This is the accessible text file for GAO report number GAO-12-443T entitled 'Service-Disabled Veteran-Owned Small Business Program: Governmentwide Fraud Prevention Control Weaknesses Leave Program Vulnerable to Fraud and Abuse, but VA Has Made Progress in Improving Its Verification Process' which was released on February 7, 2012. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Testimony: Before the Subcommittee on Technology, Information Policy, Intergovernmental Relations and Procurement Reform, Committee on Oversight and Government Reform, House of Representatives: For Release on Delivery: Expected at 10:00 a.m. EST: Tuesday, February 7, 2012: Service-Disabled Veteran-Owned Small Business Program: Governmentwide Fraud Prevention Control Weaknesses Leave Program Vulnerable to Fraud and Abuse, but VA Has Made Progress in Improving Its Verification Process: Statement of Richard J. Hillman, Managing Director: Forensic Audits and Investigative Service: GAO-12-443T: GAO Highlights: Highlights of GAO-12-443T, a testimony before the Subcommittee on Technology, Information Policy, Intergovernmental Relations and Procurement Reform, Committee on Oversight and Government Reform, House of Representatives. Why GAO Did This Study: In fiscal year 2010, federal agencies awarded $10.8 billion to Service- Disabled Veteran-Owned Small Businesses (SDVOSB), according to the Small Business Administration (SBA). The Department of Veterans Affairs (VA) awarded $3.2 billion, or approximately 30 percent of governmentwide SDVOSB awards. The SDVOSB program, established by the Veterans Benefit Act of 2003, is designed to honor disabled veterans’ service by providing them with exclusive contracting opportunities. Since 2009, GAO has issued seven reports or testimonies on the SDVOSB program, focusing on its vulnerability to fraud and abuse and agencies’ actions to prevent contracts from going to firms that misrepresent themselves as SDVOSBs. For this testimony, GAO was asked to (1) summarize the status of governmentwide fraud prevention controls over the SDVOSB program and (2) discuss GAO’s recent assessment of fraud prevention control improvements instituted by VA over its verification program. This testimony is based on prior GAO products on the SDVOSB program. GAO also reviewed applicable laws, regulations, and guidance including the Comptroller General’s Standards for Internal Controls in the Federal Government and related findings from VA’s and SBA’s Inspector General. What GAO Found: Governmentwide fraud prevention control weaknesses over the SDVOSB program leave it vulnerable to fraud and abuse. In October 2009, GAO reported on 10 selected firms that misrepresented their status as SDVOSBs, which allowed them to win approximately $100 million in SDVOSB set-aside and sole-source contracts. Cases like this happen because the SDVOSB program relies on firms to self-certify annually in the federal government’s contractor registry that they are owned and controlled by service-disabled veterans, but most agencies do not validate this information. In fact, GAO found that the program lacks key fraud prevention framework elements, which include preventing firms from fraudulently entering the program, detecting and monitoring for continuing compliance, and investigating firms that abuse the program. Figure 1: GAO’s Fraud Prevention Framework: [Refer to PDF for image: illustration] Potential fraud, waste, and abuse: Implementation of Prevention controls: leads to: Smaller amount of Potential fraud, waste, and abuse: Implementation of detection and monitoring (lessons learned influence future use of prevention controls): leads to: Smaller amount of Potential fraud, waste, and abuse: Implementation of investigations and prosecutions (lessons learned influence future use of prevention controls). Source: GAO. [End of figure] For example, the only governmentwide fraud prevention control in place is SBA’s bid-protest process, in which interested parties can contest contract awards. In prior work, GAO found that the process lacked effective controls because firms could complete contracts even after SBA found them ineligible, rendering the process ineffective. In July 2011 GAO testified that the 10 firms cited in the 2009 report had received another $100 million dollars in new federal contract obligations despite their fraudulent history. SBA and VA had taken some actions against firms by July 2011, including suspending 2 of the firms, and requesting that all firms change their status in federal contracting databases to show they were not eligible for SDVOSB contracts. However, as of July 2011, several of the firms continued to self-certify themselves as SDVOSBs. VA has made progress implementing a verification program for firms seeking SDVOSB contracts from VA. GAO testified in November 2011 that VA’s program includes an initial verification process involving document reviews, site visits to contractor offices, and a risk assessment for each applicant firm. In addition, VA has instituted a status protest