The Defense Contract Audit Agency (DCAA), as well as the Defense Contract Management Agency (DCMA), tasked with ensuring your compliance with the multitude of Federal Acquisition Regulations (FAR/DFARS), place a good deal of reliance on your established policies and procedures to prevent fraud, waste, and abuse in federal government contract award and performance.
In recent years, more and more emphasis has been placed on the development and implementation of compliant business systems covering accounting and billing (DFARS 252.242-7006), purchasing (DFARS 252.244-7001), estimating (DFARS 252.215-7002), government property management (DFARS 252.245-7003), material management and accounting (DFARS 252.242-7004) and earned value management (252.234-7002). The common thread through these business systems is the need for a written manual containing policies and procedures documenting how your organization addresses compliance with the established requirements.
To avoid the beneficial walk-through of your organization’s processes and the identification of responsibilities and internal controls, many organizations opt to use policies and procedures that they either find on the internet or obtain from other sources. Herein lies the problem. How do you know that what is a compliant practice for one organization will result in a compliant practice for your organization? Large organizations may have more complex compliance practices that are consequently more expensive to implement and maintain than might be required for your organization.
Some of the pitfalls of using these store-bought policies and procedures instead of ones developed specifically for your organization include:
- References to supporting policies, procedures and/or practices that do not exist.
- Identification of responsible personnel and positions that you do not have.
- References to types of contracts you do not have now, or never have had.
- No coordination with existing business systems utilized in your organization.
- Use of terminology that is not consistent within your organization.
- Identification of internal control procedures that do not exist within your organization.
Developing your own policies and procedures, in-house, allows you to work through the processes on a step-by-step basis, identifying and eliminating deficiencies and implementing efficiencies that will make the process better. It will help develop compliant practices that will ensure continued compliance as your workforce grows and matures – as employees leave, transfer within, or are brought on board. It will provide DCAA/DCMA personnel with an immediate understanding of your operation and its level of compliance making that interface more efficient and beneficial.
Writing effective policies and procedures requires an in-depth knowledge of what you are hoping to accomplish and why it is important. You need to understand your operational processes and, if you are a government contractor, what regulations apply and what internal controls and oversight are expected. The policy and procedure development process requires:
- Determining what you are trying to do [purpose].
- Identifying why you are doing it and what is impacted [scope].
- Establishing who is to do what is needed to be done [responsibilities].
- Defining how it is to be done [step-by-step instructions].
- Developing an internal control plan to ensure compliant performance.
It is also important that you:
- Assign a concise descriptive title to facilitate identification.
- Include page numbers so you can tell if you have the entire policy or procedure and not just part of it.
- Establish an effectivity date.
- Define the frequency of when the policy or procedure will be reviewed.
The proper management mindset thinks of the development and implementation of good sound policies and procedures as an investment in compliance and not an expense of doing business. They are not a “necessary evil”, but something that makes life easier and more prosperous going forward.