What GAO Found Since GAO's 2023 update to the High-Risk List, Congress and executive branch agencies have taken actions resulting in notable improvements across the 37 high-risk areas. These efforts over the last two years resulted in about $84 billion in financial benefits. However, the progress made overall varied. Ten areas improved their standing and three regressed, while the others maintained their position, were rated for the first time, or were newly added. Lasting solutions to high-risk problems could save billions of dollars, improve service to the public, and increase government performance and accountability. We added a new high-risk area on Improving the Delivery of Federal Disaster Assistance. Recent natural disasters—including wildfires in Southern California and hurricanes in the Southeast—demonstrate the need for federal agencies to deliver assistance as efficiently and effectively as possible and reduce their fiscal exposure. While all high-risk areas need to make more progress, we highlight several areas that require significant attention. Examples of areas in need of significant attention include: Harnessing Modern Information Technology to Improve Services and Programs: The government spends over $100 billion annually on IT, with the vast majority of this spent on operations and maintenance of existing systems rather than new technology. Many attempts to implement new systems have too often run far over budget, experienced significant delays, and delivered far fewer improvements than promised. Expediting the Pace of Cybersecurity and Critical Infrastructure Protections: Government and private sector systems are under attack thousands of times each day, putting systems supporting Americans' daily lives at risk, such as safe water, energy supplies, reliable and secure telecommunications, and financial services. Cybersecurity threats require greater federal efforts to better understand the status of technological developments with security implications, such as artificial intelligence, to continue to enhance public and private sector coordination. Better Protecting Public Health and Reducing Risks: Several of GAO's high-risk areas focus on addressing critical weaknesses in public health efforts. Recommendations focus on issues such as coordinating public health emergencies, improving federal oversight of food safety, and addressing persistent drug shortages. Addressing Human Capital Management Challenges: Human capital challenges are cross-cutting issues that intersect with many items on GAO's High-Risk List. Twenty areas are included in the list in part due to skills gaps or an inadequate number of staff. Moreover, the government-wide personnel security clearance process, which ensures adequate screening to handle sensitive information, is not effectively managed Why GAO Did This Study The federal government is one of the world's largest and most complex entities. About $6.8 trillion in outlays in fiscal year 2024 funded a broad array of programs and operations. GAO's High-Risk Series identifies government operations with serious vulnerabilities to fraud, waste, abuse, and mismanagement, or in need of transformation. This testimony to the House Committee on Oversight and Government Reform describes the status of high-risk areas, outlines actions that are needed to assure further progress, and identifies a new high-risk area needing attention by the executive branch and Congress. GAO uses five criteria to assess progress in addressing high-risk areas: (1) leadership commitment; (2) agency capacity; (3) an action plan; (4) monitoring efforts; and (5) demonstrated progress. Ratings are based on analysis of actions taken up to the end of the 118th Congress. Efforts to address high-risk issues have contributed to hundreds of billions of dollars saved. Over the past 19 years (fiscal years 2006-2024), these financial benefits totaled nearly $759 billion or an average of $40 billion per year.

What GAO Found The Infrastructure Investment and Jobs Act (IIJA) and the Inflation Reduction Act of 2022 (IRA) provided billions of dollars in funding to the Environmental Protection Agency (EPA) and the Department of Energy (DOE). This funding is for grants and programs supporting clean energy research and development, water and infrastructure investments, and other purposes. GAO has identified challenges in various aspects of certain programs that received significant funding through this legislation.   EPA. The IIJA provided over $43 billion for State Revolving Fund (SRF) water infrastructure programs. As of January 2025, EPA had fully obligated funds to six states and had not yet obligated any funding to eight states for fiscal year 2024.The status of funds for the remaining states was mixed. The IRA also provided about $41.5 billion for grants to reduce greenhouse gas emissions and enhance climate resilience. As of January 2025, EPA had obligated about $40 billion (96 percent), and about $20 billion (49 percent) of its IRA appropriations had been expended. GAO has recommended ways EPA could improve grants monitoring, including improving financial indicators for the SRFs , and address workforce challenges affecting grants management. EPA has implemented 24 out of 29 of these recommendations.  DOE. DOE's Office of Clean Energy Demonstrations (OCED) and Loan Programs Office (LPO) are responsible for billions of DOE's IIJA and IRA funding. OCED. DOE established OCED in 2021 to manage about $27 billion in IIJA and IRA funding. As of January 2025, OCED had awarded about 140 projects and obligated about $1.6 billion. In 2024, GAO found that OCED did not have a strategic workforce plan despite needing to fill about 100 more positions to be fully staffed. GAO made recommendations including that OCED develop such a workforce plan. OCED has lost staff since the 2024 report, and GAO is monitoring OCED's efforts to implement the recommendation given current agency priorities. LPO. The IIJA and IRA provided LPO over $350 billion in new loan authority for energy-related ventures and added two new programs to the office's three active programs. After experiencing a substantial increase in applications for LPO's programs starting in 2021, the office increased the number of loans and loan guarantees it closed in the last quarter of calendar year 2024. Loans and guarantees closed in that quarter ($24.4 billion) account for about half of the total that the office has closed under its five current programs since they were established ($52.5 billion). GAO has reported on the importance of monitoring loans and guarantees after they are closed to proactively manage their risks and protect the financial interests of the federal government and the taxpayer. GAO has previously reported that there are risks involved with major new programs, especially when funding is awarded on a compressed schedule. GAO has additional ongoing work examining various aspects of how EPA and DOE are spending the funds they received in the IIJA and IRA.   Why GAO Did This Study The IIJA and IRA provided billions of dollars in funding to federal entities, including EPA and DOE. This testimony discusses the status of programs created or expanded with funds under the IIJA and IRA and related challenges. Specifically, the statement discusses (1) EPA, (2) DOE, and (3) key issues looking ahead.  This testimony is based on prior GAO work and more recent work reviewing new and expanded programs from the IIJA and IRA. It is also based on preliminary observations from ongoing work reviewing EPA's use of IRA appropriations, where GAO analyzed EPA data and documentation, and interviewed EPA officials. GAO's prior work was issued from 2007 through 2024. Details on GAO's methodology can be found in each of the 22 reports cited throughout GAO's statement for this hearing.  

