The Case for CAS Compliance – The Booz Allen Investigation and How Compliance Audits Differ from Financial Statement Audits

On June 15, 2017, Booz Allen Hamilton Holding Corporation announced that the Department of Justice was conducting a civil and criminal investigation relating to certain elements of the company’s cost accounting and indirect cost charging practices with the U.S. Government. The following trading day, Booz Allen’s stock price was down 19% – roughly a $1 billion loss in market capitalization – when both the Dow and S&P 500 were up.

During fiscal year 2017, Booz Allen had $5.8 billion in revenue, virtually all of it coming from U.S. Government contracts. Significant revenue from the federal government made the company subject to various Federal regulations including Cost Accounting Standards (CAS). The press release announcing the investigation alluded to CAS non-compliance as the main issue for Booz Allen, referring to “the company’s cost accounting and indirect cost charging practices with the U.S. Government.”

What is CAS?
CAS is a set of 19 standards and rules designed to achieve uniformity and consistency in the cost accounting principles followed by Government contractors and subcontractors. Contractors like Booz Allen are required to comply with the standards and must disclose to the Government, in writing, their cost accounting practices, follow their disclosed practices consistently, and comply with all 19 standards.

So, why is the Department of Justice involved in a potential CAS non-compliance matter while Defense Contract Audit Agency (DCAA) is Booz Allen’s recognized Government audit agency? Was this because of a whistleblower, did DCAA find something in their audit, or was it something else?  That answer remains unknown. However, we do know that there are real repercussions for Government contractors with compliance issues, either alleged or proven.

What is the Risk from a U.S. Government Investigation?
Booz Allen is a publicly traded company subject to the Sarbanes-Oxley Act (SOX). In its annual 10-K report, it is required to publicly disclose risks related to the industry in which it operates. In its most recent 10-K report, Booz Allen defines the risk of a U.S. Government investigation, stating: “An unfavorable outcome to an audit, review, or investigation by any U.S. Government agency could materially and adversely affect our relationship with the U.S. Government. If a Government investigation uncovers improper or illegal activities, we may be subject to civil and criminal penalties and administrative sanctions, including termination of contracts, forfeitures of profits, withholding of payments, suspension of payments, fines, and suspension or debarment from doing business with the U.S. Government. In addition, we could suffer serious reputational harm if allegations of impropriety were made against us.”

Booz Allen investors may be wondering if the company will accrue costs related to this matter in its next quarterly financial statement. The company will undoubtedly incur consulting and legal costs related to the DOJ investigation, any shareholder class action lawsuit related to the investigation, and the related drop in share price. Booz Allen will be hosting a conference call on Monday, August 7, 2017 to discuss its first quarter fiscal year 2018 results.

The Difference between Financial Statement Audits and Compliance Audits
Government contractors, depending on their size, may not conduct formal internal compliance audits out of fear that those reports will be used against them. But Government contractors need to understand that there are significant differences between financial statement audits and compliance audits. A financial statement audit is an independent, objective evaluation of an organization’s financial reports and financial reporting processes. This audit essentially determines if financial statements are being presented fairly in all material respects. A compliance audit, on the other hand, is a comprehensive review of an organization’s adherence to regulatory guidelines. In a financial audit, the primary concern regarding expenses would be whether the company understated or overstated those expenses, with the majority of the audit work focused on the Balance Sheet and Revenue. In a compliance audit, the focus is on expenses to ensure the company is classifying cost elements consistently as either direct or indirect expenses (as required by CAS 402, Consistency in Allocating Costs Incurred for the Same Purpose).

Regulatory compliance is the foundation of all Government contractors. CohnReznick can help assess potential gaps in compliance. An understanding of the risk of non-compliance should be a focus of management, as well as a component of due diligence in deals related to Government contractors.

For more information, contact Brian Courtney, Senior Manager, at or (703) 744-7404, or Kristen Soles, Partner, at or (703) 847-4411.

Comments are closed.