Skip to main content

Small Business Contracting: National Nuclear Security Administration Needs Increased Contractor Oversight to Reduce Reporting Errors

GAO-25-106820 Published: Mar 13, 2025. Publicly Released: Mar 13, 2025.
Jump To:

Fast Facts

The federal government aims to award at least 20% of contract dollars to small businesses. The National Nuclear Security Agency and 6 of its contractors reported awarding $16.8 billion to small businesses in FYs 2018-2022. We and others have noted contractor oversight problems and fraud risk at NNSA.

We checked the accuracy of these reported awards.

We estimate that $1.1 billion went to businesses that didn't qualify as small

NNSA and its contractors couldn't give us the data we needed to determine whether an additional $1.9 billion went to actual small businesses

We recommended ways to improve oversight and reporting accuracy.

Skip to Highlights

Highlights

What GAO Found

GAO estimates that the National Nuclear Security Administration (NNSA) and six of its management and operating (M&O) contractors incorrectly reported $1.1 billion of their $16.8 billion in small business contracts awarded in fiscal years 2018–2022. That is, they incorrectly reported awarding small business contracts to businesses that did not meet size standards established by the Small Business Administration. Further, for an additional $1.9 billion of the $16.8 billion, NNSA and the six M&O contractors could not provide the information needed for GAO to determine whether the small business contracts had been awarded to businesses that were actually small. Based on NNSA and M&O contractor responses about these errors, GAO identified three main reasons errors might be occurring in small business reporting: (1) not having a requirement to verify a business's status as small; (2) mistakes using contractor-specific procurement systems; and (3) businesses misrepresenting themselves as small—intentionally or unintentionally. By identifying and addressing the root causes of errors in reported data, NNSA can ensure the quality of the data it reports and ensure that small businesses do not lose out on opportunities for work.

Estimated Errors in NNSA and M&O Contractors' Reported Small Business Awards, Fiscal Years 2018–2022

Estimated Errors in NNSA and M&O Contractors' Reported Small Business Awards, Fiscal Years 2018–2022

aEstimated errors are based on analysis of the subset of businesses that had a higher likelihood of not being small at the time of the contract award.

NNSA's oversight has not ensured accurate reporting of small business achievements primarily because NNSA has not dedicated Small Business Program resources to oversight. First, NNSA does not use the available data systems to assure the quality of small business contract data. Second, NNSA has not developed lessons learned to document findings from past reviews, conducted by both NNSA and the Small Business Administration, that identified problems in certain contractors' data and processes. These problems were still present for contractors during GAO's review. The Department of Energy (DOE) has a lessons learned program that is generally required to be used by NNSA and its M&O contractors. By taking steps to ensure the quality of small business contract data and share lessons learned, NNSA can improve the accuracy of its small business reporting. Finally, NNSA has not identified fraud risks—for example, that businesses may represent themselves as small when they are not—or developed responses to mitigate those risks. Without identifying and developing responses to potential fraud risks, NNSA cannot ensure that small businesses receive all intended contracting opportunities.

Why GAO Did This Study

Since 1988, the federal government has aimed to award at least 20 percent of contract dollars to small businesses. NNSA's small business contracts typically account for more than half of DOE's small business achievement.

Since 1990, GAO has designated aspects of NNSA's acquisition management as a high-risk area because of its record of inadequate management of contractors. The DOE Inspector General has identified contract management as a fraud risk.

Senate Report 117-130 includes a provision for GAO to review NNSA's approach to contracting with small businesses and achieving its small business contracting goals. This report examines the extent to which (1) NNSA and its M&O contractors accurately reported fiscal years 2018–2022 small businesses contracts; and (2) NNSA has conducted oversight of its M&O contractors' small business contract reporting, including assessing fraud risks.

GAO reviewed small business contract data from NNSA and six M&O contractors for fiscal years 2018–2022, analyzed a sample of the data to identify errors, and spoke with knowledgeable contracting officials.

