Fast Facts

The Department of Energy spends billions of dollars on contracts every year. But detecting contract fraud can be difficult, so it's important for the DOE to assess and manage all of its risks.

We identified 9 categories of contracting fraud schemes that occurred at the DOE from 2013 to 2019, including billing schemes and bid-rigging. We found that the DOE's methods for gathering information about its fraud risks do not capture all of the contracting fraud risks it faces.

Our 2 recommendations include that the DOE expand its fraud risk assessments to include all risks facing its programs.

A contract and a pen

Skip to Highlights
Highlights

What GAO Found

GAO identified nine categories of contracting fraud schemes that occurred at the Department of Energy (DOE), including billing schemes, conflicts of interest, and payroll schemes. For example, a subcontractor employee at a site created fraudulent invoices for goods never received, resulting in a loss of over $6 million. In another scheme, a contractor engaged in years of widespread time card fraud, submitting inflated claims for compensation. The contractor agreed to pay $18.5 million to settle the case. DOE reported that it identified nearly $15 million in improper payments due to confirmed fraud in fiscal year 2019. However, due to the difficulty in detecting fraud, agencies—including DOE—incur financial losses related to fraud that are never identified or are settled without admission to fraud and are not counted as such. Fraud can also have nonfinancial impacts, such as fraudsters obtaining a competitive advantage and preventing legitimate businesses from obtaining contracts.

DOE has taken some steps and is planning others to demonstrate a commitment to combat fraud and assess its contracting fraud risks, consistent with the leading practices in GAO's Fraud Risk Framework. However, GAO found that DOE has not assessed the full range of contracting fraud risks it faces. Specifically, GAO found DOE's methods for gathering information about its fraud risks captures selected fraud risks—rather than all fraud risks—facing DOE programs. As shown in the figure, DOE's risk profiles for fiscal years 2018 and 2019 did not capture four of nine fraud schemes that occurred at DOE. For example, one entity did not include any fraud risks in its risk profiles, yet GAO identified six types of fraud schemes that occurred at the entity's site. DOE plans to expand its risk assessment process, but officials expect the new process will continue to rely on a methodology that gathers information on selected fraud risks. The Fraud Risk Framework states that entities identify specific tools, methods, and sources for gathering information about fraud risks. Without expanding its methodology to capture, assess, and document all fraud risks facing its programs, DOE risks remaining vulnerable to these types of fraud.

Fraud Risks Identified in Fiscal Years 2018 and 2019 Risk Profiles Compared with Types of Fraud Schemes That Have Occurred at DOE

Fraud Risks Identified in Fiscal Years 2018 and 2019 Risk Profiles Compared with Types of Fraud Schemes That Have Occurred at DOE

DOE is planning to develop an antifraud strategy in fiscal year 2022 and has taken some steps to evaluate and adapt to fraud risks, consistent with leading practices in GAO's Fraud Risk Framework. Part of DOE's effort to manage fraud risks includes adapting controls to address emerging fraud risks. Additionally, DOE is planning to expand its use of data analytics to detect contracting fraud, beginning in fiscal year 2022.

Why GAO Did This Study

DOE relies primarily on contractors to carry out its missions at its laboratories and other facilities, spending approximately 80 percent of its total obligations on contracts. GAO and DOE's Inspector General have reported on incidents of fraud by DOE contractors and identified multiple contracting fraud risks.

GAO was asked to examine DOE's processes to manage contracting fraud risks. This report examines, for DOE, (1) types of contracting fraud schemes and their financial and nonfinancial impacts, (2) steps taken to commit to combating contracting fraud risks and the extent to which these risks have been assessed, and (3) steps taken to design and implement an antifraud strategy and to evaluate and adapt its approach.

GAO reviewed relevant laws and guidance; reviewed agency media releases, Agency Financial Reports, and DOE Inspector General reports to Congress from 2013 through 2019; and reviewed documents and interviewed officials from 42 DOE field and site offices, contractors, and subcontractors, representing a range of sites and programs.

Skip to Recommendations

Recommendations

GAO is making two recommendations, including for DOE to expand its fraud risk assessment methodology to ensure all fraud risks facing DOE programs are fully assessed and documented in accordance with leading practices. DOE concurred with GAO's recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Energy
Priority Rec.
Priority recommendations are those that GAO believes warrant priority attention from heads of key departments or agencies.
The Office of the Chief Financial Officer should expand its methodology for developing its agency-wide fraud risk assessment to ensure that all inherent fraud risks—not limited to top fraud risks—facing DOE programs are fully assessed and documented in accordance with leading practices. (Recommendation 1)
Open
DOE agreed with our recommendation. In its written response to our report, DOE stated that it considers its actions to implement our recommendation to be complete. As part of its response, DOE stated that its Internal Control Evaluations Guidance requires that every risk identified in a reporting entity's risk profile be assessed to determine if there is a risk of fraud. We acknowledged this guidance. However, our analysis showed that DOE's methods for gathering information on the fraud risks it faces did not capture information on the risks associated with actual fraud incidents that occurred at DOE, resulting in an incomplete accounting of fraud risks on DOE's risk profiles. Without addressing our recommendation, DOE will continue to have an incomplete assessment of the fraud risks it faces. To fully address our recommendation, DOE needs to take additional action-such as expanding its methodology to capture fraud risks missing from its risk profile-to assess its full range of contracting fraud risks.
Department of Energy The Office of the Chief Financial Officer should update its internal control guidance to clarify the information that reporting entities should obtain to assess the fraud risks for non-M&O contractors they oversee. (Recommendation 2)
Open
DOE agreed with this recommendation. In response, DOE stated that all of DOE's reporting organizations will be required to include all M&O and integrated non-M&O contractors in the assessment of fraud risks. DOE also stated that it plans to update relevant guidance and will monitor the implementation of this guidance. DOE estimates it will have competed these actions by October 2023. We will continue to monitor DOE's efforts to implement this recommendation and provide status updates accordingly.

Full Report

GAO Contacts