What GAO Found Federal real property management has faced longstanding challenges. The General Services Administration (GSA) and its component office, the Public Buildings Service (Buildings Service), play a central role in addressing the high-risk issues identified by GAO of underused buildings, real property data reliability, and building condition. Underused buildings. Federal agencies, many of which are tenants in buildings managed by the Buildings Service, have long struggled to determine how much space they need to fulfill their missions. Retaining this underused space costs millions of dollars. While the issue remains on GAO’s High-Risk List, GSA and others have taken steps to address underused buildings in recent years. For example, in March 2025, GSA launched a program called Space Match to help agencies find available office space in underused federal space. According to GSA, potential benefits of the program include helping agencies find available space as employees return to in-person work; optimizing the use of underused space; and creating a collaborative work environment for agencies. Data reliability. Without reliable data, supporting real property management and decision making is difficult. GAO has identified problems with the reliability of federal real property data since GAO first designated management of federal real property as a High-Risk area in 2003. GSA has taken steps to improve the reliability of real property data, including contributing to new quality standards in August 2024. Building Condition. In the 2025 High-Risk Update, GAO added building condition as a new concern for federal real property due to large increases in the cost of addressing deferred maintenance in federal buildings. This backlog of maintenance and repair needs has more than doubled in estimated cost from fiscal years 2017 through 2024, going from $170 billion to $370 billion. In addition, GAO found in 2023 that the spaces of federal agencies, many of which are GSA tenants, are not well configured to meet modern office needs. If agencies continue to operate in poorly configured office buildings, they will continue to underuse space, spending unnecessary operating funds. GSA and Buildings Service tenant agencies are taking steps to improve building condition and configuration, but challenges remain. As instructed by the administration, the Buildings Service began a major reorganization in March 2025, which has included reducing staff levels by about 50 percent. Buildings Service officials told GAO in September 2025 that they planned to finalize this reorganization in October 2025. GAO has not confirmed with GSA how the recent lapse in appropriations affected its implementation timeline. GAO will issue a report in the coming months applying leading practices for agency reforms to the Buildings Service’s reorganization efforts. GAO’s past work has shown that agency reforms are more likely to be successful in refocusing and enhancing agency missions and achieving efficiency and effectiveness if they follow these leading practices. Why GAO Did This Study Federal real property management has been on GAO’s High-Risk List since 2003. GAO has previously reported that better management is needed to effectively dispose of underused buildings, collect reliable real property data, and improve the condition of federal buildings. The Buildings Service’s primary mission is to manage federal real property. In March 2025, the Buildings Service began taking reorganization actions. This statement discusses how the issues of underused buildings, data reliability, and the condition of federal buildings on the High-Risk List relate to GSA and the efforts GSA’s Buildings Service has taken to reorganize as of October 2025. This work is a part of a review for Congress on the organization and management of the Buildings Service. GAO’s description of the relationship of the high-risk issues to GSA is based on GAO’s prior work and reflects GAO’s most recent High-Risk Update, released on February 25, 2025. As of May 2025, GAO has eight open priority recommendations to GSA on real property High-Risk issues, including property disposal, data reliability, and the management of deferred maintenance and repair. See GAO-25-108060. To identify the steps the Buildings Service has taken to reorganize, GAO reviewed GSA documents and interviewed GSA officials. For more information, contact: Heather Krause at krauseH@gao.gov.

What GAO Found The Department of Defense (DOD) identified test and evaluation modernization as a crucial part of its effort to get capabilities to warfighters faster. DOD organizations, including the Office of the Secretary of Defense and the military departments, have undertaken modernization planning efforts with varying areas of focus and levels of detail. Nonetheless, these plans share themes, including the use of digital engineering tools and highly skilled workforces. GAO’s analysis of DOD-wide test and evaluation policies found they were not fully consistent with selected leading practices for product development as applied to test and evaluation: involve testers early, conduct iterative testing, use digital twins and threads, and obtain user feedback iteratively. These policies contained some tenets of the leading practices, particularly for the software acquisition and urgent capability acquisition pathways. However, these leading practices were largely not reflected in the policies for programs in the major capability acquisition and middle tier of acquisition pathways, which account for the majority of DOD spending on weapon systems acquisition. Key DOD-wide Weapon Systems Testing Policies Fall Short of Selected Leading Practices Further, GAO found that DOD’s digital engineering policy and the test and evaluation section of DOD’s systems engineering policy do not describe specific processes to ensure application of leading practices to testing. GAO also found that military department-level test and evaluation policies generally did not reflect the leading practices beyond the level found in DOD-wide policies. GAO similarly found that these leading practices were not reflected in key program documents, like acquisition strategies and test strategies, for selected weapon systems acquisition programs it reviewed. DOD has a unique opportunity to not only retool its existing test and evaluation enterprise, but to redefine the role that enterprise can play in enabling faster delivery of relevant capabilities to warfighters. Fully incorporating leading practices into policies relevant to weapon system test and evaluation could help pivot the test enterprise’s current reactive role to a proactive one, informing and aiding defense acquisition efforts. Why GAO Did This Study DOD has yet to realize its goal to rapidly develop weapon systems to get capabilities to the warfighter when needed. DOD acquisition programs have identified challenges discovered during test and evaluation as contributing to delays in development. A House committee report includes a provision for GAO to assess how DOD is modernizing weapon system test and evaluation. GAO’s report (1) describes DOD’s plans to modernize test and evaluation to deliver capabilities faster to the warfighter, and (2) assesses the extent to which DOD-wide and military department policies for test and evaluation reflect selected GAO leading practices for product development. To do this work, GAO assessed DOD test and evaluation modernization plans and policies and weapon system acquisition documentation. GAO visited three military department test organizations to observe tools in practice. GAO also interviewed DOD and military department officials from test organizations and other entities.

