Guide to Government Contracting Compliance

Compliance policies show a government contractor’s corporate commitment to following federal and state and local government rules. They demonstrate consistency in how a government business and its staff behave and can lower risk of exposure. Solid policies can reduce non-compliance in government procurement programs and define standards for timekeeping, travel, delegation of authority, accounting, estimating, billing and labor. They can even dictate how future policies can be drafted to address new mandates from the government.

Federal Acquisition Regulations and Cost Accounting Standards

Every government agency has a set of standards that informs their policies on compliance. A majority of contractors look specifically to two federal sets of government rules as the basis for their compliance: Federal Acquisition Regulation (FAR) and Cost Accounting Standards (CAS).

• Federal Acquisition Regulation defines government procurement, the primary set of rules agencies use when purchasing goods and services.
• Cost Accounting Standards was created to drive consistency within and between contractors’ cost accounting practices. These include measurement of cost, assignment of cost to the cost accounting period, and allocation of cost to the cost objective.

Learn more about FAR & CAS

The Defense Federal Acquisition Regulation Supplement (DFARS) is a supplement to the FAR and applies to the Defense Industrial Base (DIB). Government contractors working with the DoD supply chain must adhere to DFARS requirements which are in addition to FAR requirements. DFARS clause 252.242.7005 defines “acceptable contractor business systems” with six clauses, including the accounting system clause 252.242.7006 that government contractors must comply with if specified in the contract.

The Defense Contract Audit Agency (DCAA) is responsible for auditing Department of Defense (DoD) contracts, and other federal entities responsible for acquisition and contract administration . Audits assure the government that your organization is following the rules. The DCAA and other federal auditors use FAR and CAS standards as the basis to assure the government that a business is operating within approved parameters, specifically as they apply to finance and accounting systems. To that end, Deltek has purpose-built ERP software for government contractors to address these standards within its functionality and capabilities to keep government contractors in compliance.

The DCAA is not the only entity responsible for auditing Department of Defense (DoD) contracts, however. The Defense Contract Management Agency (DCMA) also defines and monitors the practices of government contractors. They ensure businesses are complying with all contract terms from award to contract closeout.

Learn more about DCAA Compliance

Beyond the DoD, contractors may encounter a review from the Inspector general (IG), who examines the actions of a government agency as a general auditor to ensure compliance with generally established government policies, security policies and misconduct rules. Audit agencies also exist within the U.S. Department of Housing and Urban Development (HUD), the U.S. Environmental Protection Agency (EPA), the U.S. Department of Labor, and the National Aeronautics and Space Administration (NASA).

• Incurred Cost: Review of the accounting practices and systems, ensuring that costs charged are allowable, allocable and reasonable
• Pre-Award Survey: Standard Form 1408 - A look at the contractor’s accounting system and procedures, cost management, timekeeping, labor and billing
• Defective Pricing: Ensures that cost and pricing data are current, accurate and complete
• Forward Pricing: A check of contract pricing rates to determine a fair and reasonable basis for negotiating a cost proposal
• Compensation and Benefits: Review of a contractor’s compensation system and related internal controls
• Contractor Purchasing System Review (CPSR): To gain an understanding the contractor’s purchasing system and related internal controls
• Timekeeping and Labor: Time must be charged by day and by project and/or indirect accounts. Employees must record all time worked on projects to the proper job numbers and codes

The Department of Defense is currently in the process of defining and assessing the strength of government contractors’ cybersecurity with the introduction of the Cybersecurity Maturity Model Certification (CMMC) and the statutes involved with International Traffic in Arms Regulations (ITAR). Each has specific compliance standards that are currently being implemented within the industry.

• CMMC: Compliance with CMMC involves a combination of various cybersecurity standards and best practices. The model’s creation was supported by the Department of Defense (DoD). Learn more about CMMC Compliance »
• NIST SP 800-171: Government Contractors storing non-classified sensitive data should meet a baseline security requirements to support FAR clause 52.204-21. Learn more here »
• FedRAMP Moderate Baseline: DFARS 252.204-7012 requires firms storing covered defense information (CDI) in a cloud service provider (CSP) that meets FedRAMP Moderate Baseline or equivalent controls. Learn more about cybersecurity compliance »
• ITAR: This regulation restricts and control the export of defense and space-related articles, technologies and services to safeguard U.S. national security and foreign policy objectives. Learn more about ITAR Compliance »

Centralizing the management of projects, people and finances improves operational efficiency and provides real-time insights to support compliance and security needs. Deltek understands what oversight agencies like the DCAA are seeking with an audit and has an easily accessible repository of resources to address each audit need. Support for FAR, CAS, and DCMA compliance requirements is woven into the fabric of Deltek government contracting solutions, and our integrated cloud offering enables the secure storage of your data through the implementation of NIST and ITAR controls and monitoring of proposed CMMC rules. Additionally, Costpoint GovCon Cloud Moderate (GCCM) has achieved FedRAMP Moderate Ready status and is listed on the FedRAMP Marketplace.

Your Guide to Government Compliance

Navigating compliance regulations can be difficult for even the most seasoned of government contractors. Get an overview of top priorities and how Costpoint provides a clear path to compliance.

Get Your Guide