What GAO Found Since GAO's 2023 update to the High-Risk List, Congress and executive branch agencies have taken actions resulting in notable improvements across the 37 high-risk areas. These efforts over the last two years resulted in about $84 billion in financial benefits. However, the progress made overall varied. Ten areas improved and three regressed, while the others maintained their position, were rated for the first time, or were newly added, as shown on page 5. Lasting solutions to high-risk problems save billions of dollars, improve service to the public, and increase government performance and accountability. New Area: Improving the Delivery of Federal Disaster Assistance Natural disasters have become costlier and more frequent. In 2024, there were 27 disasters with at least $1 billion in economic damages. Overall, these events resulted in 568 deaths and significant economic effects on the affected areas. Their frequency and intensity have severely strained the Federal Emergency Management Agency (FEMA) and its workforce. Recent natural disasters—including wildfires in Southern California and hurricanes in the Southeast—demonstrate the need for federal agencies to deliver assistance as efficiently and effectively as possible and reduce their fiscal exposure. Debris from Damaged Homes Following Hurricanes Helene and Milton, 2024, Florida The federal approach to disaster recovery is fragmented across over 30 federal entities. So many entities involved with multiple programs and authorities, differing requirements and timeframes, and limited data sharing across entities could make it harder for survivors and communities to navigate federal programs. FEMA and other federal entities—including Congress—need to address the nation's fragmented federal approach to disaster recovery. Attention is also needed to improve processes for assisting survivors, invest in resilience, and strengthen FEMA's disaster workforce and capacity. Several Areas Critical to Better Managing the Cost of Government Reducing Billions in Significant Improper Payments and Fraud Since 2003, federal agencies have reported about $2.8 trillion in estimated improper payments, including over $150 billion government-wide in each of the last 7 years. These figures do not represent a full accounting of improper payments because agencies have not reported estimates for some programs as required. For example, we found that agencies failed to report fiscal year 2023 improper payment estimates for nine risk-susceptible programs. The areas on the High-Risk List include programs that represented about 80 percent of the total government-wide reported improper payment estimate. These include two of the fastest-growing programs—Medicare and Medicaid—as well as the unemployment insurance system and the Earned Income Tax Credit. While agencies and the Department of the Treasury are taking some steps to address this issue, much more needs to be done to control billions of dollars in overpayments and prevent fraud. Implementation of GAO's recommendations by agencies and the Congress would help achieve better program integrity. Closing Large Gaps in Revenue Owed to the Government In 2024, the Internal Revenue Service (IRS) projected that the gross tax gap—the difference between taxes owed and taxes paid on time—was $696 billion for tax year 2022. IRS estimated that it will collect an additional $90 billion through late payments and enforcement actions, leaving an estimated $606 billion net tax gap. Also, IRS is continually addressing billions of dollars of attempted tax fraud through identity theft. Further, the Department of the Interior does not have reasonable assurance that it is collecting the entirety of the billions owed on oil and gas leases on federal lands. Actions by federal agencies and Congress on related GAO recommendations can help significantly to close these gaps and improve the government's fiscal position. Better Controlling Cost Growth and Schedule Delays in High Dollar Value Procurements The government has great difficulty in controlling the costs of major acquisitions in its more than $750 billion procurement portfolio. This includes procurements critical to national defense, nuclear weapon systems modernization and clean up, space programs, and health care to veterans. Many major acquisitions by agencies such as the Department of Defense (DOD), the Department of Energy, the National Aeronautics and Space Administration, and the Department of Veterans Affairs (VA) have experienced cost growth, schedule delays, or both. Implementation of GAO's recommendations, which include more consistently applying leading practices, could yield billions in savings and provide more timely delivery. Rightsizing the Government's Property Holdings Could Generate Substantial Savings The federal government is one of the nation's largest property holders. Annual maintenance and operating costs for its 277,000 buildings exceeded $10.3 billion in fiscal year 2023. Managing real property was designated high risk in 2003 because of large amounts of underused property and the great difficulty in disposing of unneeded holdings and ensuring the safety of workers and visitors. Costliness and underuse of government property holdings have been exacerbated by the recent use of telework and growing amounts of deferred maintenance, which rose from $170 billion in 2017 to $370 billion in 2024. GAO recommended more appropriate utilization benchmarks be established to guide better and more timely property management. Also, lessons need to be applied from recent failed attempts to expedite disposals to establish a more viable process. Efforts are also needed to better manage and maintain property. Achieving Greater Financial Management Discipline at DOD DOD is the only major federal agency to have never achieved an unmodified “clean” opinion on its financial statements. The department is committed to the goal of achieving a clean opinion on its statements and has made important progress in reaping several financial and operational benefits. A clean opinion was recently obtained by the Marine Corps, in addition to several smaller components. DOD needs to redouble its efforts to revamp financial management systems, more promptly fix problems identified by its auditors, and focus more on ensuring a well-qualified workforce to attain proper accountability and potential savings. Harnessing Modern Information Technology to Improve Services and Programs The federal government spends more than $100 billion annually on IT, with the vast majority of this spent on operations and maintenance of existing systems rather than new technology. Currently, the government, in many cases, is carrying out critical missions with decades-old legacy technology that also carries tremendous security vulnerabilities. Many attempts to implement new systems have too often run far over budget, experienced significant delays, and delivered far fewer improvements than promised. Recent challenges at the Federal Aviation Administration (FAA), Department of Education, and VA vividly illustrate this situation. FAA has experienced increasing challenges with aging air traffic control systems in recent years and has been slow to modernize the most critical and at-risk systems. A 2023 operational risk assessment determined that of FAA's 138 systems, 51 (37 percent) were unsustainable with significant shortages in spare parts, shortfalls in sustainment funding, little to no technology refresh funding, or significant shortfalls in capability. An additional 54 (39 percent) were potentially unsustainable. The Department of Education's Office of Federal Student Aid did not adequately plan for its deployment of the Free Application for Federal Student Aid (FAFSA) Processing System. The initial rollout of the new system was delayed several times, faced several critical technical issues, and experienced very poor customer service. This contributed to about 9 percent fewer high school seniors and other first-time applicants submitting a FAFSA, as of August 25, 2024. After three unsuccessful attempts between 2001 and 2018, VA initiated a fourth effort—the electronic health record (EHR) modernization program—to replace its health records system. In 2022, the Institute for Defense Analysis estimated that EHR modernization life cycle costs would total $49.8 billion—$32.7 billion for 13 years of implementation and $17.1 billion for 15 years of sustainment. VA remains in the early stages of deploying its new EHR system across 160 locations. As of December 2024, VA deployed the EHR system to just six of its locations and plans to deploy it at four more locations in 2026. There are over 160 remaining locations for EHR implementation. These are examples of poor performance that led GAO to designate Improving IT Acquisitions and Management as a government-wide high-risk area in 2015. There have been some improvements, including closing unneeded data centers, which saved billions of dollars. Congressional oversight by the House Committee on Oversight and Government Reform, Subcommittee on Government Operations, has helped spur improvements and included exhortations to have Chief Information Officers (CIO) more involved. Of the 1,881 recommendations made by GAO for this high-risk area since 2010, 463 remained open as of January 2025. Agency leaders need to give this area a higher priority and provide their CIOs