2 Breakout Session # 1909 Penny L. White, J.D., Director, Supply Chain Systems and Processes Colleen Gates, Lead, Compliance & Support Marquita Moore, Compliance Analyst, Compliance & Support United Space Alliance, LLC April 16, 2008 10:50am–11:50am Developing an Effective Internal Review Program
4 United Space Alliance is a world leader in space operations with extensive experience in virtually all aspects of the field. Headquartered in Houston and employing 10,000 people in Texas, Florida and Alabama, USA is applying its broad range of capabilities to NASA’s Space Shuttle, International Space Station and Constellation programs as well as to space operations customers in the commercial and international space industry sectors.
5 Agenda Audits/Reviews- The Basics –Audits vs. Reviews –Subcontracts organizations audited/reviewed –Auditors/Reviewers Developing Your Own Program –Internal Review Program –What should be included –Critical factors Establishing a Successful Review Program –Sample Internal Review Plan –Sample Review Descriptions –Sample Calendar
6 Agenda cont’d Analyzing the Data Communicating the Results Correcting Deficiencies Conclusion
8 Audits vs. Reviews Audits –An examination of records or financial accounts to check their accuracy. –The examination by an outside party of the accounts of an individual or corporation. Reviews –To look over, study, or examine again –To examine with an eye for correction
9 Why are Subcontracts organizations audited/reviewed? Participate in government contracts & transactions Company vehicle for spending funds Personnel bear an ethical responsibility
10 Why are Subcontracts organizations audited/reviewed? Cont’d Conduct to: –Examine business processes & company transactions –Ensure compliance with applicable laws, regulations, statutes, standards, policies, & procedures –Evaluate for Process improvements –Examine effectiveness or weaknesses in business process controls –Examine business judgment & risk management –Recommend & encourage preventative measures, corrective action, & process improvements
11 Who Performs Reviews? Government Reviewers –Defense Contract Audit Agency (DCAA) –Defense Contract Management Agency (DCMA) –Defense Criminal Investigative Service (DCIS) –General Accounting Office (GAO) –National Aeronautics and Space Administration (NASA) –Department of Defense (DOD) –Office of Inspector General (OIG) –Occupation Health and Safety Agency (OSHA) –Congressional Committees Representatives (Congressional Inquiries)
12 Who Performs the Reviews cont’d Independent Organizations –ISO –Independent Financial Assessments Company Internal Reviewers –Department Internal Reviewers –Company/Corporate Internal Reviews
14 Why do you need an Internal Review Program? Monitor health of your subcontracting process Ensure that you are complying with the following: –Policies and Procedures –Laws and Regulations Improve efficiencies in your business processes Utilize Best Practices Support early identification of problems Identify, correct and prevent findings before external reviewers uncover
15 How do you determine what should be included? Advance notification/consent Cost Accounting Standards (CAS) Flexibly Priced Contracts Allowable Cost and Payment Purchasing Card Programs Source Selection Processes Postaward Administration Subcontract Cost or Pricing Data Supplier Diversity Programs Supplier Certifications Business Systems Determine major areas of scrutiny
16 How do you determine what should be included? Look at other reviews performed by external auditors of your company or similar companies Look at areas identified in the media/recent court cases/new regulations Assess prior review reports –Where were the problems? Solicit management team for concerns Perform a risk assessment
17 What are other critical factors in developing plan? Types of Reviews –Process Reviews –Transaction Reviews –Combination of Both Review Methodology –Subjective –Objective –Combination of both Frequency –Monthly –Quarterly –Twice Yearly –Yearly Reviewers –Buyers –Management –Compliance/Advisory Group
18 What are other critical factors in developing plan? Cont’d Selection of Sample – Statistically based Method of Feedback –Formal vs. Informal –Detailed debrief vs. Summary Purpose of Review –How will results be used –How will corrective actions be analyzed/implemented
20 Sample Internal Review Plan The process reviews should be: –Objective –Measurable –Complete –Relevant –Detailed for a specified time frame –Achievable with available resources –Fit into normal, routine activities Foster a team environment –Not adversarial
21 Sample Internal Review Plan cont’d Be flexible and adjust your plan as needed Plan should be complete with details for each review Identify the following on your review plan –Scope of review –Procedures –Frequency –Data Needed to Support –Focus of Review –Checklist: Review questions
23 Sample Areas of Focus Post-Award Review Supplier Rating Review Purchasing Cardholders Review Bid Control Review CAS Review Controlled Documents Validation Reps and Certs Review Micro Purchase Review Supplier Diversity Program Review Business Systems Review Consultant Review Purchasing Card Program Review Compliance Review Validation
24 Sample Review Descriptions Post-Award Review –Ensure transactions comply with prime contracts, applicable laws, regulations, policies and procedures. Supplier Rating Review –Identify and test key systems of control addressing the parameters established for acceptable quality, delivery and service ratings. –Ascertain awareness and effectiveness of formal and informal training sessions to personnel. –Test that controls are in place and operating effectively to comply with the requirements.