process and a debarment committee designed to ensure only eligible firms receive contracts and that ineligible firms face consequences for misrepresenting their status. Those improvements may help VA reduce the risk that ineligible firms will gain access to VA SDVOSB contract dollars. Nonetheless, GAO also made 13 recommendations to VA for improving its verification program and further reducing the risk of fraud and abuse. VA concurred with the recommendations and outlined plans to improve the program. To improve governmentwide fraud prevention controls, GAO suggested that Congress consider expanding the VA verification program to all agencies. View [hyperlink, http://www.gao.gov/products/GAO-12-443T]. For more information, contact Richard J. Hillman at (202) 512-6722 or hillmanr@gao.gov. [End of section] Chairman Lankford, Ranking Member Connolly, and Members of the Subcommittee: Thank you for the opportunity to discuss fraud prevention controls within the Service-Disabled Veteran-Owned Small Business (SDVOSB) program. The SDVOSB program is intended to honor the service rendered by veterans with disabilities incurred or aggravated in the line of duty. To be eligible for a set-aside or sole-source SDVOSB contract, a firm must be majority-owned by one or more service-disabled veterans who manage and control its daily business operations.[Footnote 1] Firms self-certify annually that they meet these criteria in the Central Contractor Registration (CCR) before bidding on these contracts.[Footnote 2] The Small Business Administration (SBA) stated in a recent report that in fiscal year 2010, $10.8 billion in federal contracts were awarded to self-certified SDVOSBs.[Footnote 3] The Department of Veterans Affairs (VA) SDVOSB contracts accounted for $3.2 billion or approximately 30 percent of governmentwide SDVOSB contracts during fiscal year 2010. The SDVOSB procurement program was initiated with the Veterans Benefits Act of 2003.[Footnote 4] Executive Order 13360 also requires heads of federal agencies to provide opportunities for these firms to increase their share of federal contracts and subcontracts. The statutorily mandated prime and subcontracting goal for SDVOSB participation governmentwide is not less than 3 percent of all federal contract dollars each fiscal year.[Footnote 5] In addition, VA established an agency-specific goal for SDVOSB participation of 7 percent. Subsequent to the program's initiation, several other laws were enacted that required a separate verification process for VA contracts, provided additional specificity on program requirements, and established guidelines for responding to firms that violate program requirements. Specifically, the Veterans Benefits, Health Care, and Information Technology Act of 2006 required VA to institute controls over its SDVOSB contracts.[Footnote 6] The Act required VA to verify firms' eligibility and maintain a database, VetBiz, of the SDVOSBs and Veteran-Owned Small Businesses (VOSB) it verified starting in June 2007. The Act also required that VA only use its set-aside and sole-source award authority for SDVOSB firms listed in the database and to debar for a reasonable period of time, as determined by VA, firms that misrepresent SDVOSB and VOSB status. Veterans Small Business Verification Act and Small Business Jobs Act of 2010 provided further authorities and requirements for agencies when utilizing SDVOSB contracting authorities.[Footnote 7],[Footnote 8] Today's testimony will (1) summarize the status of governmentwide fraud prevention controls over the SDVOSB program and (2) discuss our recent assessment of fraud prevention control improvements instituted by VA over its verification program. This statement is based on prior GAO products issued in 2011 and 2009.[Footnote 9] That work included review of guidance on internal control standards from GAO's Standards for Internal Control in the Federal Government,[Footnote 10] the fraud prevention framework,[Footnote 11] and findings from recent VA Office of Inspector General (IG) and SBA IG reports.[Footnote 12] Additional information on our scope and methodology is available in the prior issued products. We conducted the work related to this testimony from January 2012 to February 2012 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. The Governmentwide SDVOSB Program Lacks Fraud Prevention Controls: The governmentwide SDVOSB program has limited fraud prevention controls, allowing ineligible firms to receive millions of dollars in SDVOSB contracts. The program relies on firm self-certification, where agencies (with the exception of VA, as discussed below) have instituted limited fraud prevention controls. Our prior work has found that SBA does not verify the eligibility of firms claiming to be SDVOSBs in CCR, nor does it have a process for using the VA database of verified service-disabled veterans.