Compliancy, Compliant, and the Certification Process
What it means to you and your software system
I was recently asked by a customer for a copy of our certificate, which validated DCAA compliancy. I already knew the answer, but before I blurted out, “DC-what?” or “There is no such certificate.”, I decided to check with my good old friend, Wikipedia.
I have been asked compliancy questions before, just not particularly on DCAA compliancy. Attach Link:
http://www.dcaa.org/government-contract– accounting-system- approval/
But, the answer is always the same. Just buying software does not make one “compliant”. Compliancy is an approval process. Software aids in the process for someone to achieve Certification status. But, software systems are just a tool. Any tool can be used incorrectly, just watch any weekend warrior trying to complete his particular “honey do” list on a Saturday.
When faced with an overwhelming obstacle, a weekend warrior is seldom deterred. There he is with his tool belt ready to take on the challenges of domesticated life. Do you really think he is going to let one regular screw head stand in his way, even though his tool belt is filled with all phillips head screw drivers? No. First. He reaches in his pocket for a dime or penny to turn the screw. Finding none, he pulls out his retractable blade knife and tries to turn it until he snaps the blade. Then, he looks for a taping knife, the Red Devil stiff blades work the best. Or so I have read anyway, of course I have never done any of this myself. Then, as a last resort, he goes to the kitchen drawer and pulls out a knife from the silverware tray. I said, “last resort” honey. It’s not like I planned for this to happen. It just escalated so quickly……
Software systems really aren’t any different, even manual systems can gain compliancy with the right processes in place. But, no industry will “certify” a particular software, as then, they would be endorsing the software. Of which, they have no control over the use and continued development thereof.
A simple example would be to look at just one of the key elements to DCAA compliancy. Attach Link.
Key Element No. 7: Maintain an adequate timekeeping system.
- Each employee must record all hours worked and complete their time daily. Projects, indirect accounts or cost objectives must be charged by daily tally.
- Provisions for identity and control of time keeping documents.
- Employee must sign the timesheet and it must be approved by the employee’s supervisor at the end of the timekeeping period.
- The system must require correction procedures that meet DCAA preferences. In manual systems this means changes are made by the employee by single line cross out and employee initials and date. The reason for changes are often required.
- Time must be recorded based on actual time worked not funding or any other criteria.
- Periodic training of employees regarding timekeeping rules.
As you can see from the above, much of this does not have to do with the software itself. Even if you had an attached timekeeping system, with signature capture or auto-sign, it doesn’t mean you are using the system correctly or at all. And, you would still need a procedure for periodic training of the employees.
The system to gain compliancy would be there, but an independent agency would still need to validate you are actually following the procedures and that you have all the processes in place to be compliant, and then you would gain “certification”.
Does my system have all of the tools to help you gain DCAA certification? Absolutely. Will you become DCAA certified just by using them? No. You would still need the process audited by an independent agency to gain certification. This answer is almost universal, when talking about “Certification” of any industry standard.
objectives must be charged by daily tally. timekeeping period.
changes are made by the employee by single line cross out and employee initials and date. The reason for changes are often required.
And, I do understand why this is easily confused. Just do a quick search and there are many mis-leading claims of “XXX compliant software”. It is often assumed that by using one software or another you will be “compliant”. But, that isn’t how compliancy works for any real industry standard.
What is the best way to become industry compliant?
Reach out to the governing agency and request their requirements for compliancy.
Work with your implementation/systems consultant to make sure the system is configured to thoserequirements.
Document and follow your business processes to ensure you are actually acting in a compliant manner.