Effectively serving the Department of Defense (DoD) requires government contractors to thoroughly evaluate and maintain key Contractor Business Systems for compliance and adequacy per the Defense Federal Acquisition Regulation Supplement (DFARS) 242.70. As we have helped our government contracting clients with Business Systems compliance, we have identified the most frequently asked questions (FAQs) below about Contractor Business Systems.
Why does DoD require Contractor Business Systems?
The Business Systems Rules (Contractor Business Systems – DFARS 242.70,252.242.7005) list six contractor business systems that are subject to a determination of adequacy per the terms and conditions described in the applicable business system clauses. Per these rules, the DoD will conduct audits or reviews of adequacy of these systems. The rules apply to Cost Accounting Standards (CAS)-covered contracts only or when the Contracting Officer includes the relevant clauses in the contract.
What are the Contractor Business Systems and how many are there?
There are six (6) systems in total, and they are:
- 252.215-7002, Cost Estimating System Requirements.
- 252.234-7002, Earned Value Management System (EVMS).
- 252.242-7004, Material Management and Accounting System (MMAS).
- 252.242-7006, Accounting System Administration.
- 252.244-7001, Contractor Purchasing System Administration.
- 252.245-7003, Contractor Property Management System Administration.
When do DFARS Business Systems apply to the contract?
DFARS Business System rules in DFARS 252.242-7006 Accounting System Administration becomes applicable when the Contracting Officer (CO) applies the clause(s) to your company’s contract and when you have a “covered” contract. A covered contract as defined in 242.7000(a) is a “contract that is subject to the Cost Accounting Standards.”
What are some other “triggers” that require DFARS Business Systems Reviews?
- Loss of small business exemption
- Covered Contract=subject to CAS
- Particular / Unusual RFP requirements or constraints from the CO
- Dollar threshold dependent on the system requirement
What are the implications of my small business outgrowing the size standard?
- Additional administrative costs to implement CAS requirements and business systems to be compliant.
- Lack of the same resources as “Large” Businesses
- Competition disadvantages
When does a contract become covered by Cost Accounting Standards (CAS) and when do Business Systems become necessary?
A contract generally becomes subject to Cost Accounting Standards (CAS) when it meets the applicable CAS coverage thresholds and is not otherwise exempt under 48 CFR 9903.201-1. Under the current framework, CAS coverage is typically triggered when a negotiated contract exceeds the threshold for certified cost or pricing data ($2.5M) and includes the applicable CAS clauses (e.g., FAR 52.230-2).
Importantly, CAS thresholds and applicability rules are expected to evolve in the near term based on provisions included in the FY 2026 National Defense Authorization Act (NDAA), which will increase certain thresholds and modify how CAS coverage is triggered for contractors. Because the applicability of DFARS Business Systems requirements is closely tied to CAS-covered contracts (and the inclusion of DFARS 252.242-7005), contractors should closely monitor these changes and assess how shifting CAS thresholds may impact when business systems requirements apply to their organization.
In what instances do CAS not apply?
- Sealed Bid Contracts (FAR 14)
- Negotiated Contacts awarded for less than $2.5M (current regulation) and $35M (June 30, 2026)
- Contracts awarded to a Small Business
- Contracts with foreign governments or their agents
- Contracts in which price is set by law
- Contracts awarded for less than $7.5 million, if, at the time of award the business is not currently performing any CAS covered contract valued at $7.5 million or greater
- Firm Fixed Price (FFP) contracts awarded for commercial items
- Firm Fixed Price contracts awarded on the basis of price competition without submission of certified cost and pricing data
- Contracts exempt from CAS under 48 CFR 9903.201-1
I am a Small Business. Why does this interest me and my future endeavors?
More often, evaluation points for multiple award RFPs are awarded to contractors having established business systems. The time to start developing a purchasing or estimating system is not when the RFP is issued.
What are the advantages of possessing adequate Business Systems?
- More RFPs ask for evidence of adequate systems
- Additional “credit” opportunities for having adequate systems
- Alternatives to receive government approval
- Working with your COs to seek approval for a system when not specifically required in a contract
- Opportunities to “market” your organization when you have robust systems and processes
I have been awarded my first Cost-Plus Fixed Fee contract. Will there be any additional prep work or requirements?
Within the DoD, the Defense Contract Audit Agency (DCAA) is typically requested to perform a pre-award survey of a prospective contractor’s accounting system using the SF 1408 checklist, particularly for first-time prime contractors pursuing cost-reimbursable contracts such as Cost-Plus Fixed Fee (CPFF).