What GAO Found As of July 2025, the Department of Commerce has provided incentive awards to 19 companies for 40 projects to construct, expand, or modernize semiconductor facilities. Thirteen of the 19 companies received funding for workforce development activities associated with the projects. In total, Commerce awarded the 19 companies with $30.9 billion in direct funding and two of them with $5.5 billion in loans through the incentive awards. Commerce awarded projects that collectively aim to address gaps and vulnerabilities at various stages of the supply chain, from materials production to packaging. Nearly 40 percent of projects are intended to produce leading-edge logic chips, which process data for emerging technologies such as artificial intelligence. Commerce estimates that these projects will bring the U.S. share of global leading-edge logic chip manufacturing from 0 percent in 2022 to 20 percent by 2030. Each project includes unique milestones, which span from November 2024 through October 2033. Commerce officials stated that companies have submitted milestone completion reports for 24 of 161 milestones, as of July 2025. One project, a new leading-edge logic chip manufacturing facility in Arizona, was certified as complete in June 2025. Semiconductor Projects’ Anticipated Completion Dates, as of July 2025 Note: For more details, see figure 6 in GAO-26-107882. Officials weighed six criteria to select projects, giving the greatest consideration to projects’ potential impact on economic and national security objectives. For projects selected for an award, officials found that economic and national security benefits outweighed any downsides or risks. Commerce set award funding amounts to incentivize project completion and distribute funds across a portfolio of projects throughout the supply chain. To ensure that funding amounts would not result in profits that significantly exceed company projections, Commerce negotiated upside sharing agreements for 27 of the 40 projects. Under these agreements, companies share profits with the federal government if their profits exceed a specific threshold. Why GAO Did This Study Semiconductors, also called chips, are small electronic devices that are critical to nearly all industries. A global semiconductor shortage occurring from 2020 through 2023 exposed long-term risks in the supply chain. For example, manufacturing facilities are concentrated in a few regions globally. The William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (as amended, the FY21 NDAA) authorized Commerce to provide financial assistance to entities undertaking semiconductor facility or equipment projects. The CHIPS Act of 2022 appropriated $39 billion for these purposes. In response, Commerce issued the first award in September 2024 after establishing a new office, soliciting input from stakeholders, developing a strategy for the program, and reviewing applications. The FY21 NDAA also includes a provision for GAO to issue a series of reports on the semiconductor incentives program. This report, the first in the series, examines (1) key characteristics and anticipated timelines of selected projects and (2) how Commerce selected projects and set funding amounts. This report covers awards made by Commerce from September 2024 through July 2025. GAO analyzed Commerce documents, including notices of funding opportunity, evaluation and selection documents, and awards. In addition, GAO reviewed relevant requirements in the FY21 NDAA and compared Commerce’s efforts to those requirements. GAO also interviewed Commerce officials. For more information, contact Candice N. Wright at WrightC@gao.gov.