25 Sample Review Descriptions Purchasing Cardholder Review –Identify and test the key systems of control addressing the risks associated with the Purchasing Card Program. –Ascertain awareness and effectiveness of formal and informal training sessions to personnel. –Test that controls are in place and operating effectively to address the associated risk.
26 Sample Review Descriptions Purchasing Card Program Review –Review the entire Purchasing Card Program Administration process to ensure compliance with established policies and procedures –Ensure that Cardholder files and the bank’s online systems are consistent and the files are updated with the appropriate changes
27 Sample Review Descriptions Bid Control Review –Review Bid Control process practiced within the subcontracts group to assess the extent of consistency in practice and uniformity CAS Review –Ensure transactions issued comply with Cost Accounting Standard requirements.
28 Sample Review Descriptions Controlled Documents Validation –Ensure controlled manuals, internal/external web pages and forms are up-to-date. Representations and Certifications Review –Ensure compliance with procedures (for supplier database management and certifications) and to ensure supplier documentation. –Ensure supplier documentation is appropriately maintained
29 Sample Review Descriptions Micro Purchase Post Award Review –Ensure small dollar purchases maintained and documented appropriately. Supplier Diversity Program Review –Ascertain awareness and effectiveness of the Supplier Diversity program goals, objectives, outreach efforts and related issues are conveyed through formal and informal training sessions to personnel who are in a position to implement or influence decisions concerning source selection.
30 Sample Review Descriptions Business Systems Review –Identify and test the key systems of control addressing the risks associated with the business systems such as segregation of duties, retention of appropriate documentation for system changes, and proper access controls and levels Consultant Review –Review financial terms, requirements for use prior to entering into the agreement, approval requirements, acceptance for consultant service agreements, approving expenses, monthly reports and extension of agreements.
33 Analyzing the Data Know what a healthy process looks like Look at the data multiple ways –Are there systemic problems? –Are the problems associated with one buyer, a particular department or across the board? Make sure you look at through your “auditing eyes” Compare to prior reviews
34 Analyzing the data Obtain clarification from the person being reviewed Don’t jump to conclusions Form team to obtain additional data to understand the problem Consult with other resources to obtain their view of the situation Communicate results and partner what’s next!!!
36 Communicating Results Keep the communication process simple Communicate in a timely manner Package findings so that they are helpful and not harmful –All comments should provide insight or solicit corrective action
37 Communicating Results Distribute a Preliminary or “draft” version of report to management –Allow an opportunity to discuss the identified discrepancies Partner a final report and team to develop corrective actions Provide a summary of discrepancies to management team monthly Remain positive in all communications and foster a team environment
39 Correcting Deficiencies Ensure sure that the corrective action is appropriate to correct the problem Take action immediately Ensure corrective action will minimize the reoccurrence Some problems may be corrected easily –Training –Email communication –One on One discussion –Procedure updates
40 Correcting Deficiencies Other problems may require more investigation to correct –Perform a root cause analysis A process to identify the root cause(s) of undesired events, conditions, or nonconformances for the purpose of preventing recurrence and is an integral part of a corrective and preventive action process. Analysis will assist in determining appropriate action to correct –Charter a continuous improvement team to address appropriate action Develop a plan of action to correct problems Make sure that you follow up to confirm problem is corrected with no reoccurrence
42 Conclusion Reviews are inevitable in the world of Government Subcontracts. Strive to ensure processes are compliant. Use an Internal Review Program to monitor the health of the Subcontracts processes. Follow-up on prior review findings to ensure that there are no repeat findings. Be prepared at all times for reviews. Successful reviews require teamwork.