Skip to main content

Broadband Funding: Stronger Management of Performance and Fraud Risk Needed for Tribal and Public-Private Partnership Grants

GAO-23-105426 Published: Jan 24, 2023. Publicly Released: Jan 24, 2023.
Jump To:

Fast Facts

Tribal, rural, and economically disadvantaged areas are more likely to not have access to broadband service—which is vital for things like remote learning, telework, and telehealth.

The National Telecommunications and Information Administration (NTIA) manages two grant programs that work to expand broadband access. We found that for one of these programs the agency's goals include extending reliable, affordable broadband to 200,000 households. However, NTIA doesn't define terms like 'reliable' and 'affordable', so it can't quantify them.

We recommended that NTIA improve how it measures the performance of these programs.

Farming equipment

Skip to Highlights

Highlights

What GAO Found

The National Telecommunications and Information Administration's (NTIA) management of the Tribal Broadband Connectivity Program (TBCP) and Broadband Infrastructure Program (BIP) was generally consistent with recommended practices for awarding grants. However, NTIA took longer than expected to announce awards. For example, NTIA expected to announce TBCP award decisions in November 2021 but, as of September 2022, was continuing to announce awards on a rolling basis. NTIA officials said that the agency received many more applications than expected and needed to return more than three-quarters of TBCP applications for additional information. This step lengthened evaluation and selection. As of September 2022, NTIA had announced $726 million in TBCP awards and had announced all $288 million in BIP awards.

NTIA developed some performance goals and measures for TBCP and BIP, but they did not include all primary functions nor were they fully quantifiable. (See table). For example, NTIA set a TBCP goal to extend reliable, affordable broadband to 200,000 households, but did not include a goal related to funding broadband use and adoption projects, a key program function. Moreover, NTIA's goals for both programs included terms such as “reliable” and “affordable” that are not defined and therefore are not fully quantifiable. NTIA officials said that the agency was still developing goals and measures. Without comprehensive goals and measures, NTIA will be unable to track its progress.

Program Alignment with Selected Key Attributes of Successful Performance Goals and Measures

Key attributes of successful performance goals and measures

Tribal Broadband Connectivity Program

Broadband Infrastructure Program

Objective: free of significant bias or manipulation

Primary function: reflect the program's main functions

Measurable and quantifiable

Linkage: reflect the agency's strategic goals

✔ indicates goal and measure fully aligned with key attribute

✖ indicates goal and measure did not fully align with key attribute in which some or all aspects were not met

Source: GAO analysis of Department of Commerce and U.S. Department of Agriculture documentation. | GAO-23-105426

NTIA's fraud risk management activities did not fully align with selected leading practices. Several offices in the Department of Commerce have roles in fraud risk management, but none was designated as lead. Additionally, NTIA did not conduct a fraud risk assessment, as called for by leading practices, by comprehensively identifying fraud risks, assessing the likelihood and impact of fraud, setting fraud risk tolerance, examining current antifraud controls, and documenting the fraud risk profile. Without designating an entity to oversee fraud risk management activities and conducting a five-step fraud risk assessment, NTIA lacks assurance that it is sufficiently positioned to combat fraud.

Why GAO Did This Study

Broadband access is critical for economic opportunity, healthcare, and civic engagement. The Consolidated Appropriations Act, 2021, established two new broadband grant programs—TBCP and BIP. NTIA issued a notice of funding opportunity for BIP in May 2021 and for TBCP in June 2021. NTIA allocated $2.98 billion (from two separate appropriations) for TBCP and $288 million for BIP.

The Consolidated Appropriations Act, 2021, includes a provision for GAO to review the grants awarded under these programs. This report examines the extent to which NTIA's administration of TBCP and BIP aligned with relevant practices for (1) awarding grants, (2) performance management, and (3) fraud risk management.

GAO reviewed NTIA program documentation. GAO also interviewed program officials, industry associations, and a non-generalizable sample of program participants selected to reflect a variety in project types, geography, and other factors.

Recommendations

GAO is making 15 recommendations to NTIA to better measure TBCP and BIP performance and to complete fraud risk management activities. NTIA agreed with the recommendations and outlined actions to address them.