necessary authorities and support if the government is ever to reap the benefits of modern technology. Expediting the Pace of Cybersecurity and Critical Infrastructure Protections While improvements have been made and efforts continue, the government is still not operating at a pace commensurate with the evolving grave cybersecurity threats to our nation's security, economy, and well-being. State and non-state actors are attacking our government and private-sector systems thousands of times each day. In addition to national security and intellectual property, systems supporting daily life of the American people are at risk, including safe water, ample supply of energy, reliable and secure telecommunications, and our financial services. GAO has made 4,387 related recommendations since 2010. While 3,623 have been implemented or closed, 764 have not been fully implemented. Also, greater federal efforts are needed to better understand the status of private sector technological developments with cybersecurity implications—such as artificial intelligence— and to continue to enhance public and private sector coordination. Seizing Opportunities to Better Protect Public Health and Reduce Risk Several of GAO's high-risk areas focus on addressing critical weaknesses in public health efforts. GAO's recommendations focus on ensuring the Department of Health and Human Services significantly elevates its ability to provide leadership and coordination of public health emergencies; providing the Food and Drug Administration with a much greater capacity to (1) inspect foreign drug manufacturers that produce many of the drugs consumed by Americans and (2) take stronger actions to address persistent drug shortages, including cancer therapies; improving the timeliness and quality of care given to our veterans, including mental health and suicide prevention, especially in rural areas; ensuring better health care by the Indian Health Service to Tribes and their members; providing national leadership to prevent drug abuse and further reduce overdose deaths; and ensuring the Environmental Protection Agency provides more timely reviews of potentially toxic chemicals before they are introduced into commercial production and widespread public use. There is also a need for a more comprehensive approach to food safety to address fragmentation among 15 different federal agencies and at least 30 federal laws. While the United States has one of the safest food supplies in the world, every year millions of people are sickened by foodborne illnesses, tens of thousands are hospitalized, and thousands die. A more proactive, coordinated approach that takes greater advantage of modern technology would be in the best interest of Americans and would lead to a more efficient government. Other Concerning High-Risk Areas Modernizing our Financial Regulatory Systems Actions are needed to strengthen oversight of financial institutions and address regulatory gaps. The March 2023 bank failures and rapid adoption of emerging technologies in the marketplace have highlighted continued challenges in the regulatory system since GAO initially designated this area as high-risk in 2009, during the financial crisis. In particular, the Federal Reserve should improve procedures so that decisions to escalate supervisory concerns happen in a timely manner and Congress should consider designating a federal regulator for certain crypto asset markets, as we recommended. Resolving the Federal Role in Housing Finance There is an essential need for Congress to clarify the federal role for Fannie Mae and Freddie Mac, two private sector entities that provide underwriting for the U.S. mortgage market. They are still in federal conservatorship from the 2008 global financial crisis with no clear path forward. The other key federal players, Ginnie Mae and the Federal Housing Administration, have had their portfolios greatly expanded to $2.6 trillion and $1.4 trillion respectively. Consequently, the federal government is greatly exposed to a downturn in the housing market. Addressing Long-Standing Issues with the Bureau of Prisons Prison buildings are deteriorating and in need of repair and maintenance, while facilities are understaffed, putting both incarcerated people and staff at risk. Moreover, efforts to prevent recidivism have not been thoroughly evaluated, undermining a key goal to help incarcerated people make a successful transition into society once released. The Bureau of Prisons has made some progress, but much more needs to be done. Fixing the United States Postal Service's (USPS) Outdated Business Model Congress acted to alleviate certain fiscal pressures and USPS is trying to reduce costs, but it is still losing money ($16 billion in fiscal years 2023 and 2024) and has extensive liabilities and debt ($181 billion in fiscal year 2024). USPS estimates that the fund supporting postal retiree benefits will be depleted in fiscal year 2031. At that point, USPS would be required to pay its share of retiree health care premiums, which USPS projects to be about $6 billion per year. There is a fundamental tension between the level of service Congress expects and what revenue USPS can reasonably be expected to generate. Congress needs to establish what services it wants USPS to provide and negotiate a balanced funding arrangement. Addressing the Government's Human Capital Challenges Twenty areas are on GAO's High-Risk List in part due to skills gaps or an inadequate number of staff. Moreover, the personnel security clearance system is not yet being managed in the best manner to ensure that people are adequately screened to handle sensitive information. Icon sources: GAO, USPS, and Icons-Studio/stock.adobe.com. GAO's 2025 High-Risk List High-risk area Change since 2023 Improving the Delivery of Federal Disaster Assistancea,b (area not rated because it is newly added) n/a Funding the Nation's Surface Transportation Systema (area not rated because it primarily involves congressional action) n/a HHS Leadership and Coordination of Public Health Emergenciesb (area rated for the first time) n/a Strengthening Management of the Federal Prison System (area rated for the first time) n/a Unemployment Insurance Systema,b (area rated for the first time) n/a DOD Approach to Business Transformation ↑ DOD Business Systems Modernization ↑ DOD Contract Management ↑ Emergency Loans for Small Businesses ↑ Government-wide Personnel Security Clearance Processa,b ↑ National Efforts to Prevent, Respond to, and Recover from Drug Misuseb ↑ National Flood Insurance Programa ↑ Resolving the Federal Role in Housing Financea,b ↑ U.S. Government's Environmental Liabilitya,b ↑ USPS Financial Viabilitya ↑ DOD Weapon Systems Acquisitiona ↓ Improving IT Acquisitions and Managementa,b ↓ Managing Federal Real Propertyb ↓ Acquisition and Program Management for DOE's National Nuclear Security Administration and Office of Environmental Managementa ● DOD Financial Management ● Enforcement of Tax Lawsa ● Ensuring the Cybersecurity of the Nationa,b ● Improving and Modernizing Federal Disability Programsb ● Improving Federal Management of Programs that Serve Tribes and Their Membersb ● Improving Federal Oversight of Food Safetya,b ● Limiting the Federal Government's Fiscal Exposure by Better Managing Climate Change Risksa,b ● Management of Federal Oil and Gas Resources ● Managing Risks and Improving VA Health Care ● Medicare Program and Improper Paymentsa ● Modernizing the U.S. Financial Regulatory Systema,b ● NASA Acquisition Management ● Protecting Public Health Through Enhanced Oversight of Medical Products ● Protecting Technologies Critical to U.S. National Securityb ● Strategic Human Capital Managementb ● Strengthening Department of Homeland Security IT and Financial Management Functions ● Strengthening Medicaid Program Integritya,b ● Transforming EPA's Process for Assessing and Managing Chemical Risks ● VA Acquisition Management ● Legend: ↑ indicates area progressed on one or more criteria since 2023; ↓ indicates area declined on one or more criteria since 2023 ; ● indicates no change since 2023; n/a = not applicable Source: GAO. | GAO-25-107743 aLegislation is likely to be necessary to effectively address this high-risk area. bCoordinated efforts across multiple entities are necessary to effectively address this high-risk area. Why GAO Did This Study The federal government is one of the world's largest and most complex entities. About $6.8 trillion in outlays in fiscal year 2024 funded a broad array of programs and operations. GAO's High-Risk Series identifies government operations with serious vulnerabilities to fraud, waste, abuse, and mismanagement, or in need of transformation. This biennial update describes the status of high-risk areas, outlines actions that are needed to assure further progress, and identifies a new high-risk area needing attention by the executive branch and Congress. GAO uses five criteria to assess progress in addressing high-risk areas: (1) leadership commitment; (2) agency capacity; (3) an action plan; (4) monitoring efforts; and (5) demonstrated progress. Ratings are based on analysis of actions taken up to the end of the 118th Congress. Efforts to address high-risk issues have contributed to hundreds of billions of dollars saved. Over the past 19 years (fiscal years 2006-2024), these financial benefits totaled nearly $759 billion or an average of $40 billion per year.

