Service-Disabled Veteran-Owned Small Business Program:  Case Studies Show Fraud and Abuse Allowed Ineligible Firms to Obtain Millions of Dollars in Contracts

GAO Highlights

Why GAO Did This Study

The Service-Disabled Veteran-Owned Small Business (SDVOSB) program is intended to provide Federal contracting opportunities to qualified firms. In fiscal year 2008, the Small Business Administration (SBA) reported $6.5 billion in governmentwide sole-source, set-aside, and other SDVOSB contract awards. Given the amount of Federal contract dollars being awarded to SDVOSB firms, GAO was asked to determine (1) whether cases of fraud and abuse exist within the SDVOSB program and (2) whether the program has effective fraud prevention controls in place.

To identify whether cases exist, GAO reviewed SDVOSB contract awards and protests since 2003 and complaints sent to GAO’s fraud hotline. GAO defined case-study firms as one or more affiliated firms that were awarded one or more SDVOSB contracts. To assess fraud prevention controls, GAO reviewed laws and regulations and conducted interviews with SBA and Department of Veterans Affairs (VA) officials. GAO did not attempt to project the extent of fraud and abuse in the program. In addition, GAO did not attempt to assess the overall effectiveness of VA’s validation process to prevent or address fraud and abuse in VA SDVOSB contracts.

What GAO Found

GAO found that the SDVOSB program is vulnerable to fraud and abuse, which could result in legitimate service-disabled veterans’ firms losing contracts to ineligible firms. The 10 case-study firms that GAO investigated received approximately $100 million in SDVOSB sole-source and set-aside contracts through fraud, abuse of the program, or both. For example, contracts for Hurricane Katrina trailer maintenance were awarded to a firm whose owner was not a service-disabled veteran. GAO also found that SDVOSB companies were used as pass-throughs for large, sometimes multinational corporations. In another case a full-time Federal contract employee at MacDill Air Force Base set up a SDVOSB company that passed a $900,000 furniture contract on to a company where his wife worked, which passed the work to a furniture manufacturer that actually delivered and installed the furniture. The table below provides details on 3 of the 10 cases, all of which included fraud and abuse related to VA sole source or set aside SDVOSB contracts.

Details of Three Ineligible SDVOSB Cases

Source: GAO analysis of FPDS-NG, ORCA, CCR, and contractor data and interviews.

GAO found that the government does not have effective fraud prevention controls in place for the SDVOSB program. However, in response to the Veterans Benefits, Health Care, and Information Technology Act of 2006, VA is developing a certification processes for SDVOSB firms, but currently the certification will only be used for contracting by VA. VA officials stated that the certification process could include reviews of documents, validation of the owner’s service-disabled veteran status, and potential site visits to SDVOSB firms. To be effective, VA’s processes will need to include preventive controls, detection and monitoring of validated firms, and investigations and prosecutions of those found to be abusing the program. In a report GAO issued in October 2009, GAO suggested Congress consider providing VA with additional authority necessary to expand its SDVOSB verification process governmentwide.

Mr. Chairman and Members of the Subcommittee:

The Small Business Administration (SBA), which, along with Federal procuring agencies, administers the Service-Disabled Veteran-Owned Small Business (SDVOSB) program, reported in fiscal year 2008 that $6.5 billion[1] in Federal contracts were awarded to firms that self-certified themselves as SDVOSBs. Government contracts to SDVOSBs accounted for only 1.5 percent of all government contract dollars paid in fiscal year 2008. Since the SDVOSB program began, the government has not met its annual mandated goal of 3 percent.[2] However, in fiscal year 2008 the Department of Veterans Affairs’ (VA) SDVOSB contracts accounted for $1.7 billion, or 12 percent, of all VA small business eligible contracting dollars. In addition to SBA’s statutory authority over administration of the SDVOSB program, several other government agencies have separate authority over issues related to the SDVOSB program. The Veterans Benefits, Health Care, and Information Technology Act[3] requires VA, among other things, to maintain a database of SDVOSBs and Veteran-Owned Small Businesses (VOSB) so contractor eligibility can be verified on VA SDVOSB and VOSB contracts. In addition, the Office of Federal Procurement Policy (OFPP), within the Office of Management and Budget, provides overall direction for governmentwide procurement policies, regulations, and procedures to promote economy, efficiency, and effectiveness in the acquisition processes. The office’s primary focus is on the Federal Acquisition Regulation (FAR), the governmentwide regulation governing agency acquisitions of goods and services, including SDVOSB set-aside and sole-source contract actions.