Recommendations for Executive Action

Agency Affected Recommendation Status
National Telecommunications and Information Administration For TBCP, the Administrator of NTIA should establish performance goals and measures for all of the program's purposes—funding broadband use and adoption projects as well as funding broadband infrastructure deployment projects. (Recommendation 1)
Open
NTIA agreed with this recommendation and in November 2023 indicated that it had established performance goals and metrics for the Tribal Broadband Connectivity Program. GAO is assessing those goals and metrics to determine if they effectively cover all of the program's purposes.
National Telecommunications and Information Administration For TBCP, the Administrator of NTIA should ensure the performance goal is quantifiable and measurable by defining broadband reliability and affordability. (Recommendation 2)
Open
NTIA agreed with this recommendation and in November 2023 indicated that it had developed quantifiable performance goals for measuring broadband reliability and affordability. GAO will identify the goals and determine if they quantifiably measure the performance of the Tribal Broadband Connectivity Program.
National Telecommunications and Information Administration For TBCP, the Administrator of NTIA should designate a dedicated entity to lead fraud risk management activities for the program. (Recommendation 3)
Open
In November 2023, NTIA indicated that it had established the Risk Management Council as a dedicated entity that meets regularly to lead fraud risk management activities for the Tribal Broadband Connectivity Program. GAO will obtain documentation of this designation as part of determining if this action satisfies the recommendation.
National Telecommunications and Information Administration For TBCP, the Administrator of NTIA should ensure that the dedicated entity identifies inherent fraud risks in the program. (Recommendation 4)
Open
NTIA agreed with this recommendation and in November 2023 indicated that it had begun developing a Fraud, Waste, and Abuse (FWA) Framework that will assist in identifying potential risks and vulnerabilities in the program. NTIA said that it planned to implement the FWA in 2024. GAO will continue to monitor NTIA's efforts regarding this recommendation.
National Telecommunications and Information Administration For TBCP, the Administrator of NTIA should ensure that the dedicated entity assesses the likelihood and impact of inherent fraud risks in the program. (Recommendation 5)
Open
NTIA agreed with this recommendation and in November 2023 indicated it had established the Risk Management Council (RMC) as a dedicated entity to assess the likelihood and impact of inherent fraud risks in the program. The RMC was formed to define risk tolerance, establish acceptable levels of risk taking and targets for risk mitigation, and to drive integration of risk management across the program. Within the RMC, risks are broken down individually and assigned to a risk owner and an action owner. The risk is defined, assigned a risk value, and a treatment plan is developed. GAO will determine the extent to which these actions address this recommendation.
National Telecommunications and Information Administration For TBCP, the Administrator of NTIA should ensure that the dedicated entity determines fraud risk tolerance for the program. (Recommendation 6)
Open
NTIA agreed with this recommendation and in November 2023 indicated it had established the Risk Management Council (RMC) as a dedicated entity to assess the likelihood and impact of inherent fraud risks in the program. The RMC was formed to define risk tolerance, establish acceptable levels of risk taking and targets for risk mitigation, and to drive integration of risk management across the program. Within the RMC, risks are broken down individually and assigned to a risk owner and an action owner. The risk is defined, assigned a risk value, and a treatment plan is developed. GAO will determine the extent to which these actions address this recommendation.
National Telecommunications and Information Administration For TBCP, the Administrator of NTIA should ensure that the dedicated entity examines the suitability of existing antifraud controls in the program and prioritizes residual fraud risks. (Recommendation 7)
Open
In November 2023, NTIA indicated that it is developing the Fraud, Waste, and Abuse (FWA) Framework that will assist in identifying potential risks and vulnerabilities. The FWA Framework will provide guidance to establish controls, procedures, and monitoring activities. The FWA Framework project is ongoing with a project plan and working group coordinating closely on its development. NTIA said that it plans to implement the FWA Framework in 2024. GAO will continue to monitor NITA's efforts regarding this recommendation.
National Telecommunications and Information Administration For TBCP, the Administrator of NTIA should ensure that the dedicated entity documents the fraud risk profile for the program. (Recommendation 8)
Open
In November 2023, NTIA indicated that it is developing the Fraud, Waste, and Abuse (FWA) Framework that will assist in identifying potential risks and vulnerabilities. The FWA Framework will provide guidance to establish controls, procedures, and monitoring activities. NTIA plans to implement the FWA in 2024 and GAO will assess the extent to which the FWA documents the fraud risk profile for the program.
