, information and personnel.


During an audit, contractors should also seek additional conferences with the auditor. These interim conferences allow the auditor and contractor to efficiently address any perceived deficiencies or mistakes in the contractor’s data, and to identify and resolve any significant issues before DCAA issues a final report.


Finally, there should be an exit conference that should be held at the conclusion of the audit. Exit conferences provide the contractor with an opportunity to discuss the audit findings with the auditor and to prepare for any negative determinations. Contractors should also use exit conferences as an opportunity to ensure that the auditor’s findings are accurate and should work with the auditor to revise any findings that are not sufficiently supported by objective evidence.


Contractors can also control the auditor’s access to physical documents through their own records manager. The auditor should not be allowed to have free run of the contractor’s facility or unsupervised access to files and personnel. This will assuredly result in negative determinations. Instead, the records manager should bring relevant documents to the auditor. If possible, the auditor should be assigned a designated work space. By controlling physical access to documents, a contractor can reduce the risk of the auditor losing or tampering with documents.


At the close of each audit, the DCAA generally satisfies the government reporting standards by issuing an audit report. Audit reports typically include:


  • A statement that identifies the scope and objectives of the report, including the area, system, or proposal being audited
  • Findings that are presented in an objective manner
  • Adequate objective support for all conclusions
  • A description of any issues that adversely affected the audit
  • A summary of the audit results, including the auditor’s conclusions recommendations for effecting compliance with applicable requirements, and overall opinions.


Given the increased risk that contractors face from overbroad and aggressive requests from the DCAA, contractors should ensure that current policies are in place to effectively manage DCAA audits. They should clearly delineate a chain of command and ensure that all employees likely to be involved in the audit process are aware of their roles and responsibilities. Develop policies that explicitly include processes regarding records access, employee interviews, audit requests, commenting on audit reports, and interacting with the DCAA during the audit. Contractors who do not have current and clear policies in place run the risk of a negative audit report and the costs associated with disapproval of systems that can result in contract withholdings.