DCAA written accounting policies are the documented rules governing how a government contractor records costs, distributes labor, allocates indirect expenses, and identifies unallowable charges. Amerifusion Bookkeeping works with contractors who assume their QuickBooks setup and good intentions are enough. They are not.
DCAA auditors expect specific written policies in place before the first audit. Missing or incomplete documentation is the fastest path to a system inadequacy finding [DFARS 252.242-7006].
A $4M IT services contractor in Northern Virginia passed every technical test during its SF 1408 pre-award survey. The chart of accounts was structured correctly. The indirect rates were reasonable.
But DCAA issued a finding because the contractor had no written timekeeping policy and no documented procedures for identifying unallowable costs. The accounting system worked fine in practice. The auditor’s conclusion: without written policies, there is no evidence the system will continue to work when the person who built it leaves.
DCAA auditors are not checking whether your accounting works today. They are checking whether your written policies and procedures create a system that works regardless of who is running it. The difference between a passing and failing accounting system often comes down to nine documents sitting in a policy binder.
Why DCAA Requires Written Accounting Policies
DCAA accounting system requirements under DFARS 252.242-7006 list 18 criteria for an adequate system. Nearly every criterion requires documented procedures, not informal practices. The SF 1408 Pre-Award Survey evaluates these same criteria during initial system reviews, and the back page of that form is the evaluation checklist auditors use to score your system [DCAA Pre-Award Checklist].
The logic is straightforward. A verbal explanation of how costs are charged is one person’s memory. A written policy is an organizational commitment.
When DCAA audits your accounting system, the auditor evaluates three things in order: Do written policies exist? Do they comply with FAR, CAS, and DFARS? Are employees following them?
Without the first element, the second and third are irrelevant. Research from Redstone Government Consulting shows that 67% of accounting system deficiencies stem from inadequate written policies and inconsistent application of cost accounting practices. Your government contractor accounting policies are the foundation DCAA builds every other evaluation on top of.
The 9 DCAA Written Accounting Policies Every Contractor Needs
Not all policies carry equal weight during an audit. The following nine DCAA policies and procedures are the ones auditors specifically request during pre-award surveys and accounting system reviews. Missing any one of them creates a finding.
1. Timekeeping Policy
Your timekeeping policy documents how employees record time, the approval workflow, correction procedures, and record retention rules. It must require daily, contemporaneous recording by the employee performing the work. Supervisory approval within one business day.
A policy stating “employees must track their time” fails. DCAA expects specifics: who records, when they record, what charge codes they use, how corrections are handled, and who approves. See our full breakdown of DCAA timekeeping requirements for the eight criteria auditors evaluate.
2. Labor Distribution Policy
Labor distribution describes how employee hours and dollars are allocated across direct contracts, indirect pools, and unallowable activities. This policy must document how labor costs flow from timesheets to the general ledger, the reconciliation process (monthly at minimum), and the approval controls over labor cost transfers between accounts.
The auditor checks whether your labor distribution report matches your general ledger labor accounts. A $50,000 variance between the two triggers an immediate finding.
3. Direct/Indirect Cost Segregation Policy
This policy defines the criteria for classifying a cost as direct (charged to a specific contract) or indirect (allocated across multiple contracts through a cost pool). It must describe each indirect cost pool (fringe, overhead, G&A, B&P/IR&D), the allocation base for each pool, and the logic for determining when a cost is direct versus indirect [FAR Part 31].
Consistency matters here more than perfection. DCAA will accept a reasonable allocation method applied consistently. They will not accept a method that changes contract to contract without written justification.
4. Unallowable Cost Identification Policy
FAR 31.205 lists over 50 categories of costs with specific allowability rules. Your policy must document how your organization identifies expressly unallowable costs, flags them at the point of entry, and excludes them from billing. The policy must reference the specific FAR 31.205 subsections relevant to your business: entertainment [FAR 31.205-14], alcoholic beverages [FAR 31.205-51], lobbying [FAR 31.205-22], and fines [FAR 31.205-15] at minimum.
A policy saying “we exclude unallowable costs” is a deficiency. The auditor wants to see how: which account codes are flagged, who reviews transactions, and what happens when an unallowable cost is accidentally charged to a contract. Full details on the cost categories in our unallowable costs guide.
5. Travel Policy
FAR 31.205-46 governs allowable travel costs and requires contractors to maintain a written travel policy. Your policy must address pre-trip authorization procedures, airfare (including documentation of lowest-fare searches), lodging limits (tied to GSA per diem rates or your own reasonable limits), meal reimbursement method (actual cost or per diem), and documentation requirements: date, place, purpose, and name of traveler [DCAM Chapter 72].