[Footnote 13] The main process for detecting fraud involves formal bid protests, whereby interested parties to a contract award can protest a firm's status with SBA if they believe that the firm misrepresented its small-business size or SDVOSB eligibility. In contrast, an effective fraud prevention framework includes controls at key stages in the contract process (see fig. 1). The most effective and efficient aspect of the framework involves rigorous preventive controls at the beginning of the process to provide assurance that only eligible firms are permitted to bid on SDVOSB contracts. Next, because the status of an SDVOSB firm can change over time, active and continual monitoring of contractors performing SDVOSB contracts is also essential. Finally, these controls are not fully effective unless identified fraud is aggressively prosecuted and/or companies are suspended, debarred, or otherwise held accountable. Figure 1: GAO's Fraud Prevention Framework: [Refer to PDF for image: illustration] Potential fraud, waste, and abuse: Implementation of Prevention controls: leads to: Smaller amount of Potential fraud, waste, and abuse: Implementation of detection and monitoring (lessons learned influence future use of prevention controls): leads to: Smaller amount of Potential fraud, waste, and abuse: Implementation of investigations and prosecutions (lessons learned influence future use of prevention controls). Source: GAO. [End of figure] In October 2009, we exposed these weaknesses in governmentwide fraud prevention controls by reporting on 10 case study firms that misrepresented their eligibility for SDVOSB contracts. The firms fraudulently received about $100 million in sole-source and set-aside SDVOSB contracts despite being ineligible for the program, because their initial and ongoing eligibility was not verified and monitored by the contracting agencies. They exploited the lack of an effective governmentwide fraud prevention program using a variety of schemes, including setting up front companies to pass SDVOSB contracts on to large, sometimes multinational firms ineligible for the program. Other firms received contracts even though no service-disabled veteran was associated with the firm or, if one was employed, he or she did not manage or control the business. The limited consequences of firms found to have abused the SDVOSB program were further highlighted when we testified in July 2011 on actions taken against these 10 firms. We reported that SBA and VA had taken some actions against firms, including suspending 2 of the firms and requesting that all firms change their status in CCR to show they were not eligible for SDVOSB contracts. However, in July 2011, several of the firms remained self-certified as SDVOSBs in CCR. Further, even after our 2009 report, the firms received more than $100 million in additional obligations on federal contracts through March 2011.[Footnote 14] About $16 million in obligations were associated with SDVOSB set-aside contracts. In our 2009 report, we recommended SBA and VA coordinate with the Office of Federal Procurement Policy in order to explore the feasibility of expanding VA's verification process governmentwide. However, agency officials stated that legislative changes would be necessary in order for federal agencies to change the governmentwide SDVOSB program from a self-certification process into using VA's VetBiz verification program. We also suggested that Congress consider expanding the VA verification program to all agencies to help reduce the risk of fraud and abuse, though no legislation to address this issue has become law.[Footnote 15] VA Has Instituted Fraud Prevention Controls in Its Verification Program: In contrast to the limited fraud prevention controls for the governmentwide SDVOSB program, VA has recently instituted its own fraud prevention controls. The primary focus of VA's recent efforts has been preventive controls, but VA has also made progress in monitoring and investigations. First, VA has enhanced deterrents to ineligible firms becoming verified through its verification process. As of April 2011, VA had established verification guidelines, including a requirement to search the exact names of company principals in the Excluded Parties List System, and developed a risk assessment model to examine applications. VA also updated its data systems to limit manual data entries. Its process of verifying service- disabled veteran status allowed VA to prevent two fictitious, ineligible SDVOSB applications we submitted from being verified. VA's fraud prevention controls appropriately identified that our company owners were not service-disabled veterans (according to their names and Social Security numbers) and rejected the applications. In addition, VA has hired more staff to conduct initial file reviews and site visits. VA has also conducted announced site visits at high-risk firms before they were deemed eligible for the program. According to VA, its enhanced deterrents under new guidelines denied over 1,800 ineligible firms. Second, in the area of monitoring and detection, VA has developed some fraud prevention controls that may help identify firms that were previously