Why This Matters Federal agencies must vet individuals who will need security clearances to access classified information. In 2018, we put this process on our High-Risk List partly due to delays and IT systems issues. The Office of the Director of National Intelligence (ODNI) oversees the efficiency and effectiveness of the process. ODNI has stated that consistent data are vital to meeting these responsibilities. GAO Key Takeaways In 2019, ODNI began requiring over 100 agencies that vet cleared personnel to submit data on timeliness, the number of investigations completed, and other key aspects of the personnel security clearance process. But more than 60 percent of the data we reviewed were not reliable across eight reporting requirements and seven agencies. ODNI officials look closely at data measuring the time for agencies to complete the process. Of the timeliness data we analyzed, 86 percent were inaccurate—a third by 20 percent or more. Most of these inaccuracies were due to a calculation method inconsistent with ODNI guidance. This affected the timeliness measurement of 95 percent of the clearances completed across the government. Agency officials stated they revised their method to align with ODNI’s guidance for data collected starting in fiscal year (FY) 2025. However, much of the data reported to Congress and the public from 2020–2024 has underestimated the time to complete the clearance process. ODNI reviews data it collects from agencies, but not in a way that aligns with data reliability principles. It also has not issued adequate guidance to agencies for assessing their data. Addressing these gaps will ensure ODNI and Congress have more reliable data to enable better oversight. Personnel Security Clearance Data for Seven Selected Agencies, Third Quarter of Fiscal Year 2024 How GAO Did This Study We analyzed FY 2024 data from ODNI and Departments of Defense, Energy, and the Treasury General Services Administration National Capital Planning Commission National Geospatial-Intelligence Agency U.S. Agency for International Development We also compared ODNI’s oversight to key practices and interviewed officials.

What GAO Found Based on a requirement in the Strengthening VA Cybersecurity Act of 2022, the Department of Veterans Affairs (VA) contracted with MITRE to perform a cybersecurity assessment. The subsequent assessment addressed the requirements in the act and aligned with federal guidance. For example, MITRE appropriately (1) selected for review five key systems that, if compromised, could severely impair VA’s ability to execute its mission, and (2) evaluated the effectiveness of VA’s information security program. VA submitted a plan to remediate the findings identified by the assessment that generally addressed the requirements in the act. Specifically, the remediation plan included a cost estimate and implementation timelines to address the system and security program findings. The remediation plan also included planned improvements to VA’s security program. While the remediation plan did not include improvements to system-specific security controls, VA provided details on those plans in other documents. VA has reported progress in remediating findings across the five systems and its security program. Specifically, the department reported remediating 215 of 442 system-specific findings by October 2024 and remediating 379 findings by July 2025 (see figure). Also, the department reported that it had completed 20 of 55 actions to address the 11 information security program findings. VA generally documented remediation efforts for the system and program findings in accordance with federal requirements. However, it did not always update its remediation plans. For example, for one system, VA did not update the remediation date for a high-risk vulnerability that was 15 months past due. Similarly, the department did not update estimated remediation dates for at least two program findings. Further, although plans were in place, remediation efforts were not timely. Specifically, as of July 2025, VA had not remediated two high-risk vulnerabilities—those with the most severe consequences—over a 17 to 21-month period, although its policy is to remediate them within 60 days. VA’s Inspector General has previously made recommendations to VA to (1) ensure the department tracks and updates planned remediation documents and (2) improve the process for resolving vulnerabilities that cannot be addressed within policy timeframes by ensuring implementation of mitigating controls. As of July 2025, VA had not yet implemented these recommendations. Doing so would help ensure that needed actions are taken to protect systems. Why GAO Did This Study VA depends on critical IT systems to manage benefits and provide health care to veterans and their families. VA’s highly networked and technologically diverse systems create unique cybersecurity complexities. Protecting these systems from cyber threats is imperative. The Strengthening VA Cybersecurity Act of 2022 includes a provision for GAO to evaluate an independent cybersecurity assessment and VA’s remediation plan in response to the assessment. This report examines the extent to which (1) the independent cybersecurity assessment addressed the act and federal guidance, (2) VA’s remediation plan adhered to the act, (3) the department reported remediating the assessment’s findings, and (4) VA’s efforts to remediate selected findings adhered to federal requirements. To address these objectives, GAO compared MITRE’s assessment of selected systems and the overall information security program, as well as VA’s remediation plan, against requirements in the act. GAO also summarized VA’s reported remediation progress for the assessment findings. In addition, GAO compared VA’s efforts to remediate findings against federal requirements. Further, GAO interviewed relevant MITRE and VA officials. For more information, contact Jennifer Franks at franksj@gao.gov.