The most common travel deficiency: no pre-authorization process. An employee books a $1,800 flight without advance approval, and the auditor questions the entire trip cost because the policy did not require documented approval before travel occurred.
6. Compensation Policy
Your compensation policy documents salary structures, bonus criteria, overtime rules, and the methodology for determining that total compensation is reasonable for the work performed. DCAA evaluates compensation under FAR 31.205-6, which requires that compensation be reasonable in amount and tied to the employee’s duties, responsibilities, and qualifications.
Contractors above $750,000 in annual government revenue should maintain a compensation benchmarking study using Bureau of Labor Statistics data or a recognized salary survey. The policy must also address executive compensation limits under the FAR annual cap, currently set at $625,000 for contracts awarded after June 24, 2014.
7. Purchasing and Subcontracting Policy
This policy defines approval thresholds for purchases, competitive bidding requirements, sole-source justification procedures, and subcontractor oversight. It must establish dollar thresholds for different levels of approval authority. A $500 purchase requires a different approval process than a $50,000 subcontract.
DCAA cross-references your purchasing policy against actual transactions during incurred cost audits. Purchases above your stated threshold without the required approvals generate questioned costs.
8. Billing and Revenue Recognition Policy
Your billing policy documents how invoices are prepared, what costs are included, the approval process before submission to the government, and how provisional billing rates are applied. It must address the reconciliation between billed costs and recorded costs in the general ledger.
This policy connects directly to FAR 52.216-7 (Allowable Cost and Payment) for cost-reimbursement contracts. The auditor traces a sample of invoiced costs from the billing back through the general ledger to source documents. A billing policy gap means every invoice during the gap period becomes a questioned cost.
9. Accounting System Overview and Internal Controls Policy
The capstone policy describes your overall accounting framework: chart of accounts structure, general ledger system, period-end closing procedures, journal entry approval process, and management review controls. It must document segregation of duties and identify the internal audit or management review procedures that verify compliance with all other written policies.
DFARS 252.242-7006 specifically requires “management reviews or internal audits of the system to ensure compliance with the contractor’s established policies.” This policy is where you document that review process. Without it, the auditor has no evidence that anyone in your organization verifies compliance.
What a Deficiency Looks Like: The Audit Finding Patterns
DCAA does not issue findings because a policy is imperfect. They issue findings because a policy is missing, incomplete, or not followed. The following table shows the deficiency pattern for each policy area based on common audit findings reported by DCAA and industry consultants.
| Policy Area | Missing Policy Finding | Incomplete Policy Finding |
|---|---|---|
| Timekeeping | No documented timekeeping procedures; all labor charges questioned | Policy exists but does not address corrections or uncompensated overtime |
| Labor distribution | No reconciliation between timesheets and general ledger | Monthly reconciliation documented but no procedure for resolving variances |
| Cost segregation | No written criteria for direct vs. indirect classification | Policy describes pools but not the allocation base or methodology |
| Unallowable costs | No process for flagging unallowable costs at point of entry | Policy lists some FAR 31.205 categories but omits entertainment and lobbying |
| Travel | No written travel policy; all travel costs at risk of disallowance | Policy addresses lodging limits but has no pre-authorization requirement |
| Compensation | No documentation of reasonableness for salary levels | Salary ranges exist but no benchmarking against market data |
| Purchasing | No approval thresholds; all purchases above $10,000 questioned | Thresholds documented but no sole-source justification procedure |
| Billing | No documented process for preparing and approving government invoices | Billing process described but no reconciliation to general ledger required |
| Internal controls | No management review process documented; system adequacy at risk | Reviews occur but are not documented with findings and corrective actions |
The pattern is consistent. DCAA does not need to prove your system failed. They need to show your policies do not demonstrate it will succeed.
The burden of proof falls on the contractor.
Building Your DCAA Written Accounting Policies From Scratch
Most contractors do not need 50-page policy manuals. They need clear, specific documents that an auditor reads in 15 minutes and says: “This contractor knows what they are doing.” Here is the framework for building DCAA written accounting policies that pass audit scrutiny.
Structure each policy the same way:
- Purpose. One sentence stating what the policy governs and why.
- Scope. Who the policy applies to: all employees, accounting staff, project managers, or executives.
- Regulatory basis. The specific FAR, DFARS, or CAS citations the policy implements.
- Procedures. Step-by-step instructions for how the process works in daily operations. This is the section that must be specific. “Costs are reviewed for allowability” fails. “The controller reviews all transactions over $1,000 against the FAR 31.205 unallowable cost matrix before posting to the general ledger” passes.
