DOD Fraud Risk Management: DOD Should Expeditiously and Effectively Implement Fraud Risk Management Leading Practices

What GAO Found

The full extent of fraud affecting the Department of Defense (DOD) is not known but is potentially significant. DOD reported almost $11 billion in confirmed fraud over 7 years, an amount that reflects a small fraction of DOD's potential fraud exposure. GAO has previously reported on fraud at DOD, including cases where:

• a shell company fraudulently provided defective parts to DOD, leading to the grounding of 47 fighter aircraft; and
• a contractor bribed officials for classified information and preferential treatment, ultimately defrauding DOD of tens of millions of dollars.

DOD has taken initial steps to implement a fraud risk management approach that aligns with leading practices in GAO's Framework for Managing Fraud Risks in Federal Programs (Fraud Risk Framework). In accordance with statutory requirements, the Office of Management and Budget requires agencies to implement the leading practices from the Fraud Risk Framework.

DOD's initial steps include designating a dedicated entity to oversee fraud risk management activities. DOD also requires military components to identify and report fraud risks, providing guidance, tools, and training for them to do so.

However, the department needs sustained effort to effectively prevent, detect, and respond to fraud. DOD leadership has not demonstrated a strong commitment to fraud risk management and should take action in three key areas (see figure).

DOD Should Take Action in Key Areas to Manage Fraud Risks

GAO has made 17 recommendations across three DOD fraud risk management reports since 2019. Thirteen of these recommendations have not been implemented as of May 2025, including two that will be designated as priority recommendations—recommendations that can save money, help Congress make decisions, and substantially improve or transform government agencies. For example, GAO found that DOD could save $100 million or more by implementing fraud risk management recommendations related to using data analytics to prevent, detect, and respond to fraud.

Despite taking some actions to close or implement GAO's recommendations, DOD has repeatedly delayed implementing several of these recommendations. For example, DOD has delayed updating its antifraud strategy five times over 7 months. Without a comprehensive antifraud strategy that effectively aligns with leading practices, DOD remains at substantial risk of fraud against its vast resources.

Why GAO Did This Study

DOD is responsible for almost half of the federal government's discretionary spending and spends more on contracting than all other federal agencies combined. The scope and scale of this activity makes DOD inherently susceptible to fraud that can threaten DOD's financial position and put the warfighter in increased danger.

In February 2025, GAO expanded DOD's financial management area on GAO's High Risk List to include fraud risk management at DOD. An effective system of internal controls can help DOD produce reliable, useful, and timely financial information and prevent and detect fraud.

This testimony discusses the status of DOD's efforts to implement fraud risk management leading practices, as well as DOD's response to prior GAO recommendations. It is based primarily on GAO work from 2019 through 2024 related to DOD fraud risk management. Details on GAO's methodology can be found in each of the reports cited in this statement.

For more information, contact Seto J. Bagdoyan at bagdoyans@gao.gov.