``(a) Compliance With Standards of
Risk and Materiality.--
Not later than October 1, 2020, the Secretary of Defense shall
comply with commercially accepted standards of risk and
materiality in the performance of each incurred cost audit of
costs associated with a contract of the Department of Defense.
``(b) Conditions for the Use of
Qualified Auditors to
Perform Incurred Cost Audits.--(1) To support the need of the
Department of Defense for timely and effective incurred cost
audits, and to ensure that the Defense Contract Audit Agency
is
able to allocate resources to higher-risk and more complex
audits, the Secretary of Defense shall use qualified private
auditors to perform a sufficient number of incurred cost
audits
of contracts of the Department of Defense to--
``(A) eliminate, by October 1, 2020,
any backlog of
incurred cost audits of the Defense Contract Audit
Agency;
``(B) ensure that incurred cost
audits are
completed not later than one year after the date of
receipt of a qualified incurred cost submission;
``(C) maintain an appropriate mix of
Government and
private sector capacity to meet the current and future
needs of the Department of Defense for the performance
of incurred cost audits;
``(D) ensure that qualified private
auditors
perform incurred cost audits on an ongoing basis to
improve the efficiency and effectiveness of the
performance of incurred cost audits; and
``(E) limit multiyear auditing to
ensure that
multiyear auditing is conducted only--
``(A) to address outstanding
incurred cost
audits for which a qualified incurred cost
submission was submitted to the Defense
Contract Audit Agency more than 12 months
before the date of the enactment of this
section; or
``(B) when the contractor being
audited
submits a written request, including a
justification for the use of multiyear
auditing, to the Under Secretary of Defense
(Comptroller).
``(2) The Secretary of Defense shall
consult with Federal
agencies that have awarded contracts or task orders to
qualified private auditors to ensure that the Department of
Defense is using, as appropriate, best practices relating to
contracting with qualified private auditors.
``(3) The Secretary of Defense shall
ensure that a
qualified private auditor performing an incurred cost audit
under this section--
``(A) has no conflict of interest in
performing
such an audit, as defined by generally accepted
government auditing standards;
``(B) possesses the necessary independence to
perform such an audit, as defined by generally accepted
government auditing standards;
``(C) signs a nondisclosure agreement, as
appropriate, to protect proprietary or nonpublic data;
``(D) accesses and uses proprietary or nonpublic
data furnished to the qualified private auditor only
for the purposes stated in the contract;
``(E) takes all reasonable steps to protect
proprietary and nonpublic data furnished during the
audit; and
``(F) does not use proprietary or nonpublic data
provided to the qualified private auditor under the
authority of this section to compete for Government or
nongovernment contracts.
``(c) Procedures for the Use of
Qualified Private
Auditors.--(1) Not later than October 1, 2018, the Secretary
of
Defense shall submit to the congressional defense committees a
plan to implement the requirements of subsection (b). Such
plan
shall include, at a minimum--
``(A) a description of the incurred
cost audits
that the Secretary determines are appropriate to be
conducted by qualified private auditors, including the
approximate number and dollar value of such incurred
cost audits;
``(B) an estimate of the number and
dollar value of
incurred cost audits to be conducted by qualified
private auditors for each of the fiscal years 2019
through 2025 necessary to meet the requirements of
subsection (b); and
``(C) all other elements of an
acquisition plan as
required by the Federal Acquisition Regulation.
``(2) Not later than April 1, 2019,
the Secretary of
Defense or a Federal department or agency authorized by the
Secretary shall award a contract or issue a task order under
an
existing contract to two or more qualified private auditors to
perform incurred cost audits of costs associated with
contracts
of the Department of Defense. The Defense Contract Management
Agency or a contract administration office of a military
department shall use a contract or a task order awarded or
issued pursuant to this paragraph for the performance of an
incurred cost audit, if doing so will assist the Secretary in
meeting the requirements in subsection (b).
``(3) To improve the quality of
incurred cost audits and
reduce duplication of performance of such audits, the
Secretary
of Defense may provide a qualified private auditor with
information on past or ongoing audit results or other relevant
information on the entities the qualified private auditor is
auditing.
``(4) The Secretary of Defense shall
consider the results
of an incurred cost audit performed under this section without
regard to whether the Defense Contract Audit Agency or a
qualified private auditor performed the audit.
``(5) The contracting officer for a
contract that is the
subject of an incurred cost audit shall have the sole
discretion to determine what action should be taken based on
an
audit finding on direct costs of the contract.
``(d) Qualified Private Auditor
Requirements.--(1) A
qualified private auditor awarded a contract or issued an task
order under subsection (c)(2) shall conduct an incurred cost
audit in accordance with the generally accepted government
auditing standards.
``(2) A qualified private auditor
awarded a contract or
issued an task order under subsection (c)(2) shall develop and
maintain complete and accurate working papers on each incurred
cost audit. All working papers and reports on the incurred
cost
audit prepared by such qualified private auditor shall be the
property of the Department of Defense, except that the
qualified private auditor may retain a complete copy of all
working papers to support such reports made pursuant to this
section.
