Fast Facts

DOE's inadequate management and oversight of its contractors led us to designate its contract management as a High Risk area. For example, in November 2016, DOE contractors constructing a nuclear waste treatment plant agreed to pay a combined $125 million to settle a lawsuit alleging, among other things, that a contractor improperly used federal funds for lobbying purposes.

We found that DOE does not use leading practices for managing fraud risks—such as data analytics—that can help agencies detect fraudulent spending or other improper payments.

We made six recommendations aimed at reducing DOE's risk of fraud and improper payments.

 

Photo of the Department of Energy building

Photo of the Department of Energy building

Skip to Highlights
Highlights

What GAO Found

The Department of Energy (DOE) manages the risk of fraud and improper payments through its internal controls program, which includes, among other things, prepayment invoice reviews and post payment audits. However, several challenges limit the effectiveness of this approach. For example, DOE does not have a department-wide invoice review policy or well-documented procedures at five of the six sites with invoice review responsibilities. Consequently, DOE has no assurance that control activities at these sites are operating as intended. Time constraints also limit the effectiveness of invoice reviews. For example, some invoices can have numerous associated transactions and the reviews must be completed within a limited time frame before payment, which may be as short as 10 days.

DOE's approach to managing fraud risk does not incorporate leading practices such as creating a dedicated antifraud entity to lead fraud risk management activities; conducting regular fraud risk assessments that are tailored to the program; developing and documenting a strategy to mitigate assessed fraud risks; or designing and implementing specific control activities, such as data analytic activities, to prevent and detect fraud. By not implementing leading practices, DOE is missing an opportunity to organize and focus its resources in a way that would allow it to mitigate the likelihood and impact of fraud. Moreover, the Fraud Reduction and Data Analytics Act of 2015 establishes requirements aimed at improving federal agencies' controls and procedures for assessing and mitigating fraud risks through the use of data analytics. The legislation also directs the Office of Management and Budget (OMB) to, among other things, establish implementation guidelines that incorporate fraud risk management leading practices. DOE officials told GAO that they plan to meet the requirements of the act but should not be expected to implement private industry leading practices prior to the issuance of OMB guidance. Incorporating leading practices could also help DOE more effectively implement the act's requirements once OMB guidance is available.

It is not possible to fully employ data analytics as a tool to identify potential indicators of fraud or other improper payments at DOE because of limitations in contractor-maintained cost data. Much of the cost data maintained by the two DOE contractors GAO selected for data analytic purposes could not be used because these data did not include a complete universe of transactions that was reconcilable with amounts billed to DOE or did not contain details necessary to determine the nature of costs charged to DOE. Because DOE does not require its contractors to maintain sufficiently detailed transaction-level cost data that are reconcilable with amounts charged to DOE, it is not well positioned to employ data analytics as a fraud detection tool. Effective fraud risk managers collect and analyze data and identify fraud trends and use them to improve fraud risk management activities, according to leading practices that GAO has previously identified. Without the detailed data necessary to conduct such analysis, DOE is missing an opportunity to develop, refine, and improve its experience with data analytic tools and techniques, and better position itself to meet the requirements of the Fraud Reduction and Data Analytics Act.

Why GAO Did This Study

Over the past decade, incidents of fraud by DOE contractors have occurred. From 2003 through 2008, employees of one contractor at DOE's Hanford site in Washington state made hundreds of fraudulent purchases and solicited and received kickbacks. In another case, Hanford contractors agreed to pay a combined $125 million to settle disputed claims regarding federal dollars spent on nonnuclear-compliant parts. To help federal program managers combat fraud, in July 2015, GAO issued leading practices for managing fraud risks.

GAO was asked to review DOE's processes, programs, and practices for managing its risk of fraud. This report examines (1) DOE's approach to managing its risk of fraud and other improper payments and challenges, if any, that may limit the effectiveness of this approach; (2) the extent to which DOE's approach incorporates leading practices; and (3) the application of data analytics in identifying potential indicators of fraud or other improper payments associated with selected DOE contracts.

