Skip to main content

Department of Energy Contracting: Improvements Needed to Ensure DOE Assesses Its Full Range of Contracting Fraud Risks

GAO-21-44 Published: Jan 13, 2021. Publicly Released: Jan 13, 2021.
Jump To:
Skip to Highlights


What GAO Found

GAO identified nine categories of contracting fraud schemes that occurred at the Department of Energy (DOE), including billing schemes, conflicts of interest, and payroll schemes. For example, a subcontractor employee at a site created fraudulent invoices for goods never received, resulting in a loss of over $6 million. In another scheme, a contractor engaged in years of widespread time card fraud, submitting inflated claims for compensation. The contractor agreed to pay $18.5 million to settle the case. DOE reported that it identified nearly $15 million in improper payments due to confirmed fraud in fiscal year 2019. However, due to the difficulty in detecting fraud, agencies—including DOE—incur financial losses related to fraud that are never identified or are settled without admission to fraud and are not counted as such. Fraud can also have nonfinancial impacts, such as fraudsters obtaining a competitive advantage and preventing legitimate businesses from obtaining contracts.

DOE has taken some steps and is planning others to demonstrate a commitment to combat fraud and assess its contracting fraud risks, consistent with the leading practices in GAO's Fraud Risk Framework. However, GAO found that DOE has not assessed the full range of contracting fraud risks it faces. Specifically, GAO found DOE's methods for gathering information about its fraud risks captures selected fraud risks—rather than all fraud risks—facing DOE programs. As shown in the figure, DOE's risk profiles for fiscal years 2018 and 2019 did not capture four of nine fraud schemes that occurred at DOE. For example, one entity did not include any fraud risks in its risk profiles, yet GAO identified six types of fraud schemes that occurred at the entity's site. DOE plans to expand its risk assessment process, but officials expect the new process will continue to rely on a methodology that gathers information on selected fraud risks. The Fraud Risk Framework states that entities identify specific tools, methods, and sources for gathering information about fraud risks. Without expanding its methodology to capture, assess, and document all fraud risks facing its programs, DOE risks remaining vulnerable to these types of fraud.

Fraud Risks Identified in Fiscal Years 2018 and 2019 Risk Profiles Compared with Types of Fraud Schemes That Have Occurred at DOE

Fraud Risks Identified in Fiscal Years 2018 and 2019 Risk Profiles Compared with Types of Fraud Schemes That Have Occurred at DOE

DOE is planning to develop an antifraud strategy in fiscal year 2022 and has taken some steps to evaluate and adapt to fraud risks, consistent with leading practices in GAO's Fraud Risk Framework. Part of DOE's effort to manage fraud risks includes adapting controls to address emerging fraud risks. Additionally, DOE is planning to expand its use of data analytics to detect contracting fraud, beginning in fiscal year 2022.

Why GAO Did This Study

DOE relies primarily on contractors to carry out its missions at its laboratories and other facilities, spending approximately 80 percent of its total obligations on contracts. GAO and DOE's Inspector General have reported on incidents of fraud by DOE contractors and identified multiple contracting fraud risks.

GAO was asked to examine DOE's processes to manage contracting fraud risks. This report examines, for DOE, (1) types of contracting fraud schemes and their financial and nonfinancial impacts, (2) steps taken to commit to combating contracting fraud risks and the extent to which these risks have been assessed, and (3) steps taken to design and implement an antifraud strategy and to evaluate and adapt its approach.

GAO reviewed relevant laws and guidance; reviewed agency media releases, Agency Financial Reports, and DOE Inspector General reports to Congress from 2013 through 2019; and reviewed documents and interviewed officials from 42 DOE field and site offices, contractors, and subcontractors, representing a range of sites and programs.


GAO is making two recommendations, including for DOE to expand its fraud risk assessment methodology to ensure all fraud risks facing DOE programs are fully assessed and documented in accordance with leading practices. DOE concurred with GAO's recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Energy
Priority Rec.
The Office of the Chief Financial Officer should expand its methodology for developing its agency-wide fraud risk assessment to ensure that all inherent fraud risks—not limited to top fraud risks—facing DOE programs are fully assessed and documented in accordance with leading practices. (Recommendation 1)
In response to our recommendation, DOE has updated its risk profile template so that reporting entities assess the likelihood and impact of every risk identified in their risk profiles and the extent to which controls mitigate those risks, consistent with leading practices. To fully address our recommendation, DOE needs to take additional actions to document the agency's fraud risk tolerance. DOE told us it recently established a risk tolerance and plans to document this risk tolerance in risk profiles by March 2024. By addressing our recommendation, DOE will better ensure its fraud risk assessment is complete and fully documented.
Department of Energy The Office of the Chief Financial Officer should update its internal control guidance to clarify the information that reporting entities should obtain to assess the fraud risks for non-M&O contractors they oversee. (Recommendation 2)
Closed – Implemented
In April 2022, DOE provided us evidence that it updated its Internal Control Evaluations guidance to clarify that reporting organizations should take into consideration the risk profiles from the M&O and integrated non-M&O contractors under their purview when assessing fraud risks and developing related risk profiles. By clarifying that reporting entities should consider fraud risks facing M&O and integrated non-M&O contractors when conducting fraud risk assessments, DOE is better positioned to understand and manage the full range of fraud risks the agency faces.

Full Report

Office of Public Affairs


Agency evaluationsAntifraud programsBest practicesBilling proceduresCompetitive advantageConflict of interestsContractor paymentsContractor violationsCriminal investigationsFederal contractorsFraudFraudulent invoicesImproper paymentsInternal controlsInvoicesLossesPayrollQuestionable paymentsRisk assessmentRisk managementSubcontractors