Public Vouchers Revision: July, 2000 ONE BOOK Chapter 9.4 Brenda Taylor, FSR/Contracts, Southeast (DCMDE)
This chapter is about … • Processing cost-reimbursement, time and materials, labor hour or fee vouchers submitted by suppliers during the performance of cost-reimbursement type contracts.
What’s old and What’s new? What’s old? • The contract auditor… • Is still the authorized representative of the ACO. • Is still the point of contact for approving interim vouchers and transmitting them to the payment office. • Still authorizes direct submission of interim vouchers for suppliers with approved billing systems. • Still reviews completion/final vouchers and forwards to the ACO for approval. • The ACO… • Must still perform a review at least annually on public vouchers. • Still approves the final voucher. • Still is involved in the DCAA Form 1 process if there are disagreements
What’s old ...continued? • Teamingwith the supplier and the contract auditor is still encouraged to improve the voucher process. • Results of the contractor’s accounting system reviews must still be entered into the Supplier Information Service Contractor SystemsStatus Table and kept current, complete and accurate.
What’s New…? Risk Management risk step 1 Risk Planning step 2 Risk Assessment step 3 Risk Handling step 4 Risk Monitoring step5 Risk Documentation
But what is meant by RISK???? Risk is a measure of the potential inability to achieve overall program objectives within defined cost, schedule, and technical constraints and has two components: (1) the probability of failing to achieve a particular outcome and (2) the consequences of failing to achieve that outcome.
Some definitions you can find in the Supplier Risk Management One Book Chapter • Risk Management - the act or practice of dealing with risk. It includes planning, assessing, handing, monitoring, and adjusting risk handling options as the risks ratings change. And risk management applies to all 18 One Book chapters! A great tool to unlock the mystery of risk management planning is the Risk Assessment Management Plan (RAMP). For more information on RAMP check out the DCMA Homepage. Explore both the Supplier Information Systems (SIS) and Risk Management. RAMP
5Steps of Risk Management Step 1Risk Planning - the process of developing and documenting an organized, comprehensive, and interactive strategy and methods for carrying out risk management, which includes assigning adequateresources. Step 2Risk Assessment - the process of identifying and analyzing program areas and key process risks which provides an indication of the likelihood of meeting performance, schedule, and cost objectives and the consequences if these objectives are not met.
More definitions... Step 3Risk Handling - The process that identifies, evaluates, selects, and implements options in order to set risk at acceptable level given program constraints and objectives. Step 4Risk Monitoring - The process that systematically tracks and evaluates the performance of risk-handling actions against metrics. The process includes changing risks handling options to match changes in risk ratings or employing new risk handling options if current ones are ineffective. Step 5Risk Documentation - The process that records, maintains, and reports various risk management, analysis, and handling plans, and any risk monitoring results and updates.
step 1 Risk Planning • The CMO operations team must identify and document the supplier’s key processes that affect public vouchers . • Key processes are those which if not properly controlled, can adversely affect: Performance ScheduleCost
Key Processes for Public Vouchers include but are not limited to: • Management of business systems • Management of costs • Management of company financial condition • Management of voucher preparation/submission process
More Risk Planning > Identify contracts with public vouchers > identify contracts with special payment instructions > identify suppliers for whom auditor has issued Notice of Contract Costs Suspended and/or Disapproved
Step 2 risk assessment Perform risk assessment: The ACO must use risk evaluations performed by functional specialist, reports from the contract auditor, input from the PCO, information from the DACO/CACO and any other relevant information to determine a risk rating.(use the risk matrix as a guideline) The ACO must perform risk assessments for the public voucher process at the supplier level since the four key processes are all supplier-level processes.
Risk ratings for the supplier’s public voucher process must be determined according with the following criteria: • High Risk - the process is out of control or performance data casts significant doubt on the capability of the system or key process to meet requirements. A major disruption is highly probable and the likelihood is the contractor will not meet performance, schedule or cost objectives. • Moderate Risk - there is moderate variance and the trend is adverse, performance data casts doubt on the ability of the system or key process to consistently meet requirements. Not only is it probable the contractor will encounter delays in meeting performance, schedule or cost objectives , but if concerns are not addressed the process mayprogress to high risk. Low Risk - performance data provides confidence in the capability of the system or key process to meet requirements. Minimal impact in meeting performance, schedule, or cost objectives
risk handling step 3 “Identify Options and Methods” The risk handling methods selected and their intensity, schedule, and frequency will depend on the risk assigned to the applicable key processes. Various methods may be appropriate to mitigate risk such as voucher reviews, review of fee withholdings, system evaluations, audits, process proofing, data reviews, data analysis, etc.