verified but no longer meet SDVOSB eligibility requirements, such as a reverification initiative designed to review previously verified SDVOSB firms using new fraud prevention control techniques. VA has also developed a process for interested parties to protest a firm's status, and instituted random announced site visits of verified SDVOSB firms. Finally, in the area of investigations, VA has taken some actions to debar firms violating SDVOSB program requirements. VA may debar an ineligible firm in accordance with the Veterans Benefits, Health Care, and Information Technology Act of 2006, which requires that any business determined to have misrepresented its status as an SDVOSB be debarred from contracting for a reasonable period of time, as determined by VA. VA instituted a debarment committee in September 2010 specifically to debar firms violating SDVOSB regulations. As of October 2011, the committee had debarred one SDVOSB firm and related individuals that had misrepresented their SDVOSB status. Several other debarment actions were currently pending or were being litigated. Additionally, VA officials had sent about 70 referrals to the VA IG for potential fraudulent actions by firms receiving SDVOSB contracts. VA IG was investigating these cases. Even with these efforts to develop a more robust verification program for SDVOSB firms, weaknesses remain. For example, in July 2011, the VA IG reported that 32 of 42 (76 percent) firms receiving VA SDVOSB and VOSB contracts that the IG reviewed for eligibility were ineligible to participate in the programs or ineligible for the awarded contracts. [Footnote 16] The VA IG reviewed a statistical sample of contracts awarded during a 12-month period ending May 2010. Some of the specific problems identified by the VA IG included the use of pass-through practices where firms pass SDVOSB work on to ineligible firms, and SDVOSB firms who exceeded allowable subcontracting thresholds. The IG projected that from $500 million to $2.6 billion annually was awarded to ineligible firms, and that the VA overstated its percentage of contracts awarded to SDVOSBs by 3 to 17 percent. Subsequent to the VA IG report, we reviewed more recent fraud prevention control improvements to VA's verification process, which were discussed above. However, even with VA's improved fraud prevention controls, we made 13 recommendations in November 2011 to further enhance aspects of VA's fraud prevention framework. For example, in the area of preventive controls we recommended that VA provide fraud awareness training to its verification staff and contracting officials, validate applicant information with third-party data, and formalize a process for conducting unannounced site visits for high-risk firms. In the area of monitoring and detection, we recommended, among other issues, that VA develop procedures for periodic, risk-based reviews of firms receiving SDVOSB contracts to ensure continued compliance with program standards. Finally, in the area of investigations and prosecutions, we recommended that VA develop criteria for its debarment committee and program officials to ensure firms that violate program rules are referred to either VA's debarment committee or its IG. We noted in our November 2011 testimony that there was room for improvement in the area of debarments since as of the date of our statement only one firm and related individuals had been debarred by VA out of the 1,800 firms rejected by VA during its verification process and the 70 firms referred to VA IG for potentially fraudulent actions. VA generally concurred with our recommendations and stated they have taken numerous actions to address the identified issues. Concluding Observations: The SDVOSB program has provided billions of dollars in contracting opportunities to many deserving service-disabled veterans since its inception in 2003. Unfortunately, the limited governmentwide fraud prevention controls have allowed unscrupulous individuals to gain access to those opportunities despite not being eligible for the program. While VA has taken steps to improve its verification program, our November 2011 recommendations address additional improvements that should be made to further reduce its vulnerability. In response to our recommendations, VA has stated it has taken a number of actions which we plan to verify as part of ongoing work. In addition, the approximately 70 percent of contracts not awarded by VA are at a higher risk of being awarded to ineligible firms. We reiterate our suggestion that Congress consider expanding VA's verification process governmentwide to employ more effective fraud prevention controls over the billions of dollars awarded to SDVOSBs outside of VA's fraud prevention controls process. Chairman Lankford, Ranking Member Connolly, and Members of the Subcommittee, this completes my prepared statement. I would be pleased to answer any questions that you may have at this time. GAO Contacts: If you or your staff have any questions about this testimony, please contact Richard