Beason & Nalley Services, with a commitment to quality and added value for our clients
back to Beason & Nalley home page

CONTACT US

SITEMAP

CLIENT LOGIN
 

 
 

Newsletters

Archives

February 2005

Estimating System Restoration and a Success Story back to top

Professional and Consulting Fees: Documenting Allowability

By: Darryl L. Walker, CPA, CFE

Regardless of whether your company is large or small, a solid foundation of internal controls to ensure timely submission of accurate cost proposals is critical to maintaining a credible partnership with your customers. Such a series of internal controls is often referred to as an "estimating system", and the success of negotiating a profitable contract award value if predicated on that system.

Effective estimating fundamentals include having a competent and experienced team of professionals that understand the solicitation requirements, and know how to gather relevant and accurate technical and pricing data for consolidation into a winning bid proposal. Other characteristics of a system for producing reliable estimates include access to solid internal or eternal factual data upon which to prepare the bid, ensuring that the bid is consistent with the accounting system, and maintaining a system of checks and reviews of the estimating process.

In my article published in NCMA's May 2004 "Contracts Management" magazine, entitled "Is Your Estimating System Asking for Trouble", you'll see the predominate attributes of a solid and effective system for producing timely and reliable cost estimates for your customers. Although I do not suggest that every contractor create an elaborate set of formal estimating procedures, I do suggest that companies on the fast-track in government revenue growth develop written estimating procedures, or otherwise evaluate existing practices and "restore" those practices, if necessary, to a level of competence in proposal development.

And now a success story related to getting a client's estimating system in better shape. Our company was recently engaged by a major government contractor to assist in preparing a corrective action plan that addressed major DCAA audit reported estimating deficiencies and recommendations for improvement. The auditors found what they considered inadequacies in all five major estimating system internal control objectives (as defined within the DCAA audit program). As a result, DCAA deemed the system, taken as a whole, as inadequate, and requested that the contractor respond to those findings with a corrective action plan within 90 days after the audit report was issued. The issues set forth by the government received nationwide news media and political attention.

We assisted in preparing a corrective action plan, updating and rewriting estimating manual procedures, and providing estimator training recommendations to remedy the government's concerns. After a lengthy collaborative effort among the contractor staff, our personnel, and government authorities to improve the estimating system, the company was able to get a passing grade by the government and avoid future penalties and avert continued and extensive audit oversight.

The message here is to be proactive in establishing a viable, effective estimating system that will pass the FAR and DFARs requirements before the auditors come looking for trouble. Having an estimating system ready for review, fully compliant with regulatory guidelines and auditor expectations, will save you much heartache when the government deems it time for a formal review of that system. If you produce a lot of cost proposals during the year, it is time to take a second look at your practices, match those practices to acceptable estimating guidelines, and implement improvements if necessary.

For more information on the above topics, please contact Darryl Walker at 256-533-1720 or email at dwalker@beasonnalley.com.

Social Engineering: Why You Need a Meeting With Your Friendly Receptionist back to top

Submitted by: Jeremy Jeffreys, CPA

Even in today's risk-attuned business climate, mid-sized companies may find that their sensitive information is leaking from surprising sources. One of the least addressed risks for businesses across all industries is the subtle, yet damaging phenomenon of social engineering.

SearchSecurity.com defines social engineering as "a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures." It's psychological hacking, if you will. And it works because most organizations train their personnel to be customer friendly to a fault. Social engineers rely on mantras such as "the customer is always right" to gain access to potentially damaging business intelligence. Anyone can engage in social engineering, but the perpetrators are typically competitors and former and current employees. The goal of social engineering is to obtain, as easily as possible, information such as confidential reports, financial statements, sales data. product sourcing data or even an individual's user identifier and password for computer access.

Managers might be surprised to learn that much of the information social engineers wish to obtain may not be considered sensitive. A social engineer can take your company's internal phone list and use it to gain information from employees (e.g., "Hi. I'm calling for John in accounting at extension 123. He asked me to get some information from you to finish a report:'). Bits of innocuous information can fill in parts of a picture that you don't want anyone to see. Accomplished social enqineers can, and do, get their best intelligence from personnel who are not recognized or trained as keepers of important information.