The SF 1408 review is more limited in scope than a full Accounting System Administration review, as it is generally designed to assess the design and basic adequacy of the contractor’s accounting system rather than perform detailed substantive testing. The focus is on evaluating whether the contractor has established the necessary cost accounting structure, policies, procedures and controls to properly accumulate and segregate costs in accordance with contract requirements.
What happens if the Contractor Business Systems are determined inadequate?
If DCAA or DCMA identifies significant deficiencies within a contractor’s business systems and those deficiencies are not timely corrected, the Contracting Officer may impose payment withholds in accordance with DFARS 252.242-7005. These withholds are typically applied as a percentage of billings across affected contracts and can remain in place until the deficiencies are adequately remediated and the system is determined to be compliant.
In addition to financial impact, an inadequate system may lead to increased audit scrutiny, limitations on contract opportunities and greater oversight from the Government, making timely remediation critical to maintaining operational flexibility and credibility with DoD customers.
Which agency will audit the Contractor Business Systems?
The first three (Accounting, Estimating and MMAS) of the six contractor business systems are audited by DCAA. The remaining three (Purchasing, Government Property and EVMS) are reviewed (not audited) by the DCMA. Per 252.242.7005(d)(2), it is the sole purview of the CO to determine system adequacy.
How often are Contractor Business Systems Reviews required?
- DCAA Cost Estimating System Requirements – Every 4 years
- DCMA Earned Value Management System – Every 3 years, based on annual assessment and surveillance
- DCAA Material Management and Accounting System – Every 4 years
- DCAA Accounting System Administration – Every 4 years
- DCMA Contractor Purchasing System Administration – Every 3-5 years, based on risk assessment
- DCMA Contractor Property Management System Administration – Every 1-3 years, based on risk assessment
While many contractors experience reviews approximately every 3-4 years, reviews can be performed based on risk, contract activity and prior system performance.
Which audit is the most significant?
DCMA performs Contractor Purchasing System Reviews (CPSR) upon request of the CO, in consideration of the threshold and contract subjectivity to CAS. However, DCMA will also perform them at the request of contractors who request them for various reasons.
First and foremost is a contract requirement. DFARS 252.242.7005 is typically included in DoD contracts and requires withhold of payment for business systems with significant deficiencies for all contract types except fixed price contracts or CLINs. Second, some solicitations award bonus evaluation points for an approved system (e.g., General Services Administration Government-wide Acquisition Contracts solicitations). Third, an approved system reduces or eliminates the need for advance notification and consent requirements found in FAR 52.244-2 Subcontracts. Finally, an approved system creates overall credibility with government customers.
The main criteria for an acceptable contractor purchasing system are found in DFARS 252.244‐7001(c) which lists 24 system criteria. Grouped by type, the criteria consist of the following:
- Procurement Planning/Market Research (2 Criteria)
- Conflict of Interest/Misconduct (1 Criterion)
- Competition (2 Criteria)
- Negotiated Procurement (1 Criterion)
- Cost or Pricing Data & Price Reasonableness (5 Criteria)
- Source Selection (3 Criteria)
- Contract Formation & Content (3 Criteria)
- Foreign Purchasing & Performance (3 Criteria)
- Procurement Administration (4 Criteria)
However, DCMA does not limit the review to the criteria found in DFARS 252.244-7001. DCMA also utilizes the clauses and criteria found in:
- FAR Part 44 – Subcontracting Policies & Procedures
- DFARS Part 244 – Subcontracting Policies & Procedures
- FAR 52.244-2 – Subcontracts
- Clauses associated with DFARS 252.244-7001, such as 252.246-7007 Contractor Counterfeit Electronic Part Detection & Avoidance System and Subpart 244.4–Subcontracts for Commercial Items
If your purchasing system is selected for review, expect DCMA to be thorough. The DCMA CPSR “checklist” contains over 50 specific policies to be examined with space to indicate presence or absence and adequacy. DCMA will review purchasing policy and procedures documents, sales data and all eligible procurement actions awarded during the review period and a sample of purchase orders and subcontracts at various award levels (identified after start of the review).
What are the common problem areas for the Accounting, Purchasing and Estimating System reviews?
Accounting Systems Review:
- Lack of formal / written policies and procedures
- Uncompensated overtime
- Contract briefs / monitoring of funding and payments
- Inconsistent estimating vs. accumulating practices
- Accounting personnel not familiar with FAR requirements
Purchasing Systems Review:
- Lack of formal / written policies and procedures
- Subcontractor monitoring / oversight
- Lack of sole source justifications
Estimating Systems Review:
- Lack of formal / written policies and procedures
- Inconsistent estimating vs. accumulating practices
- Inconsistent proposal pricing practices
- Lack of documentation supporting basis of estimates (BOEs)
Are there any new rules we should be aware of regarding Business Systems?