What GAO Found The Department of Homeland Security (DHS) invests billions of dollars to acquire systems and capabilities that advance maritime safety, respond to natural disasters, secure the border, and more. All but one of the 17 DHS major acquisition programs with DHS-approved baselines that GAO analyzed are meeting their current cost and schedule goals; however, nearly all of the programs had revised their goals at least once, with seven having revised their goals three or more times. These goals are set in their acquisition program baselines—the agreement between programs and decision-makers about an acquisition's cost and when its capabilities will be delivered. Revisions can reflect increased costs, changes in capabilities, or result in new milestone dates. For instance, since these 17 programs initially set their cost goals, the goals have increased from a total of $33.1 billion to $41.3 billion. GAO found that several programs revised their baselines without clearly documenting the reasons for the revisions in the approved baseline document. DHS's guidance notes the importance of tracking the causes of baseline revisions but does not specify the types of change drivers that can result in revisions, such as a change in requirements. If programs consistently document the change drivers that led to revised baselines, decision-makers would better understand how well programs, especially older ones, are executed over time. Further, over half of DHS's 24 major programs face cost or schedule risks. Costs risks. Two Coast Guard programs that comprised over a third of DHS's estimated acquisition costs in fiscal year 2024—Polar Security Cutter (PSC) and Offshore Patrol Cutter—are likely to drive cost growth in fiscal year 2025. For instance, in August 2024, the Congressional Budget Office estimated the PSC program cost to be about $2 billion over the program's current cost goal. Schedule risks. Fifteen programs face potential delays moving forward, including multiple Coast Guard and Customs and Border Protection programs. Program officials cited reasons such as funding challenges, among others. Since 2014, GAO has made about 220 acquisition and major acquisition program policy recommendations to DHS. The agency has addressed most of these recommendations, but almost 50 recommendations have not yet been fully addressed. These recommendations represent opportunities for improvement in areas such as Coast Guard acquisitions and DHS's acquisition workforce. Why GAO Did This Study DHS plans to spend over $41 billion to acquire systems for its current portfolio of major acquisition programs. The Explanatory Statement accompanying a bill for the DHS Appropriations Act, 2015 includes a provision for GAO to review DHS's major acquisitions on an ongoing basis. This report assesses (1) the extent to which major programs are meeting cost and schedule goals; (2) the status of cost or schedule risks; and (3) opportunities for improvement. GAO selected 24 of DHS's largest acquisition programs to determine program status as of the end of fiscal year 2024. Of these, GAO identified 17 with DHS-approved acquisition baselines for further analysis. GAO reviewed key documents; collected cost, schedule, and performance information; and interviewed DHS officials. GAO also reviewed prior GAO recommendations to DHS.

What OIG Found According to GAO’s strategic plan, it will reduce costs of operations, in part, by leveraging cloud-based technologies. Transferring data into the cloud (data ingress) is often free to users; however, some providers charge data egress fees for accessing data or transferring it out of the cloud. Despite the minimal costs GAO has incurred for data egress, opportunities exist for GAO to improve its monitoring and cost estimating processes for cloud services. The OIG found that, due to other priorities, GAO did not establish formal procedures implementing cloud cost management policies such as instituting and reviewing budget threshold alerts and cloud service usage reports. Due to the lack of procedures, GAO may not fully meet its strategic objective related to managing and reducing the cost of its cloud-based technologies in the future. The OIG also found that GAO officials did not include data egress fees in a major system’s cost estimate and did not document the exclusion because they deemed data egress fees minimal. As a result, GAO may not be fully aware of the total costs for its cloud initiatives, which could impact its ability to implement new projects and the operation and maintenance of existing initiatives. Why the OIG Did This Audit The OIG conducted this audit to (1) describe GAO’s efforts to address data egress fees in procuring cloud services and (2) assess the extent to which the estimated costs of GAO’s cloud services programs quantify data egress fees. Recommendations GAO concurred with the OIG’s recommendations to (1) establish cost management procedures for its cloud systems, including addressing data egress fees and the implementation and review of alerts and reports, and (2) develop an oversight mechanism to ensure that all fees, including data egress fees, are quantified in the cost estimate, or the exclusion of any costs is documented.