After the 2020 Census, the Census Bureau initiated four enterprise-wide programs to modernize and consolidate the IT systems that collect, process, and disseminate data for its surveys. This report focuses on the data collection modernization program, known as Data Ingest and Collection for the Enterprise. Why This Matters The Bureau conducts over 100 different censuses and surveys, including the Decennial Census. To assist in collecting and ingesting data, the Bureau’s activities have largely relied on numerous survey-specific IT systems. This has resulted in many systems performing duplicative activities. We previously reported that the Bureau faced challenges in modernizing and consolidating its IT systems during preparations for the 2020 Census. After the 2020 Census, the Bureau embarked on a large-scale initiative to modernize and consolidate its data collection, storage, and dissemination systems. This effort consists of four integrated, enterprise-wide IT modernization programs: Data Ingest and Collection for the Enterprise (DICE) focuses on data collection, the Enterprise Data Lake is intended to modernize data processing and storage, Frames is expected to organize the data within the Enterprise Data Lake, and the Center for Enterprise Dissemination Services and Consumer Innovation is aimed at modernizing data dissemination systems. DICE Program DICE is the Bureau’s effort to collect data in a consistent, standardized, and scalable manner across all of its surveys. DICE is expected to consolidate 37 legacy systems and applications into a suite of 11 enterprise-wide systems. The Bureau expects to develop and deploy system capabilities in a phased approach based, in part, on when (1) surveys are able to transition to the new systems and (2) DICE can deliver capabilities for those surveys. The Bureau expects DICE to support surveys by: providing tools to assist with identifying survey requirements and objectives, and developing survey questionnaires; collecting data from respondents through paper, internet, and interview-assisted modes; and ingesting administrative records from third party sources, including other federal agencies (e.g., the Internal Revenue Service and Social Security Administration), state and local governments, and commercial entities. Elements of the Census Bureau’s Data Ingest and Collection for the Enterprise (DICE) Program DICE Cost, Status, and Schedule The Bureau initiated the DICE program in 2021; in 2024, it finalized a baselined cost estimate of about $1.08 billion through 2033. The program’s approach to delivering system capabilities is driven, in part, by survey needs. As of November 2025, nine surveys or survey tests (such as the Annual Integrated Economic Survey, which provides national data on business revenues and expenses) had begun using DICE systems. The Bureau has also begun using DICE systems for development of an additional 42 surveys or survey tests (including the American Community Survey and the 2030 Census). The following timeline depicts selected key milestones on when capabilities are expected to be delivered and surveys are expected to use DICE. Selected Key Milestones for Census Bureau's Data Ingest and Collection for the Enterprise (DICE) Implementation Data Collection Modernization Challenges and Risks Modernizing its data collection systems has historically been a challenge for the Bureau. In preparing for the 2020 Census, the Bureau attempted to consolidate its data collection and processing systems into an enterprise-wide modernization program called Census Enterprise Data Collection and Processing (CEDCaP). However, we reported that the Bureau had difficulties in managing risks, requirements, cost, and schedule for CEDCaP. We made eight recommendations aimed at addressing these challenges that the Bureau subsequently implemented. Among other things, the Bureau incorporated lessons learned into planning for DICE. These lessons included enhancing requirements and risk management and cost estimating. Consistent with lessons learned, the Bureau is currently tracking several risks that could impact the program’s cost and schedule. For example, the program is monitoring multiple risks related to funding legacy solutions to support selected surveys. This could limit funding for replacement systems. The program is also tracking a risk due to the DICE schedule prioritizing survey onboarding dates instead of the time frames to deliver capabilities. The Bureau reported that this prioritization could limit the program’s ability to track progress in delivering those capabilities. We have ongoing work evaluating the Bureau’s progress in managing these and other risks, and in implementing other leading practices for the DICE program. Going forward, prioritizing IT decisions and demonstrating DICE’s capabilities will be important. This can help the Bureau deliver its planned functionality for future surveys, including the 2030 Census. For more information, contact Kevin Walsh at WalshK@gao.gov.