My statement summarizes our report issued in October 2009.[4] This testimony discusses (1) whether cases of fraud and abuse exist within the SDVOSB program and (2) whether the program has effective fraud prevention controls in place.

To identify examples of firms that received SDVOSB contracts through fraudulent or abusive eligibility misrepresentations, we reviewed SDVOSB contract awards and protests filed with SBA since the program’s inception in 2003. We also reviewed allegations of fraud and abuse sent to our fraud hotline, FraudNET. In addition, we posted inquiries on our Web page and on several veteran advocacy group Web pages and in newsletters seeking information on fraud or abuse of the SDVOSB program. We received over 100 allegations of fraud and abuse in the SDVOSB program. From these sources, we selected 10 cases for further investigation based on a variety of factors, including facts and evidence provided in protests and allegations, whether a firm received multiple SDVOSB contracts, and whether a firm received other non-SDVOSB contracts. To investigate these case studies, we interviewed firm owners and managers and reviewed relevant documentation, such as business filings and tax returns, to determine if SDVOSB eligibility requirements had been met. We also analyzed data from the Federal Procurement Data System–Next Generation (FPDS-NG) for 2003 through 2009[5] to identify SDVOSB contracts received by the firms since the program’s inception. Furthermore, we reviewed certifications made by firms, such as certifications about a firm’s size, SDVOSB status, and line of business, in the Federal Government’s Online Representations and Certifications Application (ORCA).[6] To determine whether the program has effective fraud prevention controls in place, we reviewed relevant laws and regulations governing the SDVOSB program. We also interviewed agency officials about their responsibility for the program and controls currently in place to prevent or detect fraud and abuse. We did not attempt to project the extent of fraud and abuse in the program. In addition, we did not attempt to assess the overall effectiveness of VA’s validation process to prevent or address fraud and abuse in VA SDVOSB contracts. Additional details on our scope and methodology can be found in our report issued in October 2009.[7]

We conducted our audit work and investigation from October 2008 through December 2009 in accordance with U.S. generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our objectives. We performed our investigative work in accordance with the standards prescribed by the Council of the Inspectors General on Integrity and Efficiency.

Ineligible Firms Obtain Millions of Dollars in SDVOSB Contracts

Fraud and abuse in the SDVOSB program allowed ineligible firms to improperly receive millions of dollars in set-aside and sole-source SDVOSB contracts, potentially denying legitimate service-disabled veterans and their firms the benefits of this program. We identified 10 case-study examples of firms that did not meet SDVOSB program eligibility requirements but received approximately $100 million in SDVOSB contracts, and over $300 million in additional 8(a), HUBZone, and non-SDVOSB Federal Government contracts. Six of these 10 case studies were awarded one or more sole-source or set-aside SDVOSB contracts by VA. For example, 1 firm was awarded a $3.5 million contract by VA for janitorial services at a VA hospital, but subcontracted 100 percent of the work to an international firm. SBA found 4 of the 10 firms, including 2 firms that were awarded VA contracts, ineligible for the SDVOSB program through the agency’s bid protest process.[8] Nevertheless, because there are no requirements to terminate contracts when firms are found ineligible, several contracting agencies allowed the ineligible firms to continue their work. In addition to the 4 firms SBA found to be ineligible, we identified 6 other case-study firms that were not eligible for the SDVOSB program. The misrepresentations case-study firms made included a firm whose owner was not a service-disabled veteran, a serviced-disabled veteran who did not control the firm’s day-to-day operations, a service-disabled veteran who was a full-time Federal contract employee at MacDill Air Force Base, and firms that served as “pass-throughs” for large and sometimes foreign-based corporations. In the case of a pass-through, a firm or joint venture lists a service-disabled veteran as the majority owner, but contrary to program requirements, all work is performed and managed by a non-service-disabled person or a separate firm.

