Department of Energy Contracting: Improvements Needed to Ensure DOE Assesses Its Full Range of Contracting Fraud Risks

GAO-21-44 Published: Jan 13, 2021. Publicly Released: Jan 13, 2021.
Jump To:
Fast Facts

The Department of Energy spends billions of dollars on contracts every year. But detecting contract fraud can be difficult, so it's important for the DOE to assess and manage all of its risks.

We identified 9 categories of contracting fraud schemes that occurred at the DOE from 2013 to 2019, including billing schemes and bid-rigging. We found that the DOE's methods for gathering information about its fraud risks do not capture all of the contracting fraud risks it faces.

Our 2 recommendations include that the DOE expand its fraud risk assessments to include all risks facing its programs.

A contract and a pen

Skip to Highlights
Highlights

What GAO Found

GAO identified nine categories of contracting fraud schemes that occurred at the Department of Energy (DOE), including billing schemes, conflicts of interest, and payroll schemes. For example, a subcontractor employee at a site created fraudulent invoices for goods never received, resulting in a loss of over $6 million. In another scheme, a contractor engaged in years of widespread time card fraud, submitting inflated claims for compensation. The contractor agreed to pay $18.5 million to settle the case. DOE reported that it identified nearly $15 million in improper payments due to confirmed fraud in fiscal year 2019. However, due to the difficulty in detecting fraud, agencies—including DOE—incur financial losses related to fraud that are never identified or are settled without admission to fraud and are not counted as such. Fraud can also have nonfinancial impacts, such as fraudsters obtaining a competitive advantage and preventing legitimate businesses from obtaining contracts.

DOE has taken some steps and is planning others to demonstrate a commitment to combat fraud and assess its contracting fraud risks, consistent with the leading practices in GAO's Fraud Risk Framework. However, GAO found that DOE has not assessed the full range of contracting fraud risks it faces. Specifically, GAO found DOE's methods for gathering information about its fraud risks captures selected fraud risks—rather than all fraud risks—facing DOE programs. As shown in the figure, DOE's risk profiles for fiscal years 2018 and 2019 did not capture four of nine fraud schemes that occurred at DOE. For example, one entity did not include any fraud risks in its risk profiles, yet GAO identified six types of fraud schemes that occurred at the entity's site. DOE plans to expand its risk assessment process, but officials expect the new process will continue to rely on a methodology that gathers information on selected fraud risks. The Fraud Risk Framework states that entities identify specific tools, methods, and sources for gathering information about fraud risks. Without expanding its methodology to capture, assess, and document all fraud risks facing its programs, DOE risks remaining vulnerable to these types of fraud.

Fraud Risks Identified in Fiscal Years 2018 and 2019 Risk Profiles Compared with Types of Fraud Schemes That Have Occurred at DOE

Fraud Risks Identified in Fiscal Years 2018 and 2019 Risk Profiles Compared with Types of Fraud Schemes That Have Occurred at DOE

DOE is planning to develop an antifraud strategy in fiscal year 2022 and has taken some steps to evaluate and adapt to fraud risks, consistent with leading practices in GAO's Fraud Risk Framework. Part of DOE's effort to manage fraud risks includes adapting controls to address emerging fraud risks. Additionally, DOE is planning to expand its use of data analytics to detect contracting fraud, beginning in fiscal year 2022.

Why GAO Did This Study

DOE relies primarily on contractors to carry out its missions at its laboratories and other facilities, spending approximately 80 percent of its total obligations on contracts. GAO and DOE's Inspector General have reported on incidents of fraud by DOE contractors and identified multiple contracting fraud risks.

GAO was asked to examine DOE's processes to manage contracting fraud risks. This report examines, for DOE, (1) types of contracting fraud schemes and their financial and nonfinancial impacts, (2) steps taken to commit to combating contracting fraud risks and the extent to which these risks have been assessed, and (3) steps taken to design and implement an antifraud strategy and to evaluate and adapt its approach.

GAO reviewed relevant laws and guidance; reviewed agency media releases, Agency Financial Reports, and DOE Inspector General reports to Congress from 2013 through 2019; and reviewed documents and interviewed officials from 42 DOE field and site offices, contractors, and subcontractors, representing a range of sites and programs.

Skip to Recommendations

Recommendations

GAO is making two recommendations, including for DOE to expand its fraud risk assessment methodology to ensure all fraud risks facing DOE programs are fully assessed and documented in accordance with leading practices. DOE concurred with GAO's recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Energy
Priority Rec.
This is a priority recommendation.
The Office of the Chief Financial Officer should expand its methodology for developing its agency-wide fraud risk assessment to ensure that all inherent fraud risks—not limited to top fraud risks—facing DOE programs are fully assessed and documented in accordance with leading practices. (Recommendation 1)
Open
DOE agreed with our recommendation, but stated in its written response to our report that it considered its actions to implement our recommendation to be complete. DOE has updated its risk profile template so that reporting entities assess the likelihood and impact of every risk identified in their risk profiles and the extent to which controls mitigate those risks, consistent with leading practices. To fully address our recommendation, DOE needs to take additional actions to document whether the residual risk is within the agency's fraud risk tolerance. By addressing our recommendation, DOE will better ensure its fraud risk assessment is complete and fully documented.
Department of Energy The Office of the Chief Financial Officer should update its internal control guidance to clarify the information that reporting entities should obtain to assess the fraud risks for non-M&O contractors they oversee. (Recommendation 2)
Open
DOE agreed with this recommendation. In response, DOE stated that all of DOE's reporting organizations will be required to include all M&O and integrated non-M&O contractors in the assessment of fraud risks. DOE also stated that it plans to update relevant guidance and will monitor the implementation of this guidance. DOE estimates it will have competed these actions by October 2023. We will continue to monitor DOE's efforts to implement this recommendation.

Full Report

GAO Contacts