What GAO Found The Department of Homeland Security (DHS) began granting parole—temporary permission to stay in the U.S.—to certain eligible noncitizens through its supporter-based parole processes in May 2022. From that time through September 2024, DHS granted parole to about 774,000 noncitizens across three supporter-based processes: Cubans, Haitians, Nicaraguans, and Venezuelans (CHNV), Uniting for Ukraine (U4U), and family reunification parole (see figure). Grants of Supporter-Based Parole, May 2022–September 2024 Shortly after U4U began, the DHS components responsible for implementing the parole processes—U.S. Citizenship and Immigration Services (USCIS) and U.S. Customs and Border Protection (CBP)—identified fraud risks and other vulnerabilities. Subsequently, a July 2024 USCIS review found that fraud indicators were widespread in U4U and CHNV. USCIS attributed these risks to insufficient internal controls in its supporter vetting process—for example, not having automated processes to prevent or detect possible fraudulent activity. DHS has since suspended or terminated the processes. However, USCIS has not developed an internal control plan for new or changed programs in the future. Such a plan could include basic antifraud controls and mechanisms to help proactively identify and mitigate fraud risks. In addition, DHS faced other challenges implementing the parole processes, including limited staffing and resources, inconsistent review of the reasons for beneficiaries requesting parole, and supporters not upholding their commitments to beneficiaries. DHS agencies began taking some corrective actions, but DHS has not assessed lessons learned from the parole processes that it could apply to other efforts, such as lessons related to the use of temporarily assigned staff. By assessing and applying lessons learned from the parole processes, even if the processes have ended, DHS could improve other areas of its operations and thus be better positioned to avoid similar challenges in the future. Prior to January 2025, U.S. Immigration and Customs Enforcement (ICE), which is responsible for enforcing U.S. immigration laws, did not have enforcement guidance focused specifically on parole beneficiaries, according to ICE officials. After January 2025, in alignment with new presidential administration executive orders and DHS policies, ICE instructed its officers to review each noncitizen case they encounter and determine whether any noncitizen’s parole status should be terminated. As of May 2025, ICE officials said that ICE did not have any nationwide enforcement efforts for paroled noncitizens and that its field offices determined any such actions on a case-by-case basis. Why GAO Did This Study In 2022 and 2023, DHS introduced new processes for humanitarian parole in response to increases in noncitizens arriving at the southwest border. The processes allowed eligible noncitizens from certain countries to travel to the U.S. to seek a grant of parole. To be eligible, noncitizens had to have a U.S.-based supporter apply to financially support them. DHS briefly suspended some of the processes in summer 2024 before restarting them. Then, in January 2025, following an executive order, DHS suspended all of the processes. GAO was asked to review DHS’s administration and oversight of these parole processes. This report addresses (1) what DHS data show about supporter-based parole processes; (2) challenges that existed, and the extent to which DHS addressed them; and (3) DHS’s approach for taking enforcement actions against parole beneficiaries, as appropriate. GAO analyzed USCIS, CBP, and ICE documents and data on the parole processes from 2022 to 2025. GAO also (1) visited four U.S. airports where large numbers of noncitizens seeking parole arrived and (2) interviewed USCIS, CBP, and ICE officials from headquarters and field offices.

What GAO Found Preliminary results from GAO’s ongoing covert testing suggest fraud risks in the advance premium tax credit (APTC) persist. The federal Marketplace approved coverage for nearly all of GAO’s fictitious applicants in plan years 2024 and 2025, generally consistent with similar GAO testing in 2014 through 2016. GAO’s covert testing is illustrative and cannot be generalized to the enrollee population. Plan year 2024. The federal Marketplace approved subsidized coverage for all four of GAO’s fictitious applicants submitted in October 2024. In total, the Centers for Medicare & Medicaid Services (CMS) paid about $2,350 per month in APTC in November and December for these fictitious enrollees. For some, the federal Marketplace requested documentation to support Social Security numbers (SSN), citizenship, and reported income. GAO did not provide documentation yet received coverage. Plan year 2025. Of 20 fictitious applicants, 18 remain actively covered as of September 2025. APTC for these 18 enrollees totals over $10,000 per month. GAO continues to monitor the enrollments as part of its ongoing work. More broadly, GAO’s preliminary analyses identified vulnerabilities related to potential SSN misuse and likely unauthorized enrollment changes in federal Marketplace data for plan years 2023 and 2024. Such issues can contribute to APTC that is not reconciled through enrollees’ tax filings to determine the amount of premium tax credit for which enrollees were ultimately eligible. GAO’s preliminary analysis of data from tax year 2023 could not identify evidence of reconciliation for over $21 billion in APTC for enrollees who provided SSNs to the federal Marketplace for plan year 2023. Unreconciled APTC may not necessarily represent overpayments, as enrollees who did not reconcile may have been eligible for the subsidy. However, it may include overpayments for enrollees who were not eligible for APTC. GAO’s preliminary analyses identified over 29,000 SSNs in plan year 2023 and nearly 68,000 SSNs in plan year 2024 used to receive more than one year’s worth of insurance coverage with APTC in a single plan year. CMS officials explained that the federal Marketplace does not prohibit multiple enrollments per SSN to help ensure that the actual SSN-holder can enroll in insurance coverage in cases of identity theft or data entry errors. GAO’s preliminary analyses also identified at least 30,000 applications in plan year 2023 and at least 160,000 applications in plan year 2024 that had likely