What GAO Found As of June 2024, the Department of Defense (DOD) had completed preliminary assessments and site inspections for per- and polyfluoroalkyl substances (PFAS) at nearly all 718 installations identified to have a potential PFAS release and had proceeded to the next step of the cleanup process at more than half. No locations have entered the long-term cleanup phases. Department of Defense (DOD) Actions Related to Per- and Polyfluoroalkyl Substances (PFAS) at Current or Former Military Installations, as of June 2024 DOD efforts to investigate its PFAS releases have generally been thorough, and the department reports on the pace and cost of its efforts to Congress. DOD estimates that its future PFAS investigation and cleanup costs will total more than $9.3 billion in fiscal year 2025 and beyond. DOD's estimated future PFAS investigation and cleanup costs have more than tripled since 2022. GAO found that costs will continue to increase as DOD learns more about the extent of its PFAS releases—including the breadth and depth—through remedial investigations and determines what cleanup actions are required. Department of Defense (DOD) Estimated Future Costs for the Investigation and Cleanup of Per- and Polyfluoroalkyl Substances (PFAS)by Fiscal Year DOD has not communicated to Congress the full range of cost variables for future PFAS cleanup, referred to as total fiscal exposure. By including a detailed explanation and examples of changing key cost drivers for PFAS investigation and cleanup in its semi-annual cost report to Congress or other congressional reporting mechanism, Congress will be better equipped to make decisions regarding future funding for PFAS investigation and cleanup activities. Why GAO Did This Study DOD has spent $2.6 billion since 2017 addressing PFAS releases. PFAS are a large group of chemicals developed decades ago that can persist in the environment and cause adverse health effects. DOD's use of certain firefighting agents and other activities, such as metal plating, have led to PFAS releases from DOD installations, potentially exposing service members, their families, and surrounding communities. Investigating and cleaning up PFAS releases is an endeavor that could take DOD decades and billions of dollars to complete. The National Defense Authorization Act for Fiscal Year 2024 includes a provision for GAO to review DOD's efforts to test and remediate PFAS contamination. This report (1) describes the status of DOD's efforts, and (2) assesses DOD's pace, thoroughness, and cost of its efforts, among other things. GAO analyzed DOD's PFAS-related reports to Congress, reviewed DOD and Environmental Protection Agency guidance and regulations, and interviewed officials.

What GAO Found The Safeguarding Tomorrow through Ongoing Risk Mitigation Act (STORM Act), enacted in 2021, authorized the Federal Emergency Management Agency (FEMA) to award capitalization grants for eligible states, territories, tribes, and the District of Columbia to establish revolving loan funds for hazard mitigation assistance. In the fall of 2022, FEMA started the Safeguarding Tomorrow Revolving Loan Fund (RLF) program to provide these capitalization grants—or seed money—to these entities, which then issue loans to localities to implement hazard mitigation projects. The program was appropriated $500 million for a five-year period through fiscal year 2026. In September 2023, FEMA announced the first eight awardees selected to receive a combined $50 million from the RLF grant program. Awardees submit potential projects to FEMA as part of the application process and determine what projects will receive loans based on the hazard mitigation needs of their communities. Fiscal year 2023 awardees selected projects that will mitigate the impacts of hazards such as flooding, severe storms, and high winds. RLF grant recipients provide loans to local governments or a sub-component of a local government for hazard mitigation projects that reduce community risks from natural disasters. The loans are then repaid to the RLF to fund additional hazard mitigation projects. FEMA’s Definition of a Revolving Loan Fund The RLF grant program has the potential to help communities, particularly vulnerable populations, invest more in hazard mitigation projects. For instance, the RLF program can provide access to additional funding to communities with less financial capacity to help meet the non-federal cost share requirement for other FEMA Hazard Mitigation Assistance programs. FEMA has developed some RLF program and policy guidance and technical assistance for program participants. For example, FEMA officials and program participants used the fiscal years 2023 and 2024 Notices of Funding Opportunity as the program's primary source of guidance for those award cycles. While this guidance and technical assistance covers various aspects of the RLF program, awardees noted, and GAO confirmed through GAO's review that the guidance was incomplete, unclear, and inconsistent. For example, three awardees told us FEMA guidance was ambiguous and unclear about what responsibilities awardees have for managing and reporting on aspects of their revolving loan fund. Further, one awardee told GAO that they decided to decline their award in part due to incomplete guidance regarding FEMA's close-out reporting requirements for the program. In addition, when program guidance is incomplete, unclear, or inconsistent it can contribute to the administrative burden of the program. Some awardees told GAO that administering the program required additional staff or expertise. By developing complete, clear, and consistent guidance for the RLF program, FEMA could better communicate program information to FEMA staff and program participants. Doing so would help program participants navigate the challenges that come with administering this type of program. FEMA has identified some tools to collect information on the RLF program; however, FEMA does not have a process for systematically collecting and evaluating the information to assess program effectiveness across all phases of the program. Documenting and implementing a process to regularly assess RLF program effectiveness could help FEMA ensure that the program goals are met both in the short-and long-term. Without better guidance, the program risks not achieving its goal of helping local government carry out hazard mitigation projects that reduce disaster risk for communities. Why GAO Did This Study With natural disasters affecting hundreds of communities each year, investing in hazard mitigation projects to prevent damage from these disasters is increasingly important. The STORM Act includes a provision that GAO review FEMA's implementation of the RLF program. This report includes information on how the revolving loan fund program works, the number of grants FEMA has awarded to-date, the guidance FEMA has developed for the program and whether program participants find it useful, how applicants select projects, and FEMA's efforts to develop program performance measures. To conduct this work, GAO reviewed and analyzed relevant agency documents such as FEMA's Notices of Funding Opportunity for fiscal years 2023 and 2024. GAO also interviewed officials from FEMA and all eight fiscal year 2023 RLF program awardees. For more information, contact Chris Currie at (404) 679-1875 or CurrieC@gao.gov.

What GAO Found The Department of Health and Human Services' (HHS) Temporary Assistance for Needy Families (TANF) block grant funds cash assistance and certain “non-assistance” services. These services include work, education, and training activities; childcare; and child welfare services (see fig.). The seven states GAO reviewed varied in the percentage of TANF funds spent on these different services, reflecting their distinct priorities. State officials told GAO that their states often combined TANF funds with other funds, including other federal grants or state funds, to provide these services. Overview of the Flow of Temporary Assistance for Needy Families (TANF) Non-assistance Funds from the Federal Government to State and Local Service Providers Officials from selected states generally reported collecting various demographic, participation, and outcome data on individuals and families receiving services supported by TANF non-assistance funds. Officials reported that they used various data to make eligibility determinations, monitor program performance, and adjust the delivery of TANF non-assistance services. Service providers report some data on services funded with non-assistance to state agencies, but there are no federal TANF reporting requirements for performance information on services funded with non-assistance funds. To address this, in December 2024, GAO recommended that Congress consider granting HHS additional oversight authority and also recommended that HHS improve existing reporting requirements. For certain instances in which states used TANF non-assistance funds in combination with other federal funding streams, states and service providers were subject to other federal reporting requirements. Officials from selected states reported that they encountered a range of challenges using data on those served with TANF non-assistance funds. These challenges sometimes hindered states' ability to assess whether the services improved participant outcomes. HHS's technical assistance initiatives have supported states' TANF data efforts. However, HHS's initiatives have focused on assistance while non-assistance has accounted for an increasingly large share of TANF spending. Officials from the selected states expressed an interest in learning from one another to improve their efforts to use data on those served with TANF non-assistance funds. By facilitating such information sharing, HHS could help states improve their oversight of non-assistance funds and their efforts to improve participant outcomes. Why GAO Did This Study Annually, TANF provides about $16.5 billion to states to help millions of low-income individuals and families. In fiscal year 2022, states spent more than 44 percent of federal TANF and state funds on non-assistance services. Questions have arisen about how states use and account for TANF funds. GAO was asked to review TANF non-assistance spending. This report examines (1) how selected states have used TANF non-assistance funds, (2) non-assistance data collected and used by selected states, and (3) any data challenges faced by selected states and the extent to which HHS provides support to address these challenges. This report is part of a series of reports on TANF GAO issued in 2024 and 2025 ( GAO-25-107235 and GAO-25-107290 ). GAO analyzed selected states' fiscal year 2022 TANF expenditure data, the most recent available at the time of GAO's analysis. GAO also interviewed HHS officials, those knowledgeable about TANF, and state and local officials in a nongeneralizable selection of seven states (Illinois, Mississippi, New Mexico, New York, Ohio, Texas, and Wyoming). These states were selected to reflect variation in geographic region and the percentage of residents in poverty. GAO reviewed relevant federal laws, regulations, and agency documents.

