Fast Facts

For decades, federal agencies have made awards to fund research and development through the Small Business Innovation Research and Small Business Technology Transfer programs. In 2012, the Small Business Administration developed requirements to help agencies prevent fraud, waste, and abuse in the programs.

However, we found that the 11 participating agencies have varied in their implementation of these fraud prevention requirements. We recommended that SBA confirm that agencies are fully implementing these requirements.

Number of Participating Agencies that Implemented SBA's Fraud, Waste, and Abuse Prevention Requirements

Bar graph that shows how federal agencies implemented the SBA's fraud prevention requirements.

Bar graph that shows how federal agencies implemented the SBA's fraud prevention requirements.

Skip to Highlights
Highlights

What GAO Found

The 11 agencies participating in the Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) programs have varied in their implementation of the fraud, waste, and abuse prevention requirements developed by the Small Business Administration (SBA) after the programs were reauthorized in 2011. SBA, which oversees the programs, amended the SBIR and STTR policy directives in 2012, as required by the reauthorization act, to include 10 minimum requirements to help agencies prevent potential fraud, waste, and abuse in the programs. GAO found that the extent to which the agencies have fully implemented each of the requirements in the directives varies. For example, all 11 agencies have fully implemented 2 requirements, more than half of the agencies have fully implemented 6 other requirements, and 1 and 3 agencies, respectively, have fully implemented the remaining 2 requirements. Officials from 9 agencies told GAO they have implemented other activities beyond the minimum requirements included in the directives, such as conducting site visits to small businesses to confirm that the necessary facilities exist for technical research and development work. Although SBA issued the policy directives, it has taken few actions to oversee agencies' efforts to implement the requirements. SBA officials said they checked on the implementation of one of the requirements, but did not know whether the participating agencies were implementing the other requirements because they had not confirmed this information. Without confirming that each participating agency is implementing the fraud, waste, and abuse prevention requirements in the policy directives, SBA does not have reasonable assurance that each agency has a system in place to reduce its' vulnerability to fraud, waste, and abuse.

Similarly, Offices of Inspectors General (OIG) varied in their implementation of the fraud, waste, and abuse prevention requirements specifically assigned to them in the reauthorization act, with between 5 and 11 OIGs implementing each requirement. For example, OIGs at each of the 11 agencies have shared information on fraud, waste, and abuse. Of the 11 participating agencies, the Department of Defense (DOD) is the only one whose oversight and audit responsibilities are separated between its various OIGs and specific investigative services, so that DOD has both an OIG as well as an investigative service as do each of the military services. By law, the OIGs of each military service within DOD—Army, Navy, and Air Force—are each required to implement these requirements. However, GAO found that none of the three military service OIGs had taken actions to implement the requirements, although the DOD OIG had taken some steps to implement them. The division of duties between the military services' OIGs and their respective investigative services makes it difficult to track the implementation of these requirements at DOD. Without the three military services' OIGs implementing the requirements themselves or delegating the implementation of the requirements to the investigative services, the DOD OIGs may not be able to detect fraud, waste, and abuse in DOD's SBIR and STTR programs, which have the largest budgets for these programs.

Why GAO Did This Study

For about 35 years, federal agencies have made awards to small businesses for technology research and development through the SBIR program and, for the last 25 years, through the STTR program. Following a 2009 congressional hearing about fraud in the programs, the SBIR/STTR Reauthorization Act of 2011 included separate requirements for SBA and OIGs to address and prevent fraud, waste, and abuse.

The act also included a provision for GAO to review what the agencies and their OIGs have done to address fraud, waste, and abuse in the programs. This report examines (1) the extent to which SBA and the participating agencies have implemented measures to prevent fraud, waste, and abuse for the SBIR and STTR programs and (2) the extent to which the agencies' OIGs have implemented the act's requirements.

GAO compared documentation from SBA, the 11 participating agencies, and the agencies' OIGs to their respective requirements and interviewed SBA, agency, and OIG officials.

Skip to Recommendations

Recommendations

GAO is making six recommendations, including that SBA confirm agency implementation of the fraud, waste, and abuse requirements, and that the Army, Navy, and Air Force OIGs implement the OIG requirements or delegate them to the investigative services. These agencies generally agreed with the recommendations addressed to them.

