Accounting system audits remain one of the most important and often most disruptive compliance requirements for contractors pursuing cost-type contracts. They are designed to ensure that a contractor’s accounting system is capable of producing accurate, reliable, and compliant financial information that satisfies government expectations. While the process is rigorous, understanding how these audits unfold, what auditors expect, and how contractors can prepare behind the scenes can significantly reduce the burden and risk.

Pre-award vs. post-award: Two sides of audit evaluation

Contractors new to government work often encounter the SF 1408 pre-award survey, a review focused on design effectiveness. In practice, this means an evaluation of whether the accounting system is properly structured, documented, and capable of meeting compliance criteria even if it is not yet fully operational. Policies, procedures, and control frameworks take center stage here. By contrast, a post-award audit evaluates operating effectiveness over a defined period, often a year. Auditors test actual transactions, controls in action, and whether billing practices, indirect rates, and cost allocations function as designed. Passing a pre-award survey is only the first hurdle; sustained compliance is what ultimately matters.

Reading the fine print: Contract terms and pitfalls

One of the earliest risks for contractors occurs not in the audit itself, but during contract acceptance. Many cost-type contracts incorporate FAR and DFARS clauses by reference, and contractors may fail to review the obligations that follow fully. The compliance requirements tied to these clauses can be extensive, affecting systems, personnel, and costs. Experienced review during contract negotiation can prevent costly surprises later.

Systems matter: ERP and documentation

Audit readiness often comes down to systems. Selecting an ERP platform built with government contracting in mind prevents reliance on manual, error-prone processes. Proper access rights, segregation of duties, and workflow approvals are all critical. Without the right system, contractors often find themselves maintaining complex manual workarounds that drain resources and increase risk.

Just as necessary is documentation. Policies and procedures must be current, formalized, and specific enough to describe every key process. Inadequate documentation remains a leading cause of audit findings.

Preparing beyond the minimum: Mock audits and corrective action

Few strategies are as effective as a mock audit performed before DCAA arrives. A dry run reveals weaknesses in controls, documentation, or system operations and allows time to correct them. Contractors who attempt to remediate findings on an accelerated timeline often struggle when auditors return before changes have taken hold. Audit preparation should be a structured exercise:

• Review and update policies and procedures.
• Map processes end-to-end.
• Assess risks based on prior findings.
• Prepare documentation for the first request for information or RFI.

Allowing sufficient time to implement corrective actions and to prove they are operating effectively can make the difference between accounting system approval and repeated findings.

DCAA updates and terminology changes

Recent updates from DCAA provide essential context for contractors. In January 2025, DFARS guidance replaced the term “significant deficiency” with “material weakness.” Under this standard, a deficiency is considered a material weakness if there is a reasonable possibility that misstatements will not be prevented, detected, or corrected in a timely manner.
While the underlying audit procedures for accounting systems have not changed, the terminology has important implications:

• Material weakness: pervasive or material issues requiring reporting.
• System deficiency: deficiencies not rising to material weakness but still reportable.
• Less-than-material noncompliance: isolated issues warranting disclosure to governance.

This shift highlights the importance of internal controls. Even one-off errors can draw attention, while systemic weaknesses carry greater risk.

Audit program enhancements

Audit programs themselves have been updated to ensure greater consistency across pre-award, post-award, and follow-up reviews. Key enhancements include:

• Alignment of terminology with the new DFARS language.
• Clarification of the purpose of walkthroughs, emphasizing what information auditors expect to gather.
• Removal of items outside the scope of accounting system audits (e.g., executive compensation) keeps the process more focused.

Follow-up audits now provide a more structured mechanism for re-examining previously reported noncompliance, with auditors specifically testing whether corrective actions were implemented and effective.

Behind the scenes: How auditors approach reviews

Audits unfold in phases, beginning with planning and risk assessment. Behind the scenes, auditors:

• Review prior audit findings.
• Evaluate policies and procedures.
• Conduct system walkthroughs.
• Interview personnel, including those for fraud risk assessments.
• Select samples based on both risk areas and contracting officer concerns.

Requests from contracting officers such as concerns about billing can directly influence the scope of testing. Contractors should assume that prior deficiencies and contracting officer concerns will be emphasized in the audit plan. Another frequent issue involves documentation retention. FAR 31.201-2(d) requires contractors to maintain the support necessary to demonstrate costs are allocable to a contract. Misinterpreting recordkeeping clauses, such as assuming “three years” means from contract start rather than final invoice, can create significant exposure.

Who performs the audit and how long does it last?

Although the National Defense Authorization Act of 2017 envisioned expanded use of third-party auditors, rulemaking remains incomplete. Today, DCAA continues to focus on higher-risk and larger contractors, while smaller and mid-sized contractors may undergo audits performed by third-party CPA firms.

Another notable update is the extension of the shelf life of accounting system opinions from three years to four. However, significant changes, such as new ERP implementation or control structure revisions, can trigger earlier review.

Key takeaways for contractors

The path to audit readiness is not a one-time event but a continuous process. Contractors should:

• Review contracts thoroughly to understand compliance obligations.
• Invest in ERP systems designed for government requirements.
• Document policies and ensure they align with actual practices.
• Conduct mock audits to uncover gaps before regulators arrive.
• Build realistic timelines for corrective actions.
• Stay current with DCAA guidance and evolving terminology.
• Prioritize record retention to withstand scrutiny years after contract completion.

Accounting system audits will always require significant effort, but they need not derail operations. By understanding the difference between design and operating effectiveness, preparing early through mock audits, and keeping pace with evolving DCAA guidance, contractors can shift from reactive remediation to proactive readiness. Compliance then becomes a demonstration of credibility, reliability, and readiness to partner with the government.