J. Hillman at (202) 512-6722 or hillmanr@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this statement. Related GAO Products: Service-Disabled Veteran-Owned Small Business Program: Additional Improvements to Fraud Prevention Controls Are Needed. [hyperlink, http://www.gao.gov/products/GAO-12-205T]. Washington, D.C.: November 30, 2011. Service-Disabled Veteran-Owned Small Business Program: Additional Improvements to Fraud Prevention Controls Are Needed. [hyperlink, http://www.gao.gov/products/GAO-12-152R]. Washington, D.C.: October 26, 2011. Service-Disabled Veteran-Owned Small Business Program: Preliminary Information on Actions Taken by Agencies to Address Fraud and Abuse and Remaining Vulnerabilities. [hyperlink, http://www.gao.gov/products/GAO-11-589T]. Washington, D.C.: July 28, 2011. Department of Veterans Affairs: Agency Has Exceeded Contracting Goals for Veteran-Owned Small Businesses, but It Faces Challenges with Its Verification Program. [hyperlink, http://www.gao.gov/products/GAO-10-458]. Washington, D.C.: May 28, 2010. Service-Disabled Veteran-Owned Small Business Program: Fraud Prevention Controls Needed to Improve Program Integrity. [hyperlink, http://www.gao.gov/products/GAO-10-740T]. Washington, D.C.: May 24, 2010. Service-Disabled Veteran-Owned Small Business Program: Case Studies Show Fraud and Abuse Allowed Ineligible Firms to Obtain Millions of Dollars in Contracts. [hyperlink, http://www.gao.gov/products/GAO-10-306T]. Washington, D.C.: December 16, 2009. Service-Disabled Veteran-Owned Small Business Program: Case Studies Show Fraud and Abuse Allowed Ineligible Firms to Obtain Millions of Dollars in Contracts. [hyperlink, http://www.gao.gov/products/GAO-10-255T]. Washington, D.C.: November 19, 2009. Service-Disabled Veteran-Owned Small Business Program: Case Studies Show Fraud and Abuse Allowed Ineligible Firms to Obtain Millions of Dollars in Contracts. [hyperlink, http://www.gao.gov/products/GAO-10-108]. Washington, D.C.: October 23, 2009. [End of section] Footnotes: [1] If the business is publicly owned, at least 51 percent of the stock must be held by one or more service-disabled veterans. In the case of a veteran with a permanent and severe disability, the spouse or permanent caregiver of such veteran may control the business. [2] CCR is the primary registrant database for the U.S. federal government. CCR collects, validates, stores, and disseminates data in support of agency acquisition missions, including federal agency contract and assistance awards. [3] SBA calculates its SDVOSB total by including all small-business dollars awarded to SDVOSBs, not just those received through set-aside or sole-source contracts. [4] Pub. L. No. 108-183, § 308, 117 Stat. 2651, 2662 (2003). [5] Veteran Entrepreneur Act of 1999, Pub. L. No. 106-50, § 502, 113 Stat. 233, 247 (1999) codified at 15 U.S.C § 644 (g)(1). [6] Pub. L. No. 109-461, § 502, 120 Stat. 3403, 3431-3435 (2006). [7] Veterans Small Business Verification Act, Pub. L. No. 111-275, § 104, 124 Stat. 2864, 2867-2868 (2010). [8] Small Business Jobs Act of 2010, Pub. L. No. 111-240, § 1341, 124 Stat. 2504, 2543-2544 (2010). [9] GAO, Service-Disabled Veteran-Owned Small Business Program: Additional Improvements to Fraud Prevention Controls Are Needed. [hyperlink, http://www.gao.gov/products/GAO-12-205T] (Washington, D.C.: November 30, 2011), GAO, Service-Disabled Veteran-Owned Small Business Program: Preliminary Information on Actions Taken by Agencies to Address Fraud and Abuse and Remaining Vulnerabilities. [hyperlink, http://www.gao.gov/products/GAO-11-589T] (Washington, D.C.: July 28, 2011) and GAO, Service-Disabled Veteran-Owned Small Business Program: Case Studies Show Fraud and Abuse Allowed Ineligible Firms to Obtain Millions of Dollars in Contracts. [hyperlink, http://www.gao.gov/products/GAO-10-108] (Washington, D.C.: October 23, 2009). [10] GAO, Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: November 1999). [11] GAO, Service-Disabled Veteran-Owned Small Business Program: Fraud Prevention Controls Needed to Improve Program Integrity, [hyperlink, http://www.gao.gov/products/GAO-10-740T] (Washington, D.C.: May 24, 2010). [12] VA OIG, Office of Audit and Evaluations, Department of Veteran Affairs: Audit of Veteran-Owned and Service-Disabled Veteran-Owned Small Business Programs, 10-02436-234 (July 25, 2011). [13] [hyperlink, http://www.gao.gov/products/GAO-10-108]. [14] Dollar amounts relate to federal contract obligations made to the 10 case studies from November 13, 2009, to March 4, 2011. [15] The Small Business Contracting Fraud Prevention Act of 2011, S. 633, 112th Cong. § 4 (2011) did address the matter, but did not become law. [16] VA OIG, Office of Audit and Evaluations, Department of Veteran Affairs: Audit of Veteran-Owned and Service-Disabled Veteran-Owned Small Business Programs, 10-02436-234 (July 25, 2011). [End of section] GAO’s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select “E- mail Updates.” Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, DC 20548.