System assessments vs. audits to earn points and contract awards

    govcon business survival covid 19

    The National Institutes of Health Information Technology Acquisition and Assessment Center (NITAAC) recently released the final solicitation for its Chief Information Officer-Solutions and Partners (CIO-SP4) Government Wide Acquisition Contract (GWAC) on which huge amount of companies bid. This solicitation includes language consistent with recent large solicitations for GWACs and other Indefinite Delivery Indefinite Quantity (IDIQ) contracts that allow for third party verifications or audits of certain criteria needed to demonstrate compliance with parts of the solicitation to gain points towards being qualified to stay within the competitive range. We expect this trend to continue and similar language is already seen in the draft solicitation of the upcoming Department of State Evolve procurement. It is imperative that federal contractors understand the status of each of their business systems so that they are ready for future opportunities that either prioritize or necessitate certain compliant systems.

    Federal contractors must adequately monitor and maintain their business systems. The tools they can choose from include using outside consultants. Those consultants can either provide a gap assessment or they can provide a full audit. Assessments tend to have a shorter timeline to completion and therefore the costs are usually significantly less than a full system audit. If the terms of a solicitation allow for independent assessments or audits of specific business systems, contractors, particularly small businesses, that may be lacking government approval or audit of those specific business can then be more competitive.

    Audits v. Assessments

    One of the reasons that audits are so expensive is because of the requirements and regulations around an audit opinion, particularly when they are conducted in accordance with Generally Accepted Government Auditing Standards (GAGAS).  To provide an audit opinion on a system, the auditor must look at the whole organization and must consider things other than the just the specific system. For example, an audit includes a full risk assessment that covers things like an understanding over the contractor’s internal control environment, general information technology controls, fraud risk, and overall risk profile.  Then fieldwork would commence where sampling and testing would cover a significant period of time and a significant number of transactions, which ultimately result in a full report with an audit opinion.

    An assessment, on the other hand, does not have to follow the same requirements and regulations as an audit. In an assessment, the consultant is able target pain points within the specific system to determine if the system is in compliance with the applicable system criteria.  This often includes:

    1. Reviewing policies and procedures
    2. Interviewing personnel
    3. Confirming that system training has occurred
    4. Performing mock audits that target the specific transactions or information applicable to the system under assessment
    5. Ensuring that a methodology is in place to for consistent processes
    6. Reviewing internal audits or management reviews of the system and its components

    Assessments can be tailored to the unique organizational needs of each contractor to include:

    • Assisting with a full implementation
    • A gap assessment with recommendations for improvement of a system that is already in operation but may not meet all of the criteria
    • Strictly assessing and reporting on a fully operational system that is already designed to meet the specific system criteria

    Assessment Authority

    In determining the acceptability of an assessment over an audit, one can look to the Standard Form 1408 Pre-Award Survey of Prospective Contractor (Accounting System) as a benchmark. This form includes an evaluation checklist to determine if the accounting system meets certain specific criteria defined on the form. The last item on the form asks for a conclusion about whether or not the system is in full operation by selecting:

    1. In operation
    2. Set up, but not yet in operation
    3. Anticipated
    4. Nonexistent

    Consultants can apply this same evaluation process to each business system by measuring it against its specific system criteria outlined in the Defense Federal Acquisition Regulation System (DFARS) and then making a determination about the status of the operation of the system, similar to that in the Standard Form 1408. While not all contractors are subject to the DFARS system criteria, these criteria are commonly considered the standard by which government systems should be measured.

    What are the business systems?


    table chart business systems

    Each of the above systems benefits the government by increasing the reliance and consistency of information and transactions with the government. This reduces a contractor’s risk in a number of different areas including defective pricing, false claims, and payment withholdings. They also provide contractors with tools to help ensure consistency, enable efficiency, and potentially improve efficacy.

    As alluded to earlier, not all requests for proposals allow for assessments or audits of business systems from non-government entities in order to be eligible to bid or receive points for consideration.  Therefore, it is essential for federal contractors to understand the various business system requirements within solicitations and how requirements will be evaluated by the government. It’s important to note that if a draft Request for Proposal (RFP) only allows for businesses to have government approved or audited  accounting or other business systems, that federal contractors can submit feedback to the contracting officer regarding how this potentially restricts competition so there is a chance the RFP is amended accordingly when it goes final. No matter what, though, federal contractors of all sizes should consider the benefits of having practically designed, compliant business systems as they instill high levels of discipline and overall internal control within these critical operational areas.


    Lori Allen, CPA, Senior Manager, Government Contracting


    Subject matter expertise

    • Kristen Soles headshot
      Contact Kristen Kristen+Soles
      Kristen Soles

      CPA, Partner - Managing Partner, Advisory - Global Consulting Solutions and Government Contracting Industry Leader

    • Close


      Let’s start a conversation about your company’s strategic goals and vision for the future.

      Please fill all required fields*

      Please verify your information and check to see if all require fields have been filled in.

      Please select job function
      Please select job level
      Please select country
      Please select state
      Please select industry
      Please select topic

    Access Our Government Contracting Topic Page for Key Insights & Powerful Tools

    This has been prepared for information purposes and general guidance only and does not constitute legal or professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is made as to the accuracy or completeness of the information contained in this publication, and CohnReznick LLP, its partners, employees and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.