What GAO Found In 2016, the Department of Veterans Affairs (VA) established the Financial Management Business Transformation program (the program) to replace its aging financial and acquisition systems. In 2021, GAO made two recommendations to VA to help ensure that the program's cost estimate and schedule were consistent with GAO-identified best practices. They have not yet been implemented. VA continues to not fully or substantially meet best practices for developing and managing the cost estimate and schedule. As a result, they are unreliable. Without a reliable cost estimate and schedule, VA management risks not making fully informed and sound decisions. Additionally, the program substantially or fully met five Agile best practices for requirements development and management and partially met the remaining three (see table). Regarding the three partially met practices, (1) if the program does not ensure complete and feasible requirements, it could be working on requirements that are not high priority; (2) without traceability, the program cannot establish that the work is contributing to its goals and providing value; and (3) by not balancing customer needs, the program could be developing functionality that is not immediately necessary. Summary Assessment of VA Program Requirements Development and Management Efforts Against Agile Best Practices Best practice GAO assessment Refine requirements ● Test and validate the system as it is being developed ● Ensure work is contributing to the completion of requirements ◕ Elicit and prioritize requirements ◕ Manage and further refine requirements ◕ Ensure requirements are complete, feasible, and verifiable ◑ Maintain traceability in requirements decomposition ◑ Balance customer and user needs and constraints ◑ Legend: ●=Fully met; ◕=Substantially met; ◑=Partially met; ◔=Minimally met; ○=Not met Source: GAO analysis of Department of Veterans Affairs (VA) Financial Management Business Transformation program documentation. | GAO-25-107256 GAO also found that VA generally incorporated the five key elements of effective independent verification and validation (independent review) for the program. Specifically, the program incorporated nine of the 10 key sub-elements and partially implemented one sub-element on determining which programs are subject to independent review. Although the program generally incorporated the elements of an effective independent review, VA does not have a department-wide IT acquisition policy that requires independent review or incorporates the key elements. As a result, VA risks not consistently implementing independent reviews for other VA IT programs. Regarding addressing identified issues, as of November 2024 the independent review team reported that the program resolved 93 percent of the findings and recommendations that the team identified from 2021 to 2024. This is a significant improvement compared to the 27 percent of recommendations reported implemented as of April 2020. Why GAO Did This Study VA's core financial system is more than 30 years old. Two prior attempts to replace the system, beginning in 1998, failed after years of development and hundreds of millions of dollars in costs. The current program has spent $1.9 billion since 2016 and completed six incremental deployments of a new system. The current target date for program completion is 2031. GAO was asked to review the progress of the program. This report examines the extent to which (1) the program's cost estimate and schedule followed best practices; (2) requirements development and management efforts followed Agile best practices; and (3) the independent program reviews that VA conducted met key elements of effective reviews and addressed identified issues. GAO evaluated program and independent review documentation, compared it with relevant best practices, and interviewed cognizant VA officials.

What GAO Found From June 2020 to May 2023, GAO issued four reports on the Department of Veterans Affairs' (VA) efforts to implement its electronic health record modernization (EHRM) and made a total of 15 recommendations aimed at improving implementation. Among other things, these recommendations addressed poor user satisfaction, the need for better change management, the pace of system trouble ticket resolution, and the importance of addressing independent operational assessment deficiencies. Most recently, in its draft report currently at VA for comment, GAO's preliminary results show that VA is making incremental improvements. This includes implementing over 1,500 system configuration changes and initiating projects to address user challenges. However, much more remains to be done: As of February 2025, VA had not addressed approximately 1,800 complex configuration change requests. The program lacks an updated total life cycle cost estimate that reflects the many EHRM changes and delays. Existing EHRM life cycle cost estimates range from VA's $16.1 billion to an independent estimate of $49.8 billion. Updating the independent life cycle cost estimate is imperative to understanding the full magnitude of VA's investment. Similarly, it is critically important that VA update its integrated schedule to inform decision-making. Planned system deployment at four additional locations results in about 160 medical centers (94 percent of VA's total number of medical centers) without the new system as of mid-2026. The EHRM program did not identify baselines and targets for one of its nine metrics to measure the impact of the new system at the live sites. VA's 2024 user surveys continue to reflect general dissatisfaction with the new system. (See figure.) Department of Veterans Affairs User Feedback on Electronic Health Record Enabling Efficiency An updated cost estimate and integrated schedule are essential management tools to inform VA of the challenges it faces in moving forward. Why GAO Did This Study After three unsuccessful attempts since 2001, VA initiated its fourth effort—the EHRM program—to replace its legacy system. In April 2023, after deploying the new system to five of its medical centers, VA paused deployments due to user concerns. On December 20, 2024, VA announced that it was resuming planned deployments in mid-2026 to four Michigan facilities. . GAO was asked to testify on VA's EHRM program. GAO summarized the results of its previously issued reports on EHRM and followed up on implementation of its prior recommendations. GAO also summarized the preliminary results of a draft report currently at the agency for comment that addresses, among other things, VA cost estimating and integrated scheduling.