Recommendations

GAO is making five recommendations, including that NNSA and its M&O contractors identify the root causes of reporting errors and establish an approach to address them, that NNSA improve oversight of reported data, and that NNSA develop mitigations for fraud risk in its small business program. NNSA agreed with all five recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
National Nuclear Security Administration The Administrator of NNSA should ensure that the Small Business Program identifies root causes of errors in NNSA's prime small business contract data and establishes an approach to address those root causes of errors to ensure data quality. (Recommendation 1)
Open
NNSA concurred with our recommendation. In an April 2025 letter in response to our recommendations, NNSA stated that the Small Business Program had reviewed the prime small business contract data GAO analyzed and corrected errors in that data. They also reported that they will periodically share information on the types of data errors during training sessions, and the Small Business Program intends to implement changes to NNSA's Acquisition Management Information System (AMIS), which will prompt the user to confirm proper vendor size status to ensure the quality of NNSA's prime small business contract data. NNSA's estimated date for implementing the changes to AMIS is October 31, 2025.
National Nuclear Security Administration The Administrator of NNSA should ensure that the Small Business Program works with M&O contractors to identify the root causes of errors in their small business subcontract data and establishes an approach to address those root causes of errors to ensure data quality. (Recommendation 2)
Open
NNSA concurred with our recommendation. In an April 2025 letter in response to our recommendations, NNSA stated that NNSA's Small Business Program said that they would use the Procurement Management Review (PMR) and Procurement Evaluation and Re-Engineering Team (PERT) processes to identify and address the root causes of errors in M&O small business subcontract data. According to NNSA, pertinent questions building on GAO's analysis of the data will be incorporated into the PMR and PERT reviews. NNSA's estimated date for implementing these changes is October 31, 2025.
National Nuclear Security Administration The Administrator of NNSA should ensure that the Small Business Program uses available data sources, as feasible, to oversee the quality of the data used to generate reporting on NNSA's and M&O contractors' small business awards. (Recommendation 3)
Open
NNSA concurred with our recommendation. In an April 2025 letter in response to our recommendations, NNSA stated that their Office of Partnership and Acquisition Services currently receives a weekly error report listing and shares it with NNSA contracting officers for their use in addressing errors with NNSA's prime contract data, including small business information. To strengthen oversight of this data, the NNSA Small Business Program plans to establish a process to verify that errors with vendor size status have been correctly updated by the NNSA contracting officers. The Small Business Program plans to implement a similar size-status review and validation process for the M&O small business subcontract data to ensure any data errors are identified and corrected. NNSA's estimated date for completing this process is December 31, 2025.
National Nuclear Security Administration The Administrator of NNSA should ensure that the Small Business Program collects, develops, documents, and disseminates lessons learned about small business contracting processes and data reporting from M&O contractors to allow contractors to learn from each other and to prevent issues from recurring across the enterprise. (Recommendation 4)
Open
NNSA concurred with our recommendation. In an April 2025 letter in response to our recommendations, NNSA stated that their Small Business Program is planning to implement a process to share the most recent and all future Small Business Administration Compliance Review findings with appropriate entities. The Program said it will also enhance awareness of the types of issues being identified by compliance reviews through periodic in-house training sessions and by participating in the Department's Small Business Program Manager training sessions. NNSA estimates that it will complete this work by October 31, 2025.
National Nuclear Security Administration The Administrator of NNSA should ensure that the Small Business Program identifies fraud risks to the program and develops responses to mitigate those risks, to ensure small business awards are used to fulfill their intended purpose. (Recommendation 5)
Open
NNSA concurred with our recommendation. In an April 2025 letter in response to our recommendations, NNSA stated that their Small Business Program plans to identify relevant fraud risks using GAO's Framework for Managing Fraud Risks in Federal Programs and will develop appropriate responses to address the identified risks. NNSA estimates it will complete this action by December 31, 2025.

Full Report

GAO Contacts

Allison Bawden
Director
Natural Resources and Environment

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Public Inquiries

Topics

Compliance oversightData errorsGovernment contractsIndustry classification systemNuclear securitySmall businessSmall business contractingSmall business contractsGovernment procurementSubcontracts