Posts

DCAA Compliance for Small Businesses

As a small govcon have you ever thought…do I really need to be DCAA compliant? What if I’m “just a subcontractor” or “too small that DCAA will never notice me”?
We hear the following from companies more often then they’d like to admit:

  • It’s so complicated to get DCAA compliant (insert the eye roll and swipe across the forehead)
  • It’s such as hassle, I’ll do it when we get bigger (the procrastinator)
  • I have both commercial and government business, so the govcon piece won’t get noticed (I’m awesome and therefore the rules don’t apply)
  • It’s too expensive (cheap catches up to you)
  • I only have FFP and T&M contracts, so I won’t get audited (wrong!)
  • If I fail an audit, I’ll get excused because I’m a small business (nope, the small business card doesn’t work with DCAA)

To these “excuses” our advice is…

Get DCAA compliant and now!

Here’s why:

• It’s not as complicated as what you think.
There four primary components to being DCAA compliant – chart of accounts, timekeeping, forward pricing and policies and procedures. No one accounting system is deemed DCAA compliant.  It’s all about how your system is configured and your policies and procedures. A professional firm who knows DCAA compliant accounting is necessary to get the work done right…the first time.

• Small = less $ to become compliant.
Design a system that scales with you and the savings will be impressive. Retrofitting a large existing system to be DCAA compliant is time consuming and expensive.  Don’t get lazy – get it done when you are small.

• It’s a Pass/Fail test.
The is no B or C grade. You either pass or you fail.  Failing costs money and more money than it takes to preemptively become DCAA compliant.

• Timekeeping is like eating healthy.
It’s all about behavior modification. It takes daily reminders to establish healthy eating habits and it is the same for timekeeping. Additionally, it’s the most critical component of the DCAA audit.  Establishing solid policies and procedures for timekeeping when you are small is the easiest way to establish behaviors and set the tone for the critical importance of timekeeping.  Get HR involved because timekeeping should be in your employee handbook.  Educate employees on why timekeeping is important.

• Improve your dating profile.
Teaming partners, especially large integrators, like to work with small businesses that are DCAA compliant. You might not have been audited yet, but you are prepared in case you do and that is half of the battle.

Bottom line – get DCAA compliant now!
BOOST can help and it’s one of our favorite accounting projects. Well, we have lots of favorites, but this one is rewarding and we actually like doing it!  So, now go get healthy, change your behavior, spend some money in order to save some money and prepare for the inevitable.

Introducing BOOST LLC

BOOST was founded to support GovCons as they get to the next level. After reinventing the wheel many times and banging our heads against numerous walls, we have learned what works and what doesn’t. We love working with executives who want to see their organization grow and who value advice from those who have “been there, done that.” We want our small clients to outgrow us. We want our large clients to use us when they need us and then call us back for the next project. We want you to sell your business for the multiplier you want. We want you to be successful.

www.boostllc.net

What is a CPSR and Why Should You Care?

We recently told you about the Contractor Purchasing System Review (CPSR) process, and today we will (attempt to) convince you to care about this mega-compliance hurdle. If you want to read more about a CPSR, check out our white paper here.

There appears to be a trend in government evaluations looking for CPSR compliant contractors. CPSR compliance was an extra 500 points for the recent OASIS bid.  Many of our competitors will happily sell you a CPSR package without blinking at the cost or whether you actually needed it.

Who needs CPSR?
First, the main factor we tell our clients is to assess how much subcontracting work they do.  If your business weighs heavily on issuing a myriad of subcontracts or large procurements in support of your prime contract awards, then you have checked the first box to “needing” a CPSR compliance plan.  The remaining boxes are comprehensive.

Second, if a majority of your work is with the DoD, you may want to consider checking out DFARS 252. 252.244-7001, the regulatory birth of what a CPSR compliant system looks like. Finally, if your contract says you have to be CPSR compliant – we hope you already have systems in place to pass an audit before signing the dotted line.