What GAO Found The U.S. Army Corps of Engineers (Corps) manages water resources projects— such as dams, locks, and waterways—across the U.S. to strengthen national security, protect and manage aquatic ecosystems, reduce risks from disasters, and support commerce. In fiscal years 2018 through 2023, the Corps allocated approximately $28.5 billion in appropriated construction funds to 278 projects across 47 states, Washington, D.C., the Commonwealth of Puerto Rico, and the U.S. Virgin Islands (see figure). Geographic Distribution of Construction Funding at U.S. Army Corps of Engineers Water Resources Projects, Fiscal Years 2018 through 2023 The geographic distribution of the Corps' construction funding in fiscal years 2018 through 2023 resulted from factors included in appropriations legislation and Corps and Army guidance documents. Congress directed $8.7 billion (30.5 percent of all construction funding) to specific projects and activities in annual appropriations acts. For the remaining $19.8 billion (69.5 percent of funding), Congress included project eligibility criteria and other considerations in appropriations acts that influenced the distribution of funding. The Corps applied these criteria and considerations, along with others identified in Corps and Army guidance, to identify eligible projects and prioritize projects to receive construction funding. After identifying eligible projects, the Corps ranked discrete segments of work at each project to compile a list of proposed allocations. The Corps considered other factors in this process, such as environmental returns and project completion status. Why GAO Did This Study Through its Civil Works program, the Corps plans, designs, constructs, operates, and maintains water resources projects across the U.S. to address flood risk management, navigation, and aquatic ecosystem restoration, among other things. The Water Resources Development Act of 2022 includes a provision for GAO to review the Corps' funding of its water resources projects. This report examines (1) the geographic distribution of annual and supplemental funding for water resources projects carried out by the Corps in fiscal years 2018 through 2023, and (2) the factors that contributed to the geographic distribution of funding. GAO analyzed allocation and geographic data provided by the Corps to determine the location of Corps projects that received construction funding in fiscal years 2018 through 2023. GAO reviewed the annual Energy and Water Development and Related Agencies Appropriations Acts, the accompanying explanatory statements, and the five supplemental appropriations acts that provided construction funding during that period. GAO also reviewed Corps and Army documents, policies, and guidance that described the processes used to identify Corps projects that could receive construction funding from those appropriations acts. GAO interviewed knowledgeable Corps officials about these processes to help determine the factors that contributed to the geographic distribution of construction funding. For more information, contact Jeff Arkin at (202) 512-6806 or arkinj@gao.gov.

What GAO Found The structure and amount of executive compensation packages at three failed banks were similar to those of peer banks GAO reviewed. A median of 86 percent of executive compensation at the failed banks and 83 percent at the peer banks was incentive-based and tied to executive and bank performance. All the packages incorporated risk-mitigating elements that align with practices described in federal compensation guidelines. All the banks used financial measures of performance, such as return on equity and shareholder returns. Most banks also used nonfinancial measures, such as meeting goals for prudent risk management. All the former top executive officers at the three failed banks received stock awards (totaling about $130 million) and made disposals (totaling about $214 million) from January 2021 through March 2023. Executives at two of the failed banks disposed of more than $17 million in the first quarter of 2023, which was similar to their disposals in the first quarter of the previous year. Federal banking regulators use supervisory activities, such as ongoing monitoring and examinations, to review compensation issues and risks at large banks. From 2017 through 2022, regulators examined executive compensation at 15 of the 21 large banks GAO reviewed, including two of the three failed banks. Overall, regulators identified 10 supervisory concerns (matters requiring attention) related to compensation issues across eight institutions during this period. This included one supervisory concern in 2022 at the holding company of one of the failed banks, which was taking corrective action when the bank failed. In 2010, Congress required six agencies to jointly prescribe regulations or guidelines on incentive compensation by April 21, 2011. The agencies formed a working group to draft and propose joint regulations but have yet to finalize them (see figure). Timeline of Key Events Related to Rulemaking on Incentive-Based Compensation Arrangements Leaders within and across the agencies hold differing views on regulatory approaches for incentive-based compensation arrangements. For example, some agency leaders advocate a principles-based approach that outlines general principles and objectives for discouraging inappropriate risk-taking. Others support an approach with more specific and stringent requirements. Reconciling these differences and jointly prescribing regulations or guidelines would help prevent excessive compensation arrangements at financial institutions that encourage inappropriate risks. Why GAO Did This Study Incentive-based compensation can motivate good performance but also encourage risky behavior. Bank failures in early 2023 and executive bonuses one bank paid on the day it failed raised questions about compensation practices at large banks. GAO was asked to review compensation at three failed banks. This report examines (1) executive compensation packages at the failed banks and a peer bank group, (2) executives' stock transactions at the failed banks, (3) regulators' review of executive compensation at selected large banks, and (4) efforts to finalize an incentive compensation rule. GAO analyzed the most recent publicly available annual disclosures for 11 banks (three failed banks and eight peer banks selected for similarity in asset size and business lines); public disclosures on stock transactions by executives at the failed banks (January 2021–March 2023); and examination documentation (2017–2022) on compensation for 21 banks (10 banks with largest asset size, eight peer banks, and three failed banks). GAO also reviewed agencies' proposed rules and public statements on the incentive compensation rulemaking since 2011.

What GAO Found Beneficial owners are individuals who, directly or indirectly, own or control a certain percentage of, or exercise substantial control over, a company or other legal entity. The Financial Crimes Enforcement Network (FinCEN) collects and shares information about beneficial owners to help safeguard the U.S. financial system from illicit use and to support law enforcement investigations, among other purposes. In December 2023, FinCEN adopted a rule that allows authorized users (such as federal agencies engaged in national security, intelligence, or law enforcement activity) to access this information if they establish data-safeguarding procedures for it. GAO found that the rule incorporated all the Corporate Transparency Act's requirements for protecting the security and confidentiality of beneficial ownership information. In spring 2024, FinCEN launched the first phase of its five-phase process to grant access to beneficial ownership information by selecting six federal agencies for a pilot, partly to test its IT system. To be approved for access, FinCEN required each agency to sign a memorandum of understanding specifying safeguards they would implement to protect the data. Agencies also had to submit an initial report describing safeguarding procedures and certify they complied with the rule's protection requirements. As of October 2024, four of the six agencies had submitted the necessary documents (see table). Federal Agencies Approved to Access Beneficial Ownership Information, as of October 29, 2024 Agencies granted access Federal Bureau of Investigation Internal Revenue Service-Criminal Investigations U.S. Postal Inspection Service U.S. Secret Service Agency staff with access 100 System searches conducted Nearly 1,700 Source: Financial Crimes Enforcement Network. | GAO-25-107403 In September 2024, FinCEN began the second phase, enabling about 200 additional federal agencies to request access to beneficial ownership information. Based on feedback from the pilot, FinCEN revised its memorandum of understanding to clarify certain compliance requirements. FinCEN also created a procedure for reviewing and granting agency requests for information. Agencies must still sign a memorandum of understanding, report on their safeguarding procedures, and certify compliance with information protection requirements. FinCEN officials told GAO they have been developing policies and procedures for overseeing users' access and safeguarding practices. This oversight is to include conducting annual audits, monitoring how users search the data, and reviewing reports submitted by authorized users. FinCEN plans to assess the need for additional oversight mechanisms as the access program is fully implemented. GAO will continue to monitor FinCEN's implementation of its oversight policies and procedures. Why GAO Did This Study The Corporate Transparency Act, enacted in 2021, requires certain legal entities to report their beneficial ownership information to FinCEN. This requirement supports U.S. efforts to prevent bad actors from concealing or benefiting from ill-gotten gains through shell companies or other opaque ownership structures. The act required FinCEN to adopt a rule to safeguard this information from unauthorized use. The Corporate Transparency Act also includes a provision for GAO to determine whether FinCEN's safeguards, procedures, and use of beneficial ownership information, as established in its access rule, are consistent with requirements of the act. This report is the first in a series of seven annual reports. This report examines (1) whether FinCEN's access rule included Corporate Transparency Act requirements for protecting the security and confidentiality of beneficial ownership information, (2) the extent to which FinCEN granted agencies access to beneficial ownership information in compliance with the act, and (3) FinCEN's oversight of agencies' access to and use of the information. GAO reviewed the Corporate Transparency Act and FinCEN's beneficial ownership information access rule; analyzed FinCEN's policies, procedures, and other documents related to the access program; and interviewed FinCEN and other agency officials. For more information, contact Michael E. Clements at (202) 512-8678 or clementsm@gao.gov.