unauthorized changes by agents or brokers. This can result in consumer harm, including loss of access to medications. In July 2024, CMS implemented a new control to prevent such changes, which GAO is reviewing in its ongoing work. GAO preliminarily identified weaknesses in CMS’s APTC fraud risk management as compared to leading practices. Specifically, CMS has not updated its fraud risk assessment since 2018 despite changes in the program and its controls. Further, CMS’s 2018 assessment may not fully align with leading practices, like identifying inherent fraud risks. Finally, CMS did not use its 2018 assessment to develop an antifraud strategy. Together, these weaknesses appear to hinder CMS’s ability to effectively and proactively manage fraud risks in APTC. Why GAO Did This Study The Patient Protection and Affordable Care Act provides premium tax credits to help eligible individuals pay for health insurance. The federal government can pay this credit directly to health insurance issuers as APTC. CMS estimated that it paid nearly $124 billion in APTC for about 19.5 million enrollees in plan year 2024. Consumers can enroll in insurance through the federal Marketplace independently or with assistance from an agent or broker. Recent indictments highlight concerns about agent and broker practices in the federal Marketplace. Further, CMS reported that it received roughly 275,000 complaints in 2024 that consumers were enrolled or had insurance plans changed in the federal Marketplace without their consent. This testimony discusses preliminary results of ongoing GAO work related to (1) covert testing and (2) data analyses of enrollment controls in the federal Marketplace, as well as (3) CMS’s APTC fraud risk assessment and antifraud strategy. To perform this work, GAO created 20 fictitious identities and submitted applications for health care coverage in the federal Marketplace for plan years 2024 and 2025. The results, while illustrative, cannot be generalized to the full enrollment population. Additionally, GAO analyzed federal Marketplace enrollment data for plan years 2023 and 2024 and compared these data to federal death data and tax data. Finally, GAO assessed documentation related to CMS’s fraud risk management activities against relevant leading practices.

What GAO Found Since June 2020, GAO has made dozens of recommendations to help the Small Business Administration (SBA) better manage fraud risks, improve its estimates of improper payments, and oversee its contracting programs. This testimony discusses SBA’s efforts to address 42 of these, of which SBA has implemented 17. Fraud risks. GAO has found that some SBA programs—particularly its COVID-19 pandemic relief programs—have been susceptible to fraud. SBA established these programs quickly to respond to the adverse economic conditions small businesses faced, but the speed of implementation came at the expense of appropriate safeguards. SBA has implemented most GAO recommendations in this area—for example, by implementing oversight plans, conducting fraud risk assessments, and developing a fraud strategy. GAO has estimated that the additional controls SBA put in place for its pandemic-relief programs collectively had saved the government more than $30 billion as of the end of fiscal year 2025. However, it is imperative for SBA to advance its fraud prevention and detection efforts, such as by expanding use of data analytics and improving its process for referring potential fraud to SBA’s Office of Inspector General. Furthermore, examining fraudsters and fraud schemes that emerged during the pandemic can help agencies identify fraud mitigation controls that can be implemented both in emergency environments and during normal operations. Improper payments. GAO has also previously identified problems related to SBA’s estimates of improper payments, particularly for its pandemic relief programs. An improper payment occurs when a payment should not have been made or was made in the incorrect amount. SBA has implemented one GAO recommendation in this area but has not implemented three others. These include expanding and documenting its overpayment review procedures and expanding its overpayment tracking process. Developing reliable improper payment estimates is essential for understanding and addressing financial vulnerabilities in SBA’s programs in a timely manner. Contracting assistance programs. SBA has addressed several GAO recommendations related to oversight of its contracting programs, including the 8(a) Business Development Program. For example, the agency has improved its documentation of compliance reviews of small business subcontracting plans. However, SBA has not addressed 14 recommendations intended to address critical risk management and cybersecurity issues associated with its small business certification platform. In addition, SBA’s independent financial statement auditor issued a disclaimer of opinion on SBA’s fiscal year 2024 financial statements. The auditor reported material weaknesses in SBA’s controls over pandemic relief programs for the fifth consecutive year. For example, the auditor found that SBA did not sufficiently design the review process for Paycheck Protection Program (PPP) loan forgiveness. GAO supports the auditor’s recommendations to address these weaknesses and urges SBA to work toward obtaining a clean financial statement audit opinion. Why GAO Did This Study Since spring 2020, SBA has made or guaranteed more than $1 trillion in loans and grants and assisted more than 10 million small businesses adversely affected by the COVID-19 pandemic, primarily through PPP and the COVID-19 Economic Injury Disaster Loan program. SBA also continued to support small businesses through its contracting assistance and small business research programs. This testimony discusses the status of selected GAO recommendations to SBA related to fraud risks, improper payments, and contracting assistance programs, as well as issues related to SBA’s financial statements. This testimony is based on prior GAO reports issued from June 2020 through March 2025 that assessed SBA’s implementation of four pandemic relief programs, SBA improper payments, financial statements, and contracting assistance programs. Details on GAO’s methodology can be found in the individual reports cited. For more information, contact Courtney LaFountain at lafountainc@gao.gov.