Federal regulations set requirements for a small business to qualify as an SDVOSB. Specifically, SDVOSB eligibility regulations mandate that a firm must be a small business[9] and at least 51[10] percent owned by one or more service-disabled veterans[11] who control the management[12] and daily business operations of the firm. In addition, SDVOSB regulations also place restrictions on the amount of work that can be subcontracted. Specifically, regulations require the SDVOSB to incur a mandatory percentage of the cost of the contract performance that can range from 15 percent to 50 percent, depending on the type of goods or services. The FAR requires each prospective contractor to update ORCA to state whether the firm qualifies as an SDVOSB under specific North American Industry Classification System codes. Pursuant to 15 U.S.C. § 657 f(d), firms that knowingly make false statements or misrepresentations in certifying SDVOSB status are subject to penalties. Of the 10 cases we identify, all 10 of them represented to be SDVOSBs in the Central Contractor Registration (CCR).[13] Table 1 provides details on our 10 case-study firms that fraudulently or abusively misrepresented material facts related to their eligibility for the SDVOSB program. We have referred all 10 firms to appropriate agencies for further investigation and consideration for removal from the program.

Table 1: Case-Study Firm Details

Source: GAO analysis of FPDS-NG, ORCA, CCR, and contractor data and interviews.

a Obligation amounts are rounded to the nearest $100,000.

b Year 2009 amounts are through July 2009.

VA Plans to Develop Fraud Prevention Controls for VA SDVOSB Contractors

We found that the Federal Government does not have an effective fraud prevention system in place for the SDVOSB program. The 10 case studies discussed above show the impact of the significant control weaknesses in the governmentwide SDVOSB program, which allowed ineligible firms to receive millions in SDVOSB contracts. The lack of effective fraud prevention controls by SBA and agencies awarding contracts allowed these ineligible firms to receive approximately $100 million of sole-source or set-aside SDVOSB contracts over the last several years. Recently, VA has taken steps to develop a validation program for contracts it awards to SDVOSBs and VOSBs. According to VA officials, these controls are being developed to validate eligibility for awarding VA contracts only. However, currently the VA validation program is not fully implemented.

A well-designed fraud prevention system should consist of three crucial elements: (1) up-front preventive controls, (2) detection and monitoring, and (3) investigations and prosecutions. For the SDVOSB program this would mean (1) front-end controls over program eligibility prior to contract award, (2) fraud detection and monitoring of firms already receiving SDVOSB contracts, and (3) the aggressive pursuit and prosecution of individuals committing fraud, including suspension and debarment and, if appropriate, termination of the contract. In addition, agency officials should also use “lessons learned” from detection and monitoring controls and investigations and prosecutions to design more effective preventive controls.

VA’s proposed validation program is encouraging in that it attempts to address at least the first of the three essential elements of a fraud prevention framework. The Veterans Benefits, Health Care, and Information Technology Act[14]—which took effect in June 2007—requires VA, among other things, to maintain a database of SDVOSBs and VOSBs so that contractor eligibility can be verified. It also requires VA to determine whether SDVOSBs and VOSBs are indeed owned and controlled by veterans or service-disabled veterans in order to bid on and receive VA contracts. Lastly, it requires that VA set-aside and sole-source awards be made only to firms that have had their eligibility verified. At the time the act took effect, VA already maintained an online database, VetBiz Vendor Information Pages, referred to as VA’s VetBiz database, in which nearly 16,500 firms had self-certified as SDVOSBs or VOSBs. While not yet fully implemented,[15] VA’s planned validation program includes steps to verify a firm’s eligibility for the program, including validating the service-disabled status claimed by an owner and his/her control of day-to-day operations. The VA program also includes plans for document reviews and site visits to firms seeking VA certification as SDVOSBs or VOSBs. Requiring submission of documents to demonstrate ownership and control of an SDVOSB has some value as a deterrent—ownership documents could have prevented instances demonstrated in our case studies where the service-disabled veteran was receiving less than 51 percent of the profits. The most effective preventive controls involve the verification of information, such as verifying service-disabled status with VA’s database and service-disabled veteran participation in the business through an unannounced site visit. Verification of service-disabled veteran status through VA’s database could have prevented the most egregious example of fraud where the owner was not even a service-disabled veteran. Although VA’s proposed system was not intended for governmentwide use, once the certification system is in place, all SDVOSBs wishing to do business with VA will eventually have to be certified.

Although preventive controls are the most effective way to minimize fraud and abuse, to be effective, VA’s process will need to include the remaining two elements of the fraud prevention model. The second element, monitoring and detection, involves actions such as data mining for fraudulent and suspicious applicants and evaluation of firms by contracting officers and program officials to provide reasonable assurance that contractors continue to meet program requirements. The final element of an effective fraud prevention system is the aggressive investigation and prosecution of individuals who commit fraud against the Federal Government. In a report we issued in October 2009, we suggested that Congress consider providing VA with the additional authority necessary to expand its SDVOSB eligibility verification process to all contractors seeking to bid on SDVOSB contracts government wide. In addition, we recommended that the Administrator of SBA and the Secretary of Veterans Affairs coordinate with OFPP to explore the feasibility of requiring that all contractors that knowingly misrepresent their status as an SDVOSB be debarred for a reasonable period of time.