Some social engineers even enter target businesses by appearing to belong to the company. They may dress the part and follow employees throuqh secured doors, sometimes even displayinq a counterfeit security badge. There are no technological silver bullets to reduce or eliminate social engineering. The only way to reduce the threat is to implement, and monitor compliance with, security policies and procedures and train personnel to better guard your organization's information. Some best practices for personnel include:

  • Destroy sensitive information. whether it's stored on paper, CD-ROMs. diskettes or tapes, when it is no longer needed.
  • Store sensitive information in secure cabinets or other access-controlled locations when it is not in use.
  • Question any requests for information, sensitive or not. that seem unusual - regardless of who asks for it.
  • Remove security badges and other identifying items when outside of your organization's facilities. Avoid discussing sensitive information in public places such as restaurants and elevators.

Mid-sized companies may not need a full-time risk management team to scrutinize all requests for information, but it is critical to put certain safeguards in place. Remember, although it can be difficult to keep an ardent social engineer from penetrating your organization, diliqence and employee awareness can make the task so undesirable that the would-be perpetrator will move on to an easier target.

If you would like any additional information or have any questions, please contact Jeremy Jeffreys at 256-533-1720 or jjefferys@beasonnalley.com.

Written by: Jeff Hall of RSM McGladrey's National Information Technology Solutions Group
Published in: RSM McGladrey May/June Ideas Publication

Are you subject to the requirements of the Cost Accounting Standards (CAS)? back to top

Understanding the CAS thresholds and how it affects your business.

Written by: Chad Braley

Understanding situations and conditions that trigger CAS coverage is something that has confused many government contractors over the years. We have recently encountered two situations that have been especially perplexing to our clients.

  1. One client consistently accepted the CAS flow down clauses from FAR Part 52 that were included in their subcontract, therefore certifying that the subcontract was subject to CAS and that the company would comply with the requirements of the 19 Cost Accounting Standards. They in turn developed a Disclosure Statement (Form CASB DS-1) and submitted it to their prime contractor.
  2. A second client received their first CAS covered contract valued at approximately $10 million and then completed an entire CASB Disclosure Statement (disclosure of all cost accounting practices) and began implementing the necessary changes to their cost accounting infrastructure in order to comply with all 19 standards.

Each is these situations represents a scenario where the guidance and verbiage of CAS, combined with the fact that no prime contractor is looking out for their subcontractors' best interest consistently confuses clients. First and foremost, it is important that government contractors are fully aware of the exceptions to CAS coverage. Those exceptions, as defined by CFR 9903.201-1 (b) are as follows:

  1. Sealed bid contracts
  2. Negotiated contracts and subcontracts not in excess of $500,000.
  3. Contracts and subcontracts with small businesses .
  4. Contracts and subcontracts with foreign governments or their agents or instrumentalities or, insofar as the requirements of CAS other than 9904.401 and 9904.402 are concerned, any contract or subcontract awarded to a foreign government concern.
  5. Contracts and subcontracts in which the price is set by law or regulation.
  6. Firm fixed-price contracts and fixed price with economic price adjustment (provided that price adjustment is not based on actual costs incurred) contracts and subcontracts for the acquisition of commercial items.
  7. Contracts or subcontracts of less than $7.5 million, provided that, at the time of award, the business unit of the contractor or subcontractor is not currently performing any CAS-covered contracts or subcontracts valued at $7.5 million or greater.
  8. Contracts or subcontracts awarded to the United Kingdom contractor for performance substantially in the United Kingdom, provided that the contractor has filed with the United Kingdom Ministry of Defense, for retention by the Ministry, a completed Disclosure Statement which shall adequately describe its cost accounting practices.
  9. Subcontracts under the NATO PHM Ship program to be performed outside the United States by a foreign concern.
  10. Contracts and subcontracts to be executed and performed entirely outside the United State, it territories, and possessions.
  11. Firm-fixed-price contracts or subcontracts awarded on the basis of adequate price competition without submission of cost or pricing data.