Skip to Recommendations

Recommendations

GAO is making six recommendations, including that DOE establish invoice review policies and procedures, employ leading practices such as data analytics to help manage fraud risk, and require that its contractors maintain sufficiently detailed cost data for reconciling with amounts charged. DOE generally concurred with five of GAO's six recommendations but did not agree to require contractors to maintain detailed data. GAO continues to believe that the recommendation is valid, as discussed in the report.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Energy To allow DOE management to effectively monitor invoice reviews and have assurance that this control activity is operating as intended, the Secretary of Energy should establish a DOE-wide invoice review policy that includes requirements for sites to establish well-documented invoice review operating procedures.
Open
In its comments on a draft of the report in March 2017, DOE concurred in principle with this recommendation, stating that it already had an established, detailed DOE-wide invoice review policy provided in DOE's Financial Management Handbook and in the DOE Acquisition Guide. In February 2020, DOE issued an update to its Financial Management Handbook that included additional procedures to address intra-governmental payment and collection transactions. However, neither the prior version of the Financial Management Handbook nor the additional information includes invoice review procedures. The Financial Management Handbook refers users to the DOE Acquisition Guide for procedures for invoice review. However, as of March 2021, the Acquisition Guide states that it is intended to offer general guiding principles for approving officials to consider when reviewing and analyzing cost elements included in contract invoices--as opposed to detailed procedures for invoice review--and does not require sites to establish well-documented invoice review operating procedures, as we recommended.
Department of Energy
Priority Rec.
This is a priority recommendation.
To help DOE take a more strategic approach to managing improper payments and risk, including fraud risk, the Secretary of Energy should implement leading practices for managing the department's risk of fraud, including creating a structure with a dedicated entity within DOE to design and oversee fraud risk management activities.
Closed - Implemented
In its comments on a draft of the report in March 2017, DOE partially agreed with the recommendation. As of December 2020, DOE completed a charter indicating that it expanded the responsibilities of the agency's Department Internal Control and Assessment Review Council to include performing duties as the Senior Risk Management Council to oversee the fraud risk management process and take on other roles of the designated entity, with support from the Internal Control and Fraud Risk Management Division within the Office of the Chief Financial Officer. In May 2021, the Department Internal Control and Assessment Review Council/Senior Risk Management Council met to review DOE's fiscal year 2021 Consolidated Risk Profile and Management Priorities, a key task of the designated entity.
Department of Energy To help DOE take a more strategic approach to managing improper payments and risk, including fraud risk, the Secretary of Energy should implement leading practices for managing the department's risk of fraud, including conducting fraud risk assessments that are tailored to each program and use the assessments to develop a fraud risk profile
Open
In its comments on a draft of the report in March 2017, DOE concurred with the substance of the recommendation; however they considered the recommendation to be closed without corrective action because DOE believed that its risk assessments met the requirements of the Improper Payments Elimination and Recovery Improvement Act of 2012, as reported by the Office of Inspector General (OIG), and because it has implemented updates to OMB Circular A-123 that added requirements related to managing fraud risk and adherence to GAO's Fraud Risk Framework. However, In our January 2021 report on DOE contractor fraud risk (GAO-21-44), we found that DOE's Office of the Chief Financial Officer relies on its agency-wide risk assessment process for gathering information about fraud risks it faces and documenting its agency-wide fraud risk profile. We found that this method for gathering information did not capture all fraud risks facing DOE programs. We will continue to monitor DOE's progress in implementing this recommendation.
Department of Energy To help DOE take a more strategic approach to managing improper payments and risk, including fraud risk, the Secretary of Energy should implement leading practices for managing the department's risk of fraud, including developing and documenting an antifraud strategy that describes the programs' approaches for addressing the prioritized fraud risks identified during the fraud risk assessment.
Open
In its comments on the draft report in March 2017, DOE concurred with this recommendation but considered the recommendation closed without corrective action because DOE had implemented the updated OMB Circular A-123 and because DOE's antifraud strategy was embedded in the DOE internal control program. However, DOE officials told us that they had not developed or documented a DOE-wide antifraud strategy or directed individual programs to develop program-specific strategies. In our January 2021 report on DOE contractor fraud risk (GAO-21-44), we found that DOE was planning to develop an antifraud strategy in fiscal year 2022. We will continue to monitor DOE's progress in implementing this recommendation.
Department of Energy To help DOE take a more strategic approach to managing improper payments and risk, including fraud risk, the Secretary of Energy should implement leading practices for managing the department's risk of fraud, including designing and implementing specific control activities, including fraud awareness training and data analytics, to prevent and detect fraud and other improper payments.
Open
In its comments on the draft report in March 2017, DOE stated that it concurred in principle with the recommendation, but that it had implemented the recommendation. In our January 2021 report on DOE contractor fraud risk (GAO-21-44), we found that DOE's Office of the Chief Financial Officer offers annual training to DOE employees and contractors on fraud awareness. Additionally, we found that DOE plans to survey organizations about their current use of data analytics and plans widespread use of data analytics beginning in fiscal year 2022. We will continue to monitor DOE's progress in implementing this recommendation.
Department of Energy To help ensure that necessary data are available to employ data analytics as a tool to perform contractor cost-surveillance activities, the Secretary of Energy should require contractors to maintain sufficiently detailed transaction-level cost data that are reconcilable with amounts charged to the government, including (1) cost data that, at a minimum, represent a full data population and (2) the details necessary to determine the nature of each cost transaction, with such identifiers as transaction date, dollar amount, item or service description, and transaction codes to indicate the type of cost represented (e.g., construction materials, property lease, and office supplies).
Open
In its comments on the draft report in March 2017, DOE did not agree to implement this recommendation because officials believe that the recommendation establishes agency-specific requirements for DOE contractors that are more prescriptive than current federal requirements. In our January 2021 report on DOE contractor fraud risk (GAO-21-44), we found that DOE plans to survey organizations about their current use of data analytics and plans widespread use of data analytics beginning in fiscal year 2022. We will continue to monitor DOE's progress in implementing this recommendation.

Full Report

GAO Contacts