- Approval authority. Who approves actions at each dollar threshold or decision point.
- Record retention. How long records are maintained and where they are stored.
- Review cycle. How often the policy is reviewed and updated. Annual review at minimum.
A 3-page timekeeping policy with clear procedures is worth more to an auditor than a 30-page document full of generalities. Specificity is the quality signal. The SF 1408 pre-award survey evaluates these exact documents, and auditors spend about 10 minutes per policy deciding whether you pass or fail.
Maintaining Policies After the Initial Build
DCAA policies and procedures are not one-time documents. They require active maintenance. A policy written in 2022 that references provisional billing rates from 2021 tells the auditor nobody has reviewed it since then.
Three maintenance rules protect your investment:
- Annual review with sign-off. The controller or CFO reviews each policy annually and signs a review sheet documenting any changes or confirming no changes are needed. This creates the audit trail DCAA expects.
- Trigger-based updates. Any change to your chart of accounts, indirect rate structure, accounting software, or contract mix triggers a policy review within 30 days. Moving from two indirect pools to three requires an updated cost segregation policy before the next billing cycle.
- Employee acknowledgment. Employees sign an acknowledgment that they have read and understood the policies relevant to their role. DCAA evaluates not only whether policies exist, but whether employees follow them. A signed acknowledgment with training documentation closes that loop.
Contractors preparing for their first DCAA accounting system review should have all nine policies in place at least 60 days before the expected audit date. Draft status is acceptable for the initial review, but every policy must be documented, not verbal.
Frequently Asked Questions
What written accounting policies does DCAA require?
DCAA expects written policies covering timekeeping, labor distribution, direct and indirect cost segregation, unallowable cost identification, travel, compensation, purchasing, billing, and internal controls. These policies must reference specific FAR and DFARS requirements and describe actual procedures your organization follows [DFARS 252.242-7006].
Does DCAA accept draft policies during a pre-award survey?
Yes. DCAA accepts draft policies during an SF 1408 pre-award survey if the drafts demonstrate the contractor understands the requirements and has documented specific procedures. Policies do not need professional formatting, but they must address the substance: who does what, when, and how.
How long should each written accounting policy be?
Most effective policies run 2 to 5 pages. Length matters less than specificity. A 3-page timekeeping policy with step-by-step correction procedures outperforms a 20-page document filled with vague statements.
What happens if DCAA finds a missing policy during an audit?
A missing policy triggers a deficiency finding under DFARS 252.242-7006. The contracting officer receives the finding and decides on corrective action. Consequences range from a corrective action plan with a deadline to payment withholding of 5-10% on future invoices until the deficiency is resolved.
How often must DCAA written accounting policies be updated?
DCAA expects annual reviews at minimum. Beyond the annual cycle, policies must be updated within 30 days of any change to your accounting system, chart of accounts, indirect rate structure, or contract mix. Each review must be documented with the reviewer’s signature and date, even if no changes are made.
Are DCAA written accounting policies required for fixed-price contracts?
Written policies become mandatory when a contractor holds any cost-reimbursement, time-and-materials, or cost-plus contract, or when a fixed-price contract includes the DFARS 252.242-7006 clause. Contractors pursuing their first cost-type contract will face an SF 1408 survey requiring all policies before award.
Key Takeaways
- Nine written policies form the foundation of DCAA compliance. Timekeeping, labor distribution, cost segregation, unallowable costs, travel, compensation, purchasing, billing, and internal controls. Missing any one creates an audit deficiency.
- Specificity beats length. A 3-page policy with step-by-step procedures and FAR citations passes. A 20-page policy with vague commitments fails. Auditors spend about 10 minutes per policy deciding whether you pass.
- Draft policies are acceptable for initial reviews. Have all nine documented at least 60 days before your expected audit. Finalize them before cost-type billing begins.
- Maintenance is half the work. An outdated policy is nearly as damaging as a missing one. Annual reviews with sign-off, trigger-based updates, and employee acknowledgments keep your policies audit-ready.
- 67% of system deficiencies trace back to policy gaps. The accounting system itself is rarely the problem. The documentation around it is what fails.
Get Your Policies Audit-Ready Before DCAA Asks
Building nine written policies from scratch takes focused effort. Getting them wrong costs more. Take the Compliance Readiness Check to identify which policies your system is missing today.
For a CPA-managed review of your full policy framework, book a discovery call with Amerifusion Bookkeeping or explore our DCAA compliance services.
