Skip to main content

Fraud Risk Management: Agencies Should Continue Efforts to Implement Leading Practices

GAO-24-106565 Published: Nov 01, 2023. Publicly Released: Nov 01, 2023.
Jump To:

Fast Facts

Fraud in federal programs costs the U.S. government billions of dollars and erodes public trust in government. Our prior work shows that agencies and Congress can act to reduce the risk of fraud in federal programs.

In this Q&A report, we reviewed agencies' progress in this area. For example, 20 out of 24 agencies we surveyed said that they have a designated entity responsible for fraud risk management—a leading practice of our Fraud Risk Framework. But they also described challenges—like staff availability—that make it harder to manage fraud risks.

As of August 2023, agencies still hadn't addressed 95 of our prior recommendations in this area.

Skip to Highlights


What GAO Found

To help federal program managers strategically manage their fraud risks, GAO published A Framework for Managing Fraud Risks in Federal Programs (Fraud Risk Framework) in 2015. In addition, since 2016, statutory requirements have been in place for the Office of Management and Budget to provide guidance to agencies on implementing controls that incorporate the Fraud Risk Framework.

GAO surveyed the 24 major agencies covered by the Chief Financial Officers Act of 1990 (CFO Act) about the current status of their fraud risk management activities. Within their survey responses, agencies reported (1) steps taken to manage their fraud risks, (2) the importance of various factors to the maturity of their fraud risk management efforts, and (3) challenges and motivations that could impede or strengthen such efforts. For example, agencies' survey responses indicated that

  • twenty of the 24 CFO Act agencies have a designated entity responsible for fraud risk management, a leading practice of the Fraud Risk Framework,
  • the amount lost to fraud is an important factor when managing their fraud risks,
  • the availability of tools for data analytics for fraud risk management is a challenge to managing their fraud risks, and
  • the ability to counter reputational impacts is a factor that could motivate their fraud risk management efforts.

From July 2015 to August 2023, GAO made 173 recommendations to over 40 agency or program offices related to certain areas aligned with the Fraud Risk Framework's leading practices. As of August 2023, agencies needed to take additional action to fully address 95 of these recommendations. GAO also previously identified two congressional matters that could strengthen oversight of agencies' fraud risk management efforts. As of August 2023, these matters have not been addressed.

Why GAO Did This Study

In February 2023, the U.S. Comptroller General testified before Congress that federal agencies' lag in implementing fraud risk management was a major factor that contributed to the substantial levels of fraud in pandemic relief programs. Prior to this, in March 2022, GAO expressed concern about the extent to which agencies implemented controls to prevent, detect, and respond to fraud in a manner consistent with GAO's Fraud Risk Framework.

This report analyzed the results from a survey that GAO administered to the 24 CFO Act agencies to provide information on (1) the current status of their fraud risk management activities, (2) the importance of various factors to the maturity of their fraud risk management efforts, and (3) reported agency challenges and motivations to managing fraud risks. The survey had a 100 percent response rate. GAO also reviewed narrative responses to select illustrative examples provided by the agencies to support their responses, as well as relevant prior work, including the status of prior, related GAO recommendations.

For more information, contact Rebecca Shea at (202) 512-6722 or

Full Report

GAO Contacts

Office of Public Affairs


Best practicesChief financial officersFederal agenciesFederal assistance programsFinancial reportingFraudHomeland securityHuman capital managementImproper paymentsInternal controlspandemicsRisk managementSocial media