Terry Gerton GAO started off 2026 with a really interesting report looking at how federal programs implement practices to prevent and detect fraud. That’s certainly a key issue for this administration. Let’s start by digging into the five programs that you looked at. Tell us who they are and why you picked them.
Hannah Padilla We picked five programs from five different agencies, and we were asked to look at their oversight over payment integrity. So not just fraud, but also improper payments, fraud, waste, abuse over their federal wards. We picked programs from the FCC, the Department of Energy, the Department of Commerce, the Department of Health and Human Services and the Environmental Protection Agency. Those programs amounted to approximately $227 billion of some recently enacted legislation. One was the Infrastructure Investment Act, the Inflation Reduction Act, and then the CHIPS and Science Act.
Terry Gerton So these were huge programs then, and pretty recent ones. So it’s not like they’ve been around forever and maybe got written in the fifties. I mean, they’re pretty new. What did you find? How are they doing?
Hannah Padilla Well, what we found is that one of our agencies that we looked at had implemented all of what we considered important requirements. We looked at nine requirements that we obtained from various legal guidance and legislation coming from the OMB, the Office of Management and Budget, and GAO’s own fraud framework. And those nine requirements really focused around, did the agencies have the proper structures in place over payment integrity? One of the requirements is that they have a dedicated entity that oversees payment integrity. Some of the other requirements focus around risk assessment and looking at the agency as a whole. Are they doing a risk assessment? Do they know where the risks lie for the specific programs? Do they know where the risk points are in the programs? Do they have the proper control activities in place to mitigate those risks? And are those requirements documented in their policies and procedures? It’s important to note we did not look to see if these were being appropriately implemented. We only looked to see if they were documented in the policies and procedures as required.
Terry Gerton So only that program at the FCC got all nine correct. Why is this so hard to do? Why is it so hard to design programs to prevent fraud, to detect fraud, to ensure payment integrity?
Hannah Padilla One of the reasons is it’s very complicated. It’s complicated for the agencies. They push out a lot of funding. Some of the programs are pushed out to other entities to administer the program, such as state and local governments. So the federal government passes the money down through to other identities, and those controls in place at those entities might not be there. So it’s very important for the federal agencies, once that money leaves them, to continuously monitor the expenditures of that money in order to make sure that the state and local governments are properly administering those programs and that they have payment integrity controls in place. And they can do that in several different ways through single audits, for example, that the state and local governments receive and monitoring those results.
Terry Gerton So these agencies were administering, as you said, $227 billion of federal grants and programs. Did those grants and program allow any portion of that money to establish the correct procedures up front?
Hannah Padilla Most federal awards do have an administrative allotment there for the monitoring of these programs.
Terry Gerton I’m speaking with Hannah Padilla. She’s the director of financial management and assurance at GAO. Well, given the nine best practices and the fact that only one of five agencies got them right, what did you recommend in terms of how agencies can address these shortcomings?
Hannah Padilla If we had 12 recommendations in this report, most of our recommendations centered around documenting these requirements in their policies and procedures. It’s very important that these are documented so they are applied consistently and effectively. Most of our recommendations centered around risk assessments and documenting the proper risk assessments. Especially for the specific programs, it’s important to have proper risk assessments so when you develop the prepayment controls that they are actually mitigating the risks that exist. We did note that all the programs that we looked at, all the agencies had a dedicated entity to manage payment integrity and all of the programs had controls in place over payments. But what we didn’t find was a documented match of the risks to the controls.
Terry Gerton What would those kinds of risk assessments look like?
Hannah Padilla We’re really developing the risk tolerance. There is always going to be a certain amount of fraud or improper payments in any program. But just developing the risk tolerance and then looking at the risk points of the process, the payment process and making sure that there are proper controls in place over those risks.
Terry Gerton So, kind of finding a cost-benefit point of balance between how much administrative procedure you want to put on to prevent fraud and how much that costs versus acknowledging that some might go through in the name of effective management. Has GAO received any feedback from any of the agencies on your findings?
Hannah Padilla We had four of the agencies concur with our findings. We had one that did not concur, and that was related to recovery audits. There is a remedy that agencies can use where they hire recovery auditors that go in and look to see what’s gone out the door and if there funds that can be recovered. One of the agencies chose not to do recovery audits, and we asked that they document the reasoning for that.
Terry Gerton So with all of these recommendations the agencies agree, what happens next? Do all of the agencies kind of across the federal government understand these nine practices? Do we need better training, documentation, guidance on the front end? How do we institutionalize this approach?
Hannah Padilla I think training is very important. Upfront prepayment controls that are put into place before the money goes out the door is very important. Once the money is out the door, it’s very difficult, if not impossible, to get that money back. So once the money’s gone, it is pretty much gone. It’s very expensive to get the money back and it’s very difficult to get the money back. So the upfront prepayments controls are very important.
Terry Gerton Would it be useful if when Congress makes these appropriations to these programs, they require in statute that these practices be put in place?
Hannah Padilla Yes, well the nine requirements that we picked are actually law. They’re legal requirements, so they are put in place by OMB. The agencies should be following them.
Copyright
© 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