VA generally agreed with our two recommendations. In its response, VA expressed that specific authority would be required for other agencies to be able to rely on the department’s VetBiz database and exclude firms from acquisitions if not “verified” in this database. SBA’s response, provided by the Associate Administrator for Government Contracting and Business Development, generally agreed with our recommendations; however, in its general observations and specific responses to our recommendations, SBA stated that it has limited responsibility for the SDVOSB program and questioned the efficacy of one of our recommendations. Specifically, SBA stated that agency contracting officers bear the primary responsibility for ensuring that only eligible SDVOSB firms perform SDVOSB set-aside and sole-source contracts. SBA also stated that it is only authorized to perform eligibility reviews in a bid protest situation, and contracting officers, not SBA, are responsible for taking appropriate action after a bid protest decision is made. The Associate Administrator maintained that SBA was under no legal obligation to create a protest process for the SDVOSB program, and that its only statutory obligation is to report on other agencies’ success in meeting SDVOSB contracting goals. In addition, SBA expressed that it was not obligated to institute any type of fraud prevention controls within the SDVOSB program. 

Mr. Chairman, this concludes my statement. I would be pleased to answer any questions that you or other Members of the Subcommittee may have at this time.

Contacts and Acknowledgments

For additional information about this testimony, please contact Gregory D. Kutz at (202) 512-6722 or kutzg@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this statement. Jonathan Meyer, Assistant Director; Gary Bianchi; Bruce Causseaux; Randy Cole; Victoria De Leon; Beth Faraguna; Ken Hill; John Ledford; Deanna Lee; Barbara Lewis; Vicki McClure; Andrew O’Connell; George Ogilvie; Gloria Proa; Barry Shillito; and Abby Volk made key contributions to this testimony.

[1] SBA calculates its SDVOSB total by including all dollars awarded to SDVOSBs, not just those received through set-aside or sole-source contracts.

[2] SBA’s Small Business Procurement Scorecards report the annual percentage share of SDVOSB awards.

[3] Veterans Benefits, Heath Care, and Information Technology Act of 2006, Pub. L. No. 109-461, 120 Stat. 3433 (2006).

[4] GAO, Service-Disabled Veteran-Owned Small Business Program: Case Studies Show Fraud and Abuse Allowed Ineligible Firms to Obtain Millions of Dollars in Contracts, GAO-10-108 (Washington, D.C.: Oct. 23, 2009).

[5] FPDS-NG is the central repository for capturing information on Federal procurement actions. Dollar amounts reported by Federal agencies to FPDS-NG represent the net amounts of funds obligated and deobligated as a result of procurement actions. Because we did not obtain disbursement data, we were unable to identify the actual amounts received by firms.

[6] ORCA was established as part of the Business Partner Network, an element of the Integrated Acquisition Environment, which was implemented by the Office of Management and Budget’s OFPP and the Chief Acquisition Officers Council. ORCA is the primary government repository for contractor-submitted representations and certifications required for conducting business with the government.

[7] GAO-10-108.

[8] 15 U.S.C. §631 et seq., 13 C.F.R. Parts 125 and 134.

[9] The criteria for a small business are defined in 13 C.F.R. Part 121.

[10] For any publicly owned business, not less than 51 percent of the stock must be owned by one or more service-disabled veterans.

[11] The term “veteran” means a person who served in the active military, naval, or air service, and who was discharged or released there from under conditions other than dishonorable. 38 U.S.C. §101(2). Service-disabled means, with respect to disability, that such disability was incurred or aggravated in line of duty in the active military, naval, or air service.

[12] In the case of a veteran with permanent and severe disability, the spouse or permanent caregiver of such veteran may control the business.

[13] CCR is the primary contractor registrant database for the U.S. Federal Government. CCR collects, validates, stores, and disseminates data in support of agency acquisition missions.

[14] Veterans Benefits, Health Care, and Information Act of 2006, Pub. L. No. 109-461, 120 Stat. 3433 (2006).

[15] See GAO, Department of Veterans Affairs Contracting with Veteran-Owned Small Businesses, GAO-09-391R (Washington, D.C.: Mar. 19, 2009).

GAO Slide Presentation