National Telecommunications and Information Administration For BIP, the Administrator of NTIA should ensure the performance goal is quantifiable and measurable by defining broadband affordability. (Recommendation 9)
Open
NTIA agreed with this recommendation and in November 2023 indicated that it had defined broadband affordability for the Broadband Infrastructure Program. GAO will identify the definition determine if it is a quantifiable and measurable performance goals for the Broadband Infrastructure Program.
National Telecommunications and Information Administration For BIP, the Administrator of NTIA should designate a dedicated entity to lead fraud risk management activities for the program. (Recommendation 10)
Open
In November 2023, NTIA indicated that it had established the Risk Management Council as a dedicated entity that meets regularly to lead fraud risk management activities for the Broadband Infrastructure Program. GAO will obtain documentation of this designation as part of determining if this action satisfies the recommendation.
National Telecommunications and Information Administration For BIP, the Administrator of NTIA should ensure that the dedicated entity identifies inherent fraud risks in the program. (Recommendation 11)
Open
NTIA agreed with this recommendation and in November 2023 indicated it had established the Risk Management Council (RMC) as a dedicated entity to assess the likelihood and impact of inherent fraud risks in the program. The RMC was formed to define risk tolerance, establish acceptable levels of risk taking and targets for risk mitigation, and to drive integration of risk management across the program. Within the RMC, risks are broken down individually and assigned to a risk owner and an action owner. The risk is defined, assigned a risk value, and a treatment plan is developed. GAO will determine the extent to which these actions address this recommendation.
National Telecommunications and Information Administration For BIP, the Administrator of NTIA should ensure that the dedicated entity assesses the likelihood and impact of inherent fraud risks in the program. (Recommendation 12)
Open
NTIA agreed with this recommendation and in November 2023 indicated it had established the Risk Management Council (RMC) as a dedicated entity to assess the likelihood and impact of inherent fraud risks in the program. The RMC was formed to define risk tolerance, establish acceptable levels of risk taking and targets for risk mitigation, and to drive integration of risk management across the program. Within the RMC, risks are broken down individually and assigned to a risk owner and an action owner. The risk is defined, assigned a risk value, and a treatment plan is developed. GAO will determine the extent to which these actions address this recommendation.
National Telecommunications and Information Administration For BIP, the Administrator of NTIA should ensure that the dedicated entity determines fraud risk tolerance for the program. (Recommendation 13)
Open
NTIA agreed with this recommendation and in November 2023 indicated it had established the Risk Management Council (RMC) as a dedicated entity to assess the likelihood and impact of inherent fraud risks in the program. The RMC was formed to define risk tolerance, establish acceptable levels of risk taking and targets for risk mitigation, and to drive integration of risk management across the program. Within the RMC, risks are broken down individually and assigned to a risk owner and an action owner. The risk is defined, assigned a risk value, and a treatment plan is developed. GAO will determine the extent to which these actions address this recommendation.
National Telecommunications and Information Administration For BIP, the Administrator of NTIA should ensure that the dedicated entity examines the suitability of existing antifraud controls in the program and prioritizes residual fraud risks. (Recommendation 14)
Open
NTIA agreed with this recommendation and in November 2023 indicated it had established the Risk Management Council (RMC) as a dedicated entity to assess the likelihood and impact of inherent fraud risks in the program. The RMC was formed to define risk tolerance, establish acceptable levels of risk taking and targets for risk mitigation, and to drive integration of risk management across the program. Within the RMC, risks are broken down individually and assigned to a risk owner and an action owner. The risk is defined, assigned a risk value, and a treatment plan is developed. GAO will determine the extent to which these actions address this recommendation.
National Telecommunications and Information Administration For BIP, the Administrator of NTIA should ensure that the dedicated entity documents the fraud risk profile for the program. (Recommendation 15)
Open
In November 2023, NTIA indicated that it is developing the Fraud, Waste, and Abuse (FWA) Framework that will assist in identifying potential risks and vulnerabilities. The FWA Framework will provide guidance to establish controls, procedures, and monitoring activities. NTIA plans to implement the FWA in 2024 and GAO will assess the extent to which FWA documents the fraud risk profile for the program.

Full Report

Office of Public Affairs

Topics

BroadbandCritical infrastructureGrant awardsGrant programsNative American landsPerformance goalsPerformance measuresRisk managementRural economic developmentTelecommunications