What GAO Found The Department of the Treasury’s Financial Management Quality Service Management Office, the Office of Management and Budget (OMB), and the General Services Administration (GSA) have taken steps to implement financial management shared services across the government. Shared services can help improve efficiency, transparency, and stewardship of federal funds. Consolidating financial management shared services can help reduce duplicative efforts and costs across government for common business activities. As part of these supporting efforts, Treasury recently established a financial management marketplace where customer agencies, federal providers, and commercial providers can buy and sell shared services and solutions. Treasury’s Financial Management Quality Service Management Office’s Approach to Managing the Financial Management Marketplace The marketplace has already achieved progress, such as the approximate amount of services and solutions procured by customer agencies growing from $3 million in fiscal year 2023 to more than $183 million in fiscal year 2024. However, the federal government has experienced implementation challenges. Some common challenges Treasury, customer agencies, and providers have reported experiencing involve raising awareness of the benefits and requirements to use the marketplace; addressing changing technology and new requirements during the modernization process; maintaining clear roles and responsibilities when coordinating across the federal government; and securing adequate funding for multiyear, large-scale projects, such as modernizing core financial systems. Officials from selected foreign governments that GAO interviewed also identified multiple lessons learned to consider when implementing financial management shared services. Some of these lessons learned include establishing a strong governance structure and method to monitor shared services performance, as well as ensuring that shared services contracts allow for flexibility in anticipation of changes throughout implementation. OMB, GSA, and Treasury reported that they were not aware of any statutes or agency policies that would prevent the adoption of financial management shared services across the federal government or that would inhibit the government from executing its approach to financial management shared services. To continue financial management shared services implementation efforts, the President issued an executive order in March 2025 that aims to increase the prominence of the marketplace and implementation of financial management shared services. Specifically, the executive order directs all 24 Chief Financial Officers Act (CFO Act) agencies to consolidate their core financial systems and use standard financial management solutions obtained through the marketplace. In addition, all non-CFO Act agencies are to consolidate financial management services under a single provider approved by Treasury. The OMB Director is to provide guidance within 180 days of the executive order. The challenges and lessons learned identified in this report offer important considerations as OMB develops guidance under the March 2025 executive order for the latest initiative. GAO will continue to monitor these efforts. Why GAO Did This Study Over the past 20 years, the federal government has launched multiple initiatives to promote agencies’ use of financial management shared services. However, while shared services offer potential for optimizing government resources, GAO has previously reported that past efforts to migrate to shared services have not consistently increased cost savings, efficiencies, or customer satisfaction. The Joint Explanatory Statement accompanying the Consolidated Appropriations Act, 2023 includes a provision for GAO to review the adoption of shared technology platforms and services. This report is the first in a series of reports addressing shared services and solutions and provides information on the status of the federal government’s plans to implement financial management shared services. To perform this work, GAO interviewed GSA, Treasury, and OMB staff. GAO also conducted a literature search and reviewed relevant publications to identify progress and challenges in implementing financial management shared services and foreign governments that have implemented shared services. GAO also interviewed officials from foreign governments and reviewed their published reports to identify their lessons learned on shared services. For more information, contact Paula M. Rascona at rasconap@gao.gov.