Finally, most organizations do not like or want a CPSR compliance plan because of the heavy administrative burden it places on corporate processes.  Think about the last time you waited for a large GovCon to issue you a subcontract that was allegedly “on fire.”  In most cases, the subcontractor is issued a letter subcontract or works at-risk with an authorization to proceed (also part of the CPSR compliant program) before the “real” subcontract is issued.  This is because nearly all GovCons with CPSR compliance programs have to take several steps to coordinate awarding a procurement.  These steps were put in place to comply with CPSR requirements.

If we have not talked you out of it and you are ready to start the box-checking, administrative hurdles of CPSR land, consider an organization like BOOST that will tailor a compliance plan to fit your organization. We will not open a canned manual and serve it to you on a platter. We exist to add value. We can provide a customized CPSR plan; if you need it.

DCAA Trends for 2019

After attending a seminar on DCAA Updates provided by one of the local DCAA folks, I thought I’d save you the mediocre breakfast and dry presentation to reclaim an hour of your life.  You can thank me later.

Incurred Costs Proposals

DCAA has been under the gun for the past few years to catch up on their backlog.  Their mantra (which may be on numerous internal PowerPoint briefs) is to “eliminate the backlog.”  As of now, they report that they are relatively done through 2015.

  • The goal is to catch up with 2016 and 2017 in calendar year 2019
  • Numbers provided for their audits in 2018 show that most (53%) came away with a memo, 24% had a report/full audit and 23% were canceled for various reasons.
  • My takeaway (not said outright by DCAA) – If you are under $100M, you’re getting a memo. Keep your stuff relatively in order and you should come out ok.  Don’t get cute with the costs and try to keep things DCAA compliant.

Forward Pricing

DCAA is often tasked with auditing your rates submitted on a proposal.  Given the pressure on margins, I can imagine that there are some “creative” pricing strategies out there.  That being said, why it takes so long to audit these things is elusive to me.  Some stats:

  • The average elapsed days for forward pricing audits:
    • FY11 – 120 days
    • Fast forward to FY17 – 83 days
    • FY18 – 85 days
  • DCAA’s stated goal is to reduce the time but doesn’t seem to be making much progress.
  • Takeaway – have your forward pricing backup ready so you can immediately turn around data calls. Every day you hem and haw over finding that elusive salary survey that you cited (but really used salary.com), is a day you aren’t getting the award.  You can’t speed up DCAA, but you can speed up your response.
  • Make sure your audit backup file documentation is part of your proposal process. Many proposal managers say they will come back to this when the proposal is turned in, but few do.  This makes the audit all the more painful.  More importantly, there is real money (i.e. a contract award) on the line.  Don’t lose because you don’t have your act together.

Contractor Common Mistakes

When asked what DCAA sees most often in terms of mistakes, they cited:

  • Unsupported costs in the Incurred Cost Proposals
    • Fix this by maintaining records of all your costs. Make sure that they are stored on the company shared files, not on someone’s laptop somewhere.  If your controller leaves the company, you still want to have the backup required to argue for allowability.  You could leave money on the table by not having this documentation.
  • Schedule H seems to be the biggest issue on Incurred Cost Submissions – specifically not providing enough detail to justify the costs. Putting one line item for a huge IDIQ isn’t going to cut it.
  • Supporting the basis of costs in your Forward Pricing Submission
    • Again, keep the audit file! If you haven’t done this, start now in 2019.  It is good practice and saves headaches in the future.  Knowing how you back-of-the-enveloped the number is critical for execution.
  • Supporting subcontractor costs as part of your Forward Pricing Submission
    • Getting subK costs is like herding cats. You never know what they actually submit to DCAA and if they are actually competent (and compliant!).  DCAA has to coordinate between their various offices as one office may be reviewing your proposal, but another office may review your subs.
    • Reduce your risk by utilizing an outside pricing SME to evaluate your subs cost proposals. Then you know it’s right.