``(3) A breach of contract by a
qualified private auditor
with respect to use of proprietary or nonpublic data may
subject the qualified private auditor to--
``(A) criminal, civil,
administrative, and
contractual actions for penalties, damages, and other
appropriate remedies by the United States; and
``(B) civil actions for damages and
other
appropriate remedies by the contractor or subcontractor
whose data are affected by the breach.
``(e) Peer Review.--(1) Effective
October 1, 2022, the
Defense Contract Audit Agency may issue unqualified audit
findings for an incurred cost audit only if the Defense
Contract Audit Agency is peer reviewed by a commercial auditor
and passes such peer review. Such peer review shall be
conducted in accordance with the peer review requirements of
generally accepted government auditing standards, including
the
requirements related to frequency of peer reviews, and shall
be
deemed to meet the requirements of the Defense Contract Audit
Agency for a peer review under such standards.
``(2) Not later than October 1, 2019,
the Secretary of
Defense shall provide to the Committees on Armed Services of
the Senate and the House of Representatives an update on the
process of securing a commercial auditor to perform the peer
review referred to in paragraph (1).
``(f) Numeric Materiality Standards
for Incurred Cost
Audits.--(1) Not later than October 1, 2020, the Department of
Defense shall implement numeric materiality standards for
incurred cost audits to be used by auditors that are
consistent
with commercially accepted standards of risk and materiality.
``(2) Not later than October 1, 2019,
the Secretary of
Defense shall submit to the congressional defense committees a
report containing proposed numeric materiality standards
required under paragraph (1). In developing such standards,
the
Secretary shall consult with commercial auditors that conduct
incurred cost audits, the advisory panel authorized under
section 809 of the National Defense Authorization Act for
Fiscal Year 2016 (Public Law 114-92; 129 Stat. 889), and other
governmental and nongovernmental entities with relevant
expertise.
``(g) Timeliness of Incurred Cost
Audits.--(1) The
Secretary of Defense shall ensure that all incurred cost
audits
performed by qualified private auditors or the Defense
Contract
Audit Agency are performed in a timely manner.
``(2) The Secretary of Defense shall
notify a contractor of
the Department of Defense within 60 days after receipt of an
incurred cost submission from the contractor whether the
submission is a qualified incurred cost submission.
``(3) With respect to qualified
incurred cost submissions
received on or after the date of the enactment of this
section,
audit findings shall be issued for an incurred cost audit not
later than one year after the date of receipt of such
qualified
incurred cost submission.
``(4) Not later than October 1, 2020,
and subject to
paragraph (5), if audit findings are not issued within one
year
after the date of receipt of a qualified incurred cost
submission, the audit shall be considered to be complete and
no
additional audit work shall be conducted.
``(5) The Under Secretary of Defense
(Comptroller) may
waive the requirements of paragraph (4) on a case-by-case
basis
if the Director of the Defense Contract Audit Agency submits a
written request. The Director of the Defense Contract Audit
Agency shall include in the report required under section
2313a
of this title the total number of waivers issued and the
reasons for issuing each such waiver.
``(h) Review of Audit
Performance.--Not later than April 1,
2025, the Comptroller General of the United States shall
submit
to the congressional defense committees a report that
evaluates
for the period beginning on October 1, 2019, and ending on
August 31, 2023--
``(1) the timeliness, individual cost,
and quality
of incurred cost audits, set forth separately by
incurred cost audits performed by the Defense Contract
Audit Agency and by qualified private auditors;
``(2) the cost to contractors of the
Department of
Defense for incurred cost audits, set forth separately
by incurred cost audits performed by the Defense
Contract Audit Agency and by qualified private
auditors;
``(3) the effect, if any, on other
types of audits
conducted by the Defense Contract Audit Agency that
results from incurred cost audits conducted by
qualified private auditors; and
``(4) the capability and capacity of
qualified
private auditors to conduct incurred cost audits for
the Department of Defense.
``(i) Definitions.--In this section:
``(1) The term `commercial auditor'
means a private
entity engaged in the business of performing audits.
``(2) The term `incurred cost audit'
means an audit
of charges to the Government by a contractor under a
flexibly priced contract.
``(3) The term `flexibly priced
contract' has the
meaning given the term `flexibly-priced contracts and
subcontracts' in part 30 of the Federal Acquisition
Regulation (section 30.001 of title 48, Code of Federal
Regulations).
``(4) The term `generally accepted
government
auditing standards' means the generally accepted
government auditing standards of the Comptroller
General of the United States.
``(5) The term `numeric materiality
standard' means
a dollar amount of misstatements, including omissions,
contained in an incurred cost audit that would be
material if the misstatements, individually or in the
aggregate, could reasonably be expected to influence
the economic decisions of the Government made on the
basis of the incurred cost audit.
``(6) The term `qualified incurred
cost submission'
means a submission by a contractor of costs incurred
under a flexibly priced contract that has been
qualified by the Department of Defense as sufficient to
conduct an incurred cost audit.
``(7) The term `qualified private
auditor' means a
commercial auditor--
``(A) that performs audits in
accordance
with generally accepted government auditing
standards; and
``(B) that has received a passing
peer
review rating, as defined by generally accepted
government auditing standards.''.