If one of these exceptions applies to your contracts, exercise it because you are not subject to CAS. Just as you would never turn down a free gift, even if you hate it, don't turn down the ability to avoid CAS coverage. In the first scenario, our client qualified for a CAS exemption under exemption #7 because the client had never received a CAS covered-contract or subcontract in excess of $7.5 million. Because the company did not received an initial "trigger" CAS covered contract greater than $7.5 million, they are not CAS covered by regulation. Reversing the certifications and representations in the contract to exclude the CAS clauses is another issue and a legal one at that, so we won't digress into it in this article. Be cautious when reviewing the terms and conditions of your contract. FAR Part 52.230 "Cost Accounting Standards, provisions and clauses" can be misleading because it notes that if the contract is greater than $500,000 then it is subject to CAS. What many contractors fail to examine, however, is that this clause is only applicable if an exception to CAS coverage, per 48 CFR 9903.201-1, does not exist.

A government contractor need not worry about compliance with most CAS standards and the administrative procedures that go with CAS coverage (spelled out in FAR Part 30) until a "trigger" contract is awarded exceeding $7.5 million, and that trigger contract is not otherwise exempt from CAS, per the exemptions previously mentioned. If a contractor receives a CAS covered contract greater than $7.5 million, but less than $50 million, that contract is subject to Modified-CAS coverage which only requires compliance with CAS 401, 402, 405, & 406. After that initial triggering event, all future contract awards (not otherwise exempt from CAS) that exceed $500,000 in award value will be subject to Modified-CAS coverage as well. The contractor remains under modified coverage until the company receives one CAS covered contract in excess of $50 million or has received $50 million or more in net CAS-covered awards in the preceding cost accounting period. This is an important distinction to remember since the requirements vary significantly between full and modified CAS coverage.

In the second client scenario, the company erred in certifying that the prospective contract award would be subject to all 19 CAS standards because that was their first CAS-covered contract/subcontract award in excess of $7.5 million, which triggers only modified CAS-coverage. This company incurred significant expenses in attempting to comply with all of CAS when in fact the company was subject to the four standards (modified CAS coverage). The company relied on the terms and conditions in the contracts, rather than the actual FAR and CAS guidance, which led them to believe they were fully CAS covered.

Making the jump from no CAS coverage to any type of CAS coverage is no minor task. Before you go out of your way to modify, document, or change any cost accounting practices to comply with CAS, make sure you are actually subject to CAS provisions. If you still feel uncertain as to whether your contracts or subcontracts are CAS covered, request outside assistance before you spend substantial funding in your attempt to comply. CAS requirements can often be as clear as mud. Understanding the 'trigger" points and the exceptions to CAS coverage will make your life with the government less stressful.

For additional questions on CAS coverage, please contact Chad Braley at 256-533-1720 or cbraley@beasonnalley.com for guidance through this complicated maze.

Coffee Talk back to top

Don Nalley will be speaking at the CFO Roundtable Meeting in Madison, AL on February 23, 2005. Topic is "CFO's as Prognosticators and Performance Drivers".

Scott Butler and Chad Braley taught the Government Contract Accounting Systems Compliance course in Washington, DC. This course is presented by Federal Publications Seminars.

Beason & Nalley, Inc. is hosting a seminar on "Ten Ways to Turbo Charge Your Business" on February 16, 2005.

Tommy Beason was appointed by the Mayor of Huntsville, AL to the Huntsville Housing Authority Board. The Housing Authority is responsible for public housing in Huntsville.

Darryl Walker gave a presentation to an audience for the Alabama A&M Research Institute's Annual SBIR/STTR Conference at the A&M campus. The presentation was on general government cost accounting guidelines in doing business with the government.

Beason & Nalley has been ranked number 15 among the state of Alabama's accounting firms by Top Rank Alabama 2005.

Related Information:

BACK to Archives

Also see:
Why Choose Us?  |  Industries  |  Contact Us

back to top TOP

Related Information 

___________

About Us  ::  Services  ::  Industries  ::  Why Choose Us?  ::  News & Events  ::  Success Stories  ::  Resources  ::  Careers  ::  Contact Us  ::  Sitemap  ::  Home

Copyright 2008. Beason & Nalley, Inc. All Rights Reserved.
Privacy Statement. Contact Beason & Nalley, 800.416.1946, 256.533.1720