The threshold for a purchasing system review in FAR 44.302 is currently set at $25M in qualified sales to the government. The government will reassess every three years if another CPSR is necessary following an initial determination of adequacy. DCMA has recommended and DoD has raised the threshold to $50M.
- Push from ICS Audits to System Audits
- Emphasis of Subcontractor Monitoring
How can I prepare for a CPSR audit?
In preparing for a CPSR audit, we recommend contractors start developing an approvable purchasing system immediately. Building a compliant system is a long, complex process. It is important to draft written policies and procedures that address the 24 DFARS criteria and extensive DCMA checklist. In those policies and procedures, be sure to include processes and evidence demonstrating how your system operates and identify team responsibilities.
Also, maintain evidence of annual procurement training such that it is readily available upon request. Finally, you must prepare for the effort associated with supporting a year’s worth of purchasing files, which the government team samples and reviews to evaluate compliance with written purchasing policies and procedures.
What are some best practices regarding Business Systems?
- Prepare to complete walkthroughs
- Present your best people to DCAA
- Maintain current policies and procedures
- Ensure proper personnel training
- Document processes, reviews and approvals
Here is a quick checklist for preparation for a CPSR:
- Understand your contracts’ clauses
- Brief your prime contracts
- Maintain a robust training program
- Maintain current policies and procedures
- Maintain a strong vendor rating system
- Utilize the internal review process
- Review the CPSR Guidebook
- Remember that the DCMA will be thorough
What are we seeing in today’s Contractor Business Systems environment?
The DoD oversight environment for Contractor Business Systems continues to evolve, with increased emphasis on risk-based monitoring, system integrity and real-time visibility into contractor operations. Based on recent audit activity and client engagements, several key trends are emerging.
Shift from Transactional Audits to System-Level Reviews
DCAA and DCMA continue to move away from purely transactional testing (e.g., individual vouchers or incurred cost submissions) toward evaluating the design and operating effectiveness of contractor business systems and internal controls. Contractors are increasingly expected to demonstrate that their systems consistently produce compliant results, rather than relying on after-the-fact corrections.
Heightened Focus on Internal Controls and Documentation
Auditors are placing greater scrutiny on whether contractors can demonstrate, not just describe, how their systems operate. This includes complete audit trails, documented review and approval processes, and clearly defined roles and responsibilities. A well-written policy alone is no longer sufficient without supporting evidence of consistent execution.
Increased Emphasis on Subcontractor Oversight
With growing complexity in supply chains, DCMA is placing additional focus on contractor purchasing systems and subcontract management practices, including price reasonableness, flow-down compliance and ongoing monitoring of subcontractor performance. This is especially relevant for contractors supporting large or complex programs.
More Frequent and Targeted Surveillance
Rather than relying solely on full system reviews every few years, agencies are increasingly using targeted surveillance reviews and follow-ups based on prior deficiencies, contract awards or identified risk areas. This results in more continuous interaction with auditors and less predictability in review timing.
Integration with Broader Compliance Requirements
Contractor Business Systems are no longer evaluated in isolation. There is growing overlap with other compliance areas such as cybersecurity (e.g., CMMC), supply chain risk management, and program/contract compliance monitoring, requiring contractors to take a more integrated approach to system design and execution.
Greater Consequences for System Deficiencies
With increased visibility into contractor systems, deficiencies are more likely to result in payment withholds, increased oversight, or limitations on future contract awards. As a result, contractors are placing greater priority on proactive system assessments and remediation efforts.
Cherry Bekaert is here to help with Contractor Business Systems
Contractors must understand what the criteria are and prioritize the DFARS Business Systems that apply to their business. By working towards being prepared for a potential audit or review, contractors can avoid surprises or scrambling to get a system reviewed for an RFP requirement.
If you have any questions specific to your situation, Cherry Bekaert’s Government Contractor Consultants are available to discuss your situation with you.
Our government contracting consulting professionals are well-versed in business systems requirements and complex control environments. We guide government contractors in developing and maintaining compliant contractor business systems, perform assessments, provide audit support and prepare contractors for audits or reviews by DCAA, DCMA or other cognizant agencies.
Related Insights
- Article: Contractor Business Systems Series: Part 1 — The Ins and Outs of Government Contractor Accounting System Requirements
- Article: Contractor Business Systems Series: Part 2 — Cost Estimating System Requirements
- Article: Contractor Business Systems Series: Part 3 — Contractor Property Systems
- Article: Contractor Business Systems Series: Part 4 — Contractor Purchasing System
- Article: DoD Published Proposed Rule to Amend the Six DFARS Business Systems Clauses