Executive Compensation

Reasonableness is the theme here.  Reasonable to DCAA may not be reasonable to you, but they don’t care.  Your company’s compensation will be compared to a similar sized company within the same industry.  Geography seems not to matter as much (frustrating for those in high salary areas).  Best bet – utilize legitimate salary surveys as backup.

New Regulations

DCAA must provide an adequacy review of Incurred Costs Submissions within 60 days.  They are laser focused on this number.  Then they must conduct the audit within a year.  So, in theory, all of the backlog will become relatively caught up.

DCAA must also comply with commercially accepted standards of risk and materiality by Oct 1, 2020.  What does that mean?  No one knows, but DCAA is talking to industry to figure it out.  TBD on how that plays out, but fingers crossed it makes contractors lives easier.

2019 Focus

DCAA’s stated focus for this year is:

  • Completing all 2017 and earlier Incurred Costs Submission audits
  • Reducing the days for forward pricing audits
  • Increasing resources (i.e. auditors) in TINA compliance, Real-Time Labor and Material Audits (hello floor checks??) and Business System Audits
    • Expect more Accounting System and estimating system audits specifically

If you need help with any of the above, BOOST makes a living doing this stuff (yes, you can question our sanity).  We can do your Incurred Costs Submission, prepare your pricing, audit your subcontractor’s pricing, support forward pricing audits and provide salary information from our over 25 salary surveys.  We also can help prepare you for accounting system and estimating system audits.

What we cannot do is explain the rhyme and reason of DCAA.  It’s still a bit of a mystery, but hopefully, this summary sheds some light on it.  Or saved an hour of your life. 😊

Cyber Strong

It’s Friday the 13th with Halloween just a few short weeks away (side note: where did this year go?). What frightens you, growing GovCon? Often its lack of differentiation, lack of funding, stale growth, stiff competition (at lower rates!), budget cuts and finding qualified, capable teammates. Here’s one more ill to add to the pile…Cyber Compliance.

At BOOST, we’ve been lucky to have amazing Cyber experts as clients. We love this community – they get shit done. Whether they are on the offense or playing D, they love a good fight, they love to find the loopholes, they challenge the established, and they do it well. This mindset goes well beyond the traditional, old school, fill-in-the-seats GovCon. These types of companies are exactly what the government needs to fight the bad guys.

Having these people in our network has helped open our eyes to the new regulations at the end of the year circling around the new FAR clause that includes CUI compliance. As we all scramble towards the path of compliance, take a step back and ask yourself, what is your organization doing to keep its information secure? What would you do if your organization was compromised or hacked? Do you have a plan? More importantly, is this even on your radar?

All things cyber can be quite scary for a startup, especially if cyber and/or IT is not your background. We must rely on the experts and their guidance. They are out there – many newly established, single -person consultants who are trying to ride the wave of doom and gloom on CUI. Be careful when choosing with whom you’re going to work. BOOST’s partner has been in the business for 10+ years, talks the talk and walks the walk. The company has published books on cyber compliance and is well known in the industry. (Shout out to EmeSec!)

In short, don’t fear the compliance changes that are coming but look to strengthen your company in areas of risk. Grow your network to include expertise in this area. It’s not going away and can help reduce your liability as you grow and scale. Cyber security isn’t simply an industry; it’s a necessity for your business.

If you need a recommendation or introduction, I know a group. Reach out and let’s get you on the path to strong cyber, [email protected].

GovCon Success

Success for everyone is different.  Some may say it’s a lifestyle company; others may point to the infamous sale at $100M.  Further, others say it’s buying the island after the sale.  Regardless of what you define success as, there are certain tenets that are true.

  1. Top Line is for Ego, Bottom Line is Business – essentially, you can push all the revenue you want into your company, but if you aren’t profitable, it does not count.  Don’t sacrifice your bottom line.