What GAO Found The Department of Defense (DOD) submitted about 55 percent of its agency comments, 88 percent of its sensitivity reviews, and 67 percent of its security reviews to GAO after the 30-day deadline. Sensitivity reviews are conducted to identify sensitive information, such as controlled unclassified information. Reviews for classified information, such as information designated as Secret or Top Secret, are generally referred to as security reviews. DOD’s timeliness in providing agency comments and sensitivity/security reviews has decreased significantly from December 2022 to November 2024 (See figure below). However, GAO is working with DOD to improve its timeliness. Figure: Percentage of Department of Defense (DOD) Responses That Took More Than 30 Days during GAO's Four Review Periods GAO provides audited agencies with an opportunity to review and comment on its draft reports before GAO issues the final report. DOD provided GAO comments on 82 reports from May 11, 2024, to November 6, 2024. While GAO generally provides DOD with 30 days for agency comment, on average, DOD took 42 days. Of the 82 reports, DOD submitted comments for 45 after the 30-day deadline and took an additional 29 days, on average, to submit agency comments on those reports. For one report, DOD took 182 days to provide its comments. GAO requests that the department complete sensitivity and security reviews of reports if controlled unclassified or classified sources were used, and to communicate the results of the review in writing. DOD completed 39 reviews—33 sensitivity and 6 security reviews—during the same period. On average, DOD completed sensitivity reviews in 54 days and security reviews in 74 days—exceeding the 30-day deadline. Of the 38 reports for which GAO granted an extension to the deadline for submitting comments, DOD did not meet the extension deadline for 13. DOD also submitted comments late for eight additional reports without requesting extensions. Why GAO Did This Study Delays in DOD submitting agency comments or the sensitivity/security reviews result in GAO issuing products later than mandated or requested by Congress. In some cases, delays may result in GAO taking the unusual step of issuing reports without DOD comments in order to provide Congress with requested information. The James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 included a provision for GAO to report every 6 months over a 2-year period on the extent to which DOD submitted agency comments and sensitivity or security reviews in a timely manner and in accordance with GAO protocols. This report is the fourth in a series of four reports on this topic. It covers the time period May 11, 2024, to November 6, 2024. For more information, contact Alissa Czyz at (202) 512-3058 or czyzaj@gao.gov.

What GAO Found The Department of Veterans Affairs (VA) is responsible for providing benefits to veterans. Within VA, the Veterans Health Administration (VHA) provides health care benefits to eligible veterans with service-connected disabilities living or traveling abroad through its Foreign Medical Program. In fiscal year 2024, VHA data show the program paid $128.3 million in reimbursements to 8,024 veterans or their providers, representing a 263 percent increase in reimbursements since fiscal year 2018. In fiscal year 2024, the program reported processing 37 percent of claims within 45 days; its goal is to process 90 percent within that time. Foreign Medical Program Reimbursements, Fiscal Years 2018 through 2024 The Foreign Medical Program makes reimbursements using paper checks, despite a federal law generally calling for electronic payments. Reliance on paper checks has resulted in challenges, including delayed or lost checks, according to officials. VA has begun a transition to an electronic payment method, but when or how the transition will occur is unclear. Implementing the new method will help ensure the timeliness and security of reimbursements. VHA increased its authorized staffing in August 2023 from 25 to 38 positions for the Foreign Medical Program to help meet its timeliness goal. However, 14 positions remained vacant in 2024 due to various reasons, including a VHA zero-growth hiring policy, according to officials. VHA has taken some steps to help with hiring, such as allowing positions to be remote, but has not otherwise identified and evaluated staffing strategies. Evaluating and implementing such strategies could help the program address its staffing challenges and process claims in a timely manner. VA has not comprehensively assessed fraud risks in the program in line with selected leading practices, despite evidence of potential fraud. This included VA suspending providers in 2024 due to their alleged involvement in a long-term fraud scheme. VHA developed two documents to outline efforts for fraud, waste, and abuse activities within VHA. However, VA has not implemented selected leading practices outlined in GAO's Fraud Risk Framework. These include assigning an entity to lead and regularly assess fraud risks. Implementing such practices will help VA better prevent, detect, and respond to fraud. Why GAO Did This Study Thousands of veterans live in or travel to foreign countries each year. For qualifying medical expenses incurred abroad, veterans, or the providers that deliver services, may submit claims to VHA's Foreign Medical Program for reimbursement. The Consolidated Appropriations Act, 2023, includes a provision for GAO to review the VHA Foreign Medical Program. This report addresses available data on program claims, VHA processes for reimbursing claims, program staffing, and the extent to which fraud risk management activities for the program are consistent with selected leading practices. GAO reviewed data on claims processed for fiscal years 2018 through 2024 and relevant program policies and documentation; assessed the program's processes against criteria, such as human capital management key practices and GAO's Fraud Risk Framework; and interviewed agency officials, veterans who use the program, and five veterans service organizations. GAO conducted interviews with veterans in person and obtained written responses via email.