Recommendations for Executive Action

Agency Affected Recommendation Status
Small Business Administration 1. To help improve agencies' implementation of the fraud, waste, and abuse prevention requirements in the policy directives, the Administrator of SBA should confirm that each SBIR and STTR agency is implementing the minimum fraud, waste, and abuse prevention requirements in the policy directives, by, for example, requesting documentation from agencies.
Closed - Implemented
SBA concurred with this recommendation. SBA sent emails to the 11 participating agencies and received responses, including detailed documentation, from November 2017 through December 2018 regarding their implementation of all of the fraud, waste, and abuse requirements in the policy directives. Based on this information, SBA determined that the 11 participating agencies had either implemented the requirements or had a plan in place to address requirements and report on compliance to SBA.
Small Business Administration 2. To help improve agencies' implementation of the fraud, waste, and abuse prevention requirements in the policy directives, the Administrator of SBA should request input from the participating agencies regarding the clarity of the requirements; review all of the SBIR and STTR minimum fraud, waste, and abuse prevention requirements, including the agency requirement to post information about successful SBIR or STTR fraud prosecutions; determine whether any additional guidance is needed; and revise the policy directives accordingly.
Closed - Implemented
SBA concurred with this recommendation. After the issuance of our April 2017 report, SBA established time to discuss fraud, waste, and abuse as a regular agenda item at each of its bi-monthly SBIR Program Managers' Meetings. Participating agencies asked SBA for clarification on a few fraud, waste, and abuse prevention requirements, including: (1) posting of successful cases on agency websites, (2) the amount of resources needed to implement the provisions, and (3) tailoring requirements for each agency. Because these issues and questions were discussed and clarified during the program manager meetings, SBA determined that it was not necessary to provide additional guidance or to revise the policy directives.
Small Business Administration 3. To help improve agencies' implementation of the fraud, waste, and abuse prevention requirements in the policy directives, the Administrator of SBA should revise the fraud, waste, and abuse provisions in the policy directives to reflect the definition of essentially equivalent work used elsewhere in the policy directives and require participating agencies to check for essentially equivalent work that they fund as well as such work funded by other agencies.
Closed - Implemented
SBA concurred with this recommendation. In April 2019, SBA published a revised version of the SBIR and STTR Policy Directives in the Federal Register, which went into effect on May 2, 2019. The revised Directives reflect the definition of essentially equivalent work in the section on "Fraud, Waste, and Abuse;" this definition is consistent with the definition previously used in an earlier section of the policy directives. In the revised Directives, SBA also requires participating agencies to check for essentially equivalent work that they fund as well as such work funded by other agencies.
Small Business Administration 4. To help improve agencies' implementation of the fraud, waste, and abuse prevention requirements in the policy directives, the Administrator of SBA should evaluate SBIR and STTR agencies' fraud, waste, and abuse outcomes to ensure the fraud, waste, and abuse prevention requirements are appropriate and meet their intended purpose for the SBIR and STTR programs.
Closed - Implemented
SBA concurred with this recommendation. In August 2020, SBA assessed the fraud, waste, and abuse prevention requirements, noting that it is often impossible to assess the impact of a requirement to specific reduction or deterrence of fraud, waste, and abuse. SBA concluded that the implemented requirements seemed to be appropriate. SBA provided further assessment of the four requirements that had not been implemented by at least two agencies and included information on additional guidance provided to agencies regarding the requirements. For example, SBA stated that two agencies had not implemented the requirement to post information on successful prosecutions of fraud, waste, and abuse on their websites. One agency had not done so because it did not have any prosecutions. SBA stated that it notified both agencies that they may link to the listing of prosecutions on the SBIR.gov website to fulfill this requirement.
Department of Health and Human Services 5. To help improve the implementation of the fraud, waste, and abuse prevention requirements, the Secretary of Health and Human Services (HHS) should direct the HHS SBIR and STTR program offices to collect copies of the self-certification forms from its SBIR and STTR awardees.
Closed - Implemented
In October 2018, HHS announced that it will require all SBIR and STTR awardees to submit life cycle certification forms, effective January 1, 2019. The notice also specifies the consequences of an SBIR or STTR awardee failing to provide HHS with all required completed certifications, including corrective actions by HHS, withholding of further awards, suspension, or termination, among other things.
Office of the Inspector General 6. To help ensure that DOD is implementing the fraud, waste, and abuse prevention requirements to the OIGs, the Inspectors General of the Army, Navy, and Air Force should implement the requirements themselves or delegate the implementation of the requirements to the investigative services.
Closed - Implemented
DOD concurred with the recommendation in its comments on the draft report and confirmed its concurrence in its May 2017 letter on the final report. In October 2019, the Air Force OIG delegated the authority for the implementation of the SBIR requirements to the Air Force Office of Special Investigations.
Naval Inspector General 7. To help ensure that DOD is implementing the fraud, waste, and abuse prevention requirements to the OIGs, the Inspectors General of the Army, Navy, and Air Force should implement the requirements themselves or delegate the implementation of the requirements to the investigative services.
Open
DOD concurred with the recommendation in its comments on the draft report. In June 2020, we requested information on the status of the recommendation. When we confirm the actions the Navy has taken, we will provide updated information.
Office of the Inspector General 8. To help ensure that DOD is implementing the fraud, waste, and abuse prevention requirements to the OIGs, the Inspectors General of the Army, Navy, and Air Force should implement the requirements themselves or delegate the implementation of the requirements to the investigative services.
Open
DOD concurred with the recommendation in its comments on the draft report. As of July 2020, the Army had drafted a memorandum that would delegate the requirements to the investigative services or program office. We will update the status of this recommendation after the Army issues the final memorandum.

Full Report

GAO Contacts