Risk Handling The Risk Handling Plan should be tailored to particularly focus on those actions that will help to mitigate risk in key processes assessed as having moderate to high risk. The risk rating for a key process must be based on the highestlevel of risk associated with that key process.
For Example … high High Risk for Management of Voucher Preparation and Submittal: . Supplier Understanding of the Key Process > New suppliers are considered high risk until the ACO or their representative provides instructions on this process. . Supplier Compliance with Limitation of Cost/Funds Requirements (applicable to cost type contracts) > Tailor the plan to ensure that potential voucher problems associated with Limitation of Cost/Funds requirements of the contract are promptly identified.
Continue … $ $ $ $ $ $ .Supplier Compliance with Fee Withholding Requirements for Cost-Type Contracts >Tailor the risk handling plan to ensure that potential voucher problems associated with fee withholding requirements of the contract are promptly identified - include periodic reviews of vouchers for fee withholding commensurate with the risk assessed (but at least quarterly) . Supplier Compliance with Withholding Requirements for Time and Materials and labor Hour Contracts. >Tailor the risk handling plan to ensure that potential voucher problems associated with withholding requirements are identified, include periodic reviews of those vouchers for withholdings commensurate with the assessed risk and such reviewsmust beat least quarterly.
And so on and so onwith each of the key processes remember • Design your risk handling plan to accommodate each of the key processes identified and don’t be limited by just what is in your One Book chapter. • Tailor the plan to fit the circumstances. • Establish a communication channel with each applicable functional area and with the customer.
R&R or (risk and review) No matter which risk rating is assigned to the key processes, voucher reviews are stillrequired. The frequency and the depth of the reviews must be tailored to the potential impact of the problems identified with the key processes and the affect they may have on the public vouchers. High risk - at least quarterly
Continue …. • When suppliers are considered to be a Moderate Risk in a key process voucher reviews must be done at least semi-annually
And finally... A low risk rating for a key process must occur at least annually and may use a sampling approach.
Step 4 Risk Monitoring ... • Establish a methodology for Identifying and Tracking Risks. >Address how the information on risk will be maintained, updated and shared between members on the CMO team. >Incorporate procedures for the open sharing of information between the ACO, auditor, DACO, CACO/DCE and the PCO. > E-mail audit requests for DCAA to the cognizant DCAA Field Audit Office
Risk Monitoring... continued Track and Evaluate Supplier Performance. The risk handling methods selected must be tracked against results to determine if objectives are being met or new risk handling methods are needed.
Risk Monitoring …continue As a minimum, the CMO operations team must track supplier performance taking the following into consideration: . Functional specialist input . Auditor determination of Supplier eligibility for direct billing authority . Other Auditor Input . DACO, CACOs and DCEs Input . Status of: Notice of Contract Costs Suspended and/or Disapproved Earned Value Management System, if applicable Contractor Purchasing System Material Management and Accounting System Estimating System Cost Accounting Standards (if applicable) Past Performance Information Financial Surveillance Information
Risk Monitoring … continue • The CMO operations team or functional specialist must adjust the risk handling methods, intensity and frequency based on the performance of supplier systems and key processes. Adverse performance data surveillance must result in corrective action measures and an increasein surveillance. Trend analysis of system and process performance indicating low risk must result in a surveillancedecrease in surveillance.
The ACO must continually monitor changes in risk factors and ensure that the risk monitoring data analysis results are used to update the Risk and Risk Assessment Handling Plan
step 5Risk Documentation The CMO Operations Team Leader must ensure that the team maintains documentation on risk planning, risk assessments, risk handling, and risk monitoring results and updates. Documentation should include: • Surveillance records • Records on status of business systems • Records regarding input ion key processes from DACO (if applicable) • Copies of contract auditor reports on systems and internal controls • Copies of any supplier appeals to ACO of auditor notice of supplier costs suspended and/or disapproved. • Copies of Risk Assessments and Handling Plans including documentation supporting changes to both • Records of supplier’ s implementation of corrective actions
The Top Level Metric for this process is …Right Price(The service set is Payment and Financial Management Services) Check it out!Public Vouchers, Revision: July 2000One Book Chapter 9.4 ( for more detailed information and guidance)