What GAO Found The Coast Guard’s disability evaluation system (DES) determines whether injured or ill service members are medically fit to perform their duties and, if not, whether they are eligible for certain disability benefits. The Coast Guard has been transitioning to a new, integrated DES that combines its older legacy DES with the Department of Veterans Affairs (VA) disability evaluation process. Coast Guard documentation states that the goal of the integrated DES is to determine both Coast Guard and VA disability benefits more efficiently for members who are found unfit for duty. As of September 2025, all Coast Guard sites had transitioned to the integrated DES, according to Coast Guard officials. The Coast Guard‘s current goal is to complete legacy DES cases within 270 days. However, less than half of the legacy DES cases closed from October 2022 through May 2025 met this goal, according to GAO analysis (see figure). Duration of Legacy Disability Evaluation System Cases Closed from October 2022 through May 2025 The Coast Guard’s current goal is to complete integrated DES cases within 265 days. More than half of integrated DES cases (15 of 23) closed from August 2024 through April 2025 met this goal. The Coast Guard is planning to adopt the Department of Defense’s goal of completing integrated DES cases in 180 days. Coast Guard officials told GAO they face challenges in meeting timeliness goals, such as insufficient staffing, difficulty obtaining complete medical records, and a rise in members’ rebuttals and appeals of DES determinations. The officials described steps they have taken to address the challenges, such as providing training to clinic staff and analyzing trends in rebuttals and appeals. GAO found that the Coast Guard has taken some steps to monitor the performance of both the legacy and integrated DES but has not fully applied GAO’s leading practices for program management. Specifically, according to officials, the Coast Guard has taken an informal approach to monitoring the legacy and integrated DES, such as discussing concerns and the timeliness of individual cases at weekly all-staff meetings. Contrary to leading practices for program monitoring, the Coast Guard has not established a balanced set of performance goals that cover various program priorities, including the accuracy of its decisions. Similarly, the Coast Guard does not have a plan for monitoring progress toward achieving DES goals or identifying risks to achieving them. Fully applying leading practices for program monitoring could focus DES resources on program priorities, improve overall performance, and help members receive the benefits they deserve without delay. These practices are especially important when programs are not meeting performance goals. Why GAO Did This Study The Coast Guard, a military service within the Department of Homeland Security (DHS), is responsible for various missions, including drug interdiction and search and rescue. In carrying out the Coast Guard’s missions, some of its approximately 55,000 members may become injured or ill. The James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 includes a provision for GAO to review the Coast Guard’s DES. This Q&A report examines the DES process, its timeliness goals and related challenges, and the extent to which the Coast Guard has applied leading practices for program monitoring. GAO reviewed relevant federal laws, regulations, policies, and procedures and interviewed Coast Guard officials. GAO also analyzed Coast Guard data on the timeliness of legacy DES cases closed from October 2022 through May 2025 and integrated DES cases closed from August 2024 to April 2025. GAO found these data to be reliable for the purposes of calculating case length and how often members used Coast Guard attorneys in the DES process. GAO also compared the Coast Guard’s methods for monitoring DES performance to Coast Guard policies and leading practices from previous GAO work.

What GAO Found Children who are raised by relatives or close family friends because their parents are unable to care for them live in “kinship families.” According to Census Bureau data GAO analyzed, these families are more likely than all families to be in poverty. Children in kinship families are in households typically headed by grandparents, who are more likely than the general population to have a disability and be out of the labor force. Children living with grandparents more often have physical and mental health issues and special education needs. A relatively small portion of children in kinship families are in foster care—for every one child in foster care, about 18 are not, according to Census Bureau and Department of Health and Human Services (HHS) data GAO analyzed. Families with children in foster care have access to financial and other resources that other families are ineligible for, if caregivers meet certain state requirements. Some challenges, like the cost of living and mental health issues, worsened for some kinship families since the COVID-19 pandemic, according to officials from three counties and three Tribes in three states and most of the 16 kinship caregivers who GAO interviewed. Other challenges, like the need for childcare and affordable housing, persisted. Figure: Examples of Challenges for Kinship Caregivers that Have Persisted Resources for kinship families varied across the six communities in GAO’s review. Officials from all communities discussed resources and supports specific to families with children in foster care. They also discussed resources that all kinship families could be referred to or find on their own. HHS leads efforts that aim to raise awareness about kinship families, increase collaboration among service providers, and provide information and guidance about supporting these families. HHS also administers funds through various programs that states may use to support kinship families. Why GAO Did This Study About 2.4 million children in the United States lived in kinship families in 2023. Parental death, substance abuse, and incarceration are some reasons why children live without a parent. Research has shown that when parents are absent, most children thrive best in kinship families, in which they are cared for by family members who can offer stability and continued connections to family, community, culture, and education. GAO was asked to review issues related to kinship families. This report describes the characteristics of kinship families, how their challenges may have changed since the COVID-19 pandemic, the resources they are accessing, and how the federal government primarily supports them. To describe the characteristics of kinship families, GAO reviewed relevant literature and analyzed nationally representative data from the Census Bureau and HHS for 2019 through 2023, the most recent years available across data sources analyzed. GAO determined that the data were reliable for the purposes of describing kinship families in 2023. GAO did not use Census Bureau data for 2020 due to data collection differences during the pandemic. To describe challenges for kinship families and the resources they are accessing, GAO conducted site visits to three counties and three Tribes in three states (Mississippi, New Mexico, and Oklahoma), selected for factors including high proportions of kinship caregivers and varying levels of urbanicity. GAO also interviewed 16 kinship caregivers from 10 states and two Tribes. GAO identified caregivers by working with service providers who helped organize the site visits and with a national organization that advocates on issues related to kinship and multigenerational families. To describe how the federal government supports kinship families, GAO interviewed officials from the Bureau of Indian Education, Department of Education, and HHS and reviewed relevant information. For more information, contact Kathryn Larin at LarinK@gao.gov.