Qualities of an Outstanding Government Contract Compliance Organization
Over the last 25 years, we have worked in Government compliance as a DCAA auditor, as a professional in industry, and as a consultant. This experience has allowed us to work with some outstanding compliance organizations. We have also worked with organizations that did little more than provide DCAA with whatever data they requested. This experience has caused us to consider what qualities are shared by outstanding compliance organizations. We have looked for a fundamental framework for building an outstanding compliance organization, and while we have found some good lists of best practices, we have not found the framework for which we sought. So we have created our own:
- The compliance function should have the genuine and visible support of executive management.
- The organization should have a periodic compliance risk assessment. The assessment should be reviewed by management and be the basis for proactive measures to address the risks of the organization.
- The organization should have documented procedures that provide a basis for internal controls that address its compliance risks.
- The organization's policies and procedures should be communicated to relevant staff, vendors, and oversight organizations.
- The organization should do some form of internal auditing to ensure compliance with company policies and relevant laws and regulations
The qualities are based on the COSO internal controls framework. We think they are adaptable to organizations from those at the major contractors to compliance functions that that consist of a single individual working part-time.
--
|