The Department of Defense (DOD) faces numerous types of procurement fraud schemes (see figure). For example, in January 2015, the owner of a contracting firm pleaded guilty to bribing DOD officials and defrauding DOD of tens of millions of dollars by overbilling for goods and services. To combat department-wide fraud risks, DOD has taken initial steps that generally align with GAO’s Fraud Risk Framework. However, DOD has not finalized and implemented a comprehensive approach. For example:
DOD created a Fraud Reduction Task Force—a cross-functional team represented by subject matter experts across the department—to prioritize fraud risks and identify solutions. But its membership is incomplete. A year after formation, 11 of DOD’s 59 component organizations, including the Army, had not designated a Task Force representative. Filling vacant Task Force positions would further strengthen DOD’s ability to manage its fraud risks.
DOD uses its risk management program to assess and report fraud risks. But the policy governing the risk management program does not specifically require fraud risk assessments. As a result, DOD may not be identifying all fraud risks, and its control activities may not be appropriately designed or implemented.
DOD officials told GAO that they share fraud risk information with agencies’ risk management officials, but documentation of stakeholders’ roles and responsibilities remains incomplete. Such documentation can help ensure these stakeholders understand their responsibilities.
Examples of Procurement Fraud Schemes DOD Faces
DOD has taken steps to ensure components plan for and assess fraud risks. But some selected components did not report procurement fraud risks, as required by DOD. DOD provides guidance, tools, and training to its components to conduct fraud risk assessments and to assess procurement fraud risks. However, GAO found that three of six selected components reported procurement fraud risks in their fiscal-year-2020 risk assessments, and that three—which obligated $180.1 billion in fiscal year 2020—did not. Because DOD consolidates reported procurement risks from the components’ fraud risk assessments and uses this information to update the department-wide fraud risk profile, it cannot ensure that its fraud risk profile is complete or accurate.
Why GAO Did This Study
GAO was asked to review issues related to DOD’s fraud risk management. DOD obligated $421.8 billion in fiscal year 2020 on contracts. GAO has long reported that DOD’s procurement processes are vulnerable to waste, fraud, and abuse. In 2018, DOD reported to Congress that from fiscal years 2013-2017, over $6.6 billion had been recovered from defense-contracting fraud cases. In 2020, the DOD Office of Inspector General reported that roughly one-in-five of its ongoing investigations are related to procurement fraud. This report assesses the steps DOD took in fiscal year 2020 (1) to combat department-wide fraud risks and (2) to conduct a fraud risk assessment and ensure that DOD’s component organizations reported procurement fraud risks.
GAO analyzed applicable DOD policy and documents and compared them with Fraud Risk Framework leading practices, interviewed DOD officials, and reviewed fiscal year 2020 fraud risk assessments from six DOD components. GAO selected the six based primarily on fiscal years 2014-2018 contract obligations.