GAO Reports CVE Certification Program Still Vulnerable to Fraud and Abuse
The Department of Veteran’s Affairs’ Center for Veterans’ Enterprise’s Service Disabled Veteran Owned Small Business (SDVOSB) program remains vulnerable to fraud and abuse according to a new finding released by the Government Accountability Office (GAO). VA has made inconsistent statements about its progress in verifying firms listed in VetBiz.gov using the new, more-thorough process the agency implemented in response to the 2010 Act (Veterans Small Business Verification Act). In one communication, VA stated that as of February 2011, all new verifications would use the 2010 Act process going forward. According to the most-recent information provided by VA, there are 6,079 SDVOSBs and veteran-owned small businesses (VOSB) listed in VetBiz. Of these, 3,724 were verified under the more-through process implemented under the 2010 Act, and 2,355—over 38 percent—were verified under the less-rigorous 2006 Act process. The presence of firms that have only been subjected to the less-stringent process that VA previously used represents a continuing vulnerability. In 2011, VA’s Office of Inspector General (OIG) issued a report finding that VA’s document review process under the 2006 Act “ in many cases was insufficient to establish control and ownership and in effect allowed businesses to self-certify as a veteran-owned or service-disabled veteran-owned small business with little supporting documentation.”
VA has taken some positive action to enhance its fraud-prevention efforts. VA generally concurred with recommendations we issued in October 2011 and has established processes in response to 6 of the 13 recommendations. VA has also begun action on some remaining recommendations, such as providing fraud-awareness training and removing contracts from ineligible firms, though these procedures need to be finalized.
The Small Business Administration (SBA) administers the government-wide SDVOSB program but does not verify firms’ eligibility, stating that its only statutory obligation is to report other agencies’ success in meeting contracting goals. In addition to SBA’s statutory authority over the government-wide program, the Department of Veterans Affairs (VA) has separate authority over issues related to its own SDVOSB program. VA awarded $3.2 billion in SDVOSB contracts in fiscal year 2010—about 30 percent of government-wide SDVOSB awards.
Unlike SBA, VA is bound by the Veterans Benefits, Health Care, and Information Technology Act of 2006 (2006 Act) to verify firms’ eligibility. Since 2009, the GAO has issued 10 reports and testimonies detailing how the government-wide and VA SDVOSB programs are vulnerable to fraud and abuse, making numerous recommendations to strengthen fraud-prevention controls. In October 2010, Congress also passed the Veterans Small Business Verification Act (2010 Act), part of the Veterans’ Benefits Act of 2010, to require VA among other things to more-thoroughly validate firms’ eligibility before listing them in VetBiz.gov, VA’s database of eligible firms. In July 2011, GAO reported that both SBA and VA had taken positive steps in response to our findings and recommendations, but that vulnerabilities remained.