The Department of Energy spends billions of dollars on contracts every year. But detecting contract fraud can be difficult, so it's important for the DOE to assess and manage all of its risks.
We identified 9 categories of contracting fraud schemes that occurred at the DOE from 2013 to 2019, including billing schemes and bid-rigging. We found that the DOE's methods for gathering information about its fraud risks do not capture all of the contracting fraud risks it faces.
Our 2 recommendations include that the DOE expand its fraud risk assessments to include all risks facing its programs.
What GAO Found
GAO identified nine categories of contracting fraud schemes that occurred at the Department of Energy (DOE), including billing schemes, conflicts of interest, and payroll schemes. For example, a subcontractor employee at a site created fraudulent invoices for goods never received, resulting in a loss of over $6 million. In another scheme, a contractor engaged in years of widespread time card fraud, submitting inflated claims for compensation. The contractor agreed to pay $18.5 million to settle the case. DOE reported that it identified nearly $15 million in improper payments due to confirmed fraud in fiscal year 2019. However, due to the difficulty in detecting fraud, agencies—including DOE—incur financial losses related to fraud that are never identified or are settled without admission to fraud and are not counted as such. Fraud can also have nonfinancial impacts, such as fraudsters obtaining a competitive advantage and preventing legitimate businesses from obtaining contracts.
DOE has taken some steps and is planning others to demonstrate a commitment to combat fraud and assess its contracting fraud risks, consistent with the leading practices in GAO's Fraud Risk Framework. However, GAO found that DOE has not assessed the full range of contracting fraud risks it faces. Specifically, GAO found DOE's methods for gathering information about its fraud risks captures selected fraud risks—rather than all fraud risks—facing DOE programs. As shown in the figure, DOE's risk profiles for fiscal years 2018 and 2019 did not capture four of nine fraud schemes that occurred at DOE. For example, one entity did not include any fraud risks in its risk profiles, yet GAO identified six types of fraud schemes that occurred at the entity's site. DOE plans to expand its risk assessment process, but officials expect the new process will continue to rely on a methodology that gathers information on selected fraud risks. The Fraud Risk Framework states that entities identify specific tools, methods, and sources for gathering information about fraud risks. Without expanding its methodology to capture, assess, and document all fraud risks facing its programs, DOE risks remaining vulnerable to these types of fraud.
Fraud Risks Identified in Fiscal Years 2018 and 2019 Risk Profiles Compared with Types of Fraud Schemes That Have Occurred at DOE
DOE is planning to develop an antifraud strategy in fiscal year 2022 and has taken some steps to evaluate and adapt to fraud risks, consistent with leading practices in GAO's Fraud Risk Framework. Part of DOE's effort to manage fraud risks includes adapting controls to address emerging fraud risks. Additionally, DOE is planning to expand its use of data analytics to detect contracting fraud, beginning in fiscal year 2022.
Why GAO Did This Study
DOE relies primarily on contractors to carry out its missions at its laboratories and other facilities, spending approximately 80 percent of its total obligations on contracts. GAO and DOE's Inspector General have reported on incidents of fraud by DOE contractors and identified multiple contracting fraud risks.
GAO was asked to examine DOE's processes to manage contracting fraud risks. This report examines, for DOE, (1) types of contracting fraud schemes and their financial and nonfinancial impacts, (2) steps taken to commit to combating contracting fraud risks and the extent to which these risks have been assessed, and (3) steps taken to design and implement an antifraud strategy and to evaluate and adapt its approach.
GAO reviewed relevant laws and guidance; reviewed agency media releases, Agency Financial Reports, and DOE Inspector General reports to Congress from 2013 through 2019; and reviewed documents and interviewed officials from 42 DOE field and site offices, contractors, and subcontractors, representing a range of sites and programs.
GAO is making two recommendations, including for DOE to expand its fraud risk assessment methodology to ensure all fraud risks facing DOE programs are fully assessed and documented in accordance with leading practices. DOE concurred with GAO's recommendations.
Recommendations for Executive Action
|Department of Energy||1. The Office of the Chief Financial Officer should expand its methodology for developing its agency-wide fraud risk assessment to ensure that all inherent fraud risks—not limited to top fraud risks—facing DOE programs are fully assessed and documented in accordance with leading practices. (Recommendation 1)|
|Department of Energy||2. The Office of the Chief Financial Officer should update its internal control guidance to clarify the information that reporting entities should obtain to assess the fraud risks for non-M&O contractors they oversee. (Recommendation 2)|