The Regulatory Landscape for Process Automation
August 25, 2015 | BY: NeoSystems
This is part 1 in a 3-part series covering Process Automation. See Part 2 of this Series
In my first 5 years after college, I went through DCAA bootcamp. I learned the DCAA way, FAR, DFARS, NASA FAR Supplements, DEARS, and the like. I was an auditor, a Senior auditor, and then a Regional Auditor. The fun parts for me were: 1> I was there before the proverbial fly was discovered in the soup, and 2> I knew enough about technology to carve out a niche and become what they termed a “CAATS Monitor” (Computer Assisted Audit TechniqueS). That position gave me the ability to see systems and ask questions. I was a liaison between auditor and contractor at times to make sure the information coming in would fit into what we needed. I took what I learned and moved into other positions and did other things in the government contracts arena before finally landing at NeoSystems with visions.
I saw a regulatory landscape that was daunting to the uninitiated and wanted to simplify it. I researched forthcoming regulations and wanted to write about it. Then, I realized what I really needed to do was start with the back office. I wanted to make it easier on contractors to know what they do and do it the same way each time (not to mention documenting the whole thing). I don’t think of myself as a tool lover, but more of a “work smarter, not harder” kind of guy.
I digress from the topic at hand. Since 2008, government contractors have been required (under FAR 52.203-13) to, in part, assign responsibility for a system of internal controls to someone at a sufficiently high level possessing adequate resources to implement the system. This clause also requires the implementation of periodic reviews to detect wrongdoing.
On a broader scale, we have the tried and true requirements of the Sarbanes-Oxley Act of 2002. I could blog multiple times about that topic alone, but internal control requirements are everywhere. Quality Management System – check. DFARS – check. SEC – check. Common Sense – check. Common among all the reasons for regulatory compliance is the need to document, control, and review business processes.
What each of these and other regulations provides is an overarching framework of business process control. However, when was the last time any of us reviewed the policy and procedure related to approving a bill? How about reviewing an RFP for mandatory contract clauses or flowdown clauses? What is the date in the bottom corner of the flowchart that shows how a DCAA audit request for information is processed? Most likely, this happens when the auditors take a look once or twice a year, right? Regardless of the answer to any of the above, the better question is when was the last time you KNEW the process worked just like it was meant to and just like it was envisioned? Do you know there was no deviation from the path from Beginning to End? Are you sure every required item was included in the package? Does every person that needed to know about what was going on get a notification? When the process was over was there a complete, traceable document that outlined who did what, when, and in what order? I bet the thought on your mind right now is something like “I had a dream like that once.”
Let’s think about something relatively simple. I want you to visualize getting a bill sent to a customer. The short answer is “accounting handles that,” but the longer answer probably is something like this:
- Create the bill in the accounting system
- Ensure the bill is accurate by routing it to the project manager
- Ensure the bill is properly coded by routing it to the Billing Supervisor
- If necessary, make changes and re-route for approval
- Post the bill in the accounting system
- Send the bill – mail, e-mail, WAWF, etc.
- Document the bill was sent
There are many flavors of this relatively simple process. Maybe you have a 2-step approval process or more than 1 project manager. Is there information that MUST be complete in order for the process to complete?
Now, think about the key internal control implications this may have. Accuracy of billings can be a key control within your Sarbanes-Oxley framework. From a FAR perspective, you may need to have the proper oversight to be able to check the process is working “to detect wrongdoing.” From a strictly financial perspective, it is a good idea to know where a bill is getting hung up before it goes out.
Internally, at NeoSystems, we were able to gain some level of control and insight into our billing process beginning in late 2013. We saw manager accountability increase when we documented and controlled the process. We also saw reductions in billing approval timing from 14+ days in some cases down to averaging 1 day in the current version of the process. We will certainly discuss more of how we achieved this efficiency later in the series, but the important part for now is that we did that AND gained the ability to identify bottlenecks (in terms of people and process).
The regulatory landscape of government compliance is complex on its best days and maddening on its not-so-good days. Automating, documenting, and controlling those areas that are ripe for regulatory oversight and auditor encroachment is the key to a happy government contractor. In part 2 of this 3-part series, we will discuss some common pain points felt by government contractors before moving into part 3 and discussing the solution that NeoSystems has used to solve this pain.
If you’d like to learn a bit more about Integrify, join us for our 2-Part Webinar Series, beginning September 16th, on Audit Compliance. I’ll talk about common pain points in the Deltek Costpoint application and show you a few ways to manage your pain with one of our favorite tools!