 

  1. Culture – if you don’t appreciate your employees or your clients, your reputation will get around the industry.  Poor delivery, major rate hikes in execution, and non-responsiveness of senior leadership will quickly get to the source selection team.  Your employee’s morale will be known throughout the recruiting world.  Your competition will know whether your key personnel are ripe for the picking or if they won’t make a move.  Your clients will know whether your employees are treated well and if they enjoy working for you.  A GovCon that manages to get past the “employees that have gone native” challenge is indeed a success.

 

  1. Compliance – In an industry that is overly regulated and where everything must be documented to the nth degree, staying compliant only keeps you off the front page of the Washington Post (in a good way).  If you plan on staying in this industry or selling at any point, remember that folks have long memories when it comes to scandal in GovCon.  Having your house in order is a success.

 

  1. Diversity – You become successful by listening to those that have differing opinions and different viewpoints and pushing beyond your boundaries.  Diversity of thought, diversity of background, and a diverse client base all bring value.  If you are surrounded by people that look, speak and think like you…you’re not doing it right. You’re missing the opportunity to pivot.  If your leadership team professionally challenges one another, through their different points of view to do better and drive towards your end goal, you are successful.

 

  1. Innovation – This is an overly used term when applied to anything, but it’s hard with which to argue.  If you are a butts-in-seats organization that does pretty much everything, you really have little value or differentiation in a market filled with butts-in-seats organizations.  Success is finding your niche and exploiting it across various agencies/clients and differentiating yourself from the herd.

Perhaps right now, success is just making it through the proposal season, winning your re-compete or hiring a new business development person. Regardless of your measurement of success, remember the above factors in how you keep score.

Need help aligning your team to a common set of goals, with focus on the above? Are you looking to put your strongest proposal foot forward this season?  Shoot me an email at [email protected]

GovCon Voices: A Culture of Compliance

As seen on SmallGovCon.com

When we talk about the federal contracting industry, one of the first things that comes to mind is compliance. We are an overly regulated industry with a ton of laws to abide by, FAR changes to keep up with, legislation of which we need to stay on top. None of it is particularly easy or straightforward, and it sometimes takes experts to keep your organization in compliance. In short, no one can claim they are 100% compliant, nor can they claim to know everything with regards to this industry, especially a GovCon CEO. That’s the bad news.

The good news is that no one expects this of the CEO. However, your attitude towards compliance goes a long way within the organization. The example you set at the top will filter throughout the organization and will go a long way towards establishing and maintaining a company culture that follows the rules of this industry. We all talk about making sure that the company is not on the front page of the Washington Post for getting into hot water with the law or for debarment.

How can you contribute to that as a CEO?
How can you build your organization to take it seriously?
How do you keep from bogging down the wheels of progress and allow the mission goals for you and your clients to be met?

Lead by Example. It sounds so easy, is in every leadership book, and is touted on every trending article on LinkedIn. But ask yourself, who fills out your timesheet? Do you throw 8 hours of your time into G&A and call it a day? Do you have your admin fill out your timesheet? Do you approve your direct reports? Every GovCon has a timekeeping system that requires daily input and ultimately, signature submission and approval of direct reports time.
Do you travel according to JTRs and/or within the per diem rates? Do you expect your folks to abide accordingly? As a GovCon, you just don’t travel extravagantly. Ever.

Put your Money where your Mouth is.  How many emails from the Timekeeping Goon have you received? Do you ever take the time to find out who the repeat offenders are and to speak with them about these transgressions? Ever told your top sales person that they could have their pay docked or lose their jobs if they continue to be non-compliant? It’s that type of discussion (and action) that shows that the company values compliance and takes it seriously.

Have you had your HR folks scrub through your labor categories and the folks associated with them…proactively? Have you righted any salary discrepancies to ensure that your workforce is fairly and consistently paid according to skill set and experience? These suggestions all are dictated by FAR compliance and laws, but in general, they emulate good advice.

Be the leader that the GovCon industry needs and keep your company on the front pages for the work you are contributing to this country; not for running afoul of the rules.

See the original article: http://smallgovcon.com/govcon-voices/govcon-voices-a-culture-of-compliance/#sthash.4Ahp75Xd.dpuf