What GAO Found The Sarbanes-Oxley Act of 2002 was enacted to improve the reliability of public company financial reporting and auditing. Section 404 of the act has two key subsections that apply to public companies: Section 404(a) requires management to assess the effectiveness of internal control over financial reporting in annual reports filed with the Securities and Exchange Commission (SEC). Section 404(b), auditor attestation, requires auditors for public companies to attest to management's assessment of these internal controls. Amendments to the act exempted certain smaller and emerging growth companies from Section 404(b) requirements. Companies' costs to comply with these provisions include expenses related to personnel, technology, and auditor fees. Companies incur internal costs to develop, test, and document internal control over financial reporting. But these internal costs are difficult to isolate from broader expenses, such as costs for software also used for other purposes. Similarly, auditor fees are not itemized specifically for Section 404(b) compliance (they typically are included in total audit fees). Thus, available data and analysis on compliance costs are limited. Larger (nonexempt) companies generally incurred higher overall Sarbanes-Oxley compliance costs, but these costs were proportionally more burdensome for smaller (exempt) companies. Nonexempt companies (generally those with $75 million or more in publicly held shares or companies not qualifying as emerging growth companies) had higher costs (19 percent) than their exempt counterparts, according to GAO's analysis of a nongeneralizable sample of 96 companies. Companies generally experienced increased audit costs when they transitioned from exempt to nonexempt status (became subject to auditor attestation because their public float or revenues grew above exemption thresholds). Audits of nonexempt companies involve more work because the incremental auditing standards that apply to them require more planning, control testing, and quality review. GAO's analysis found a median increase of $219,000 (13 percent) in audit fees in the year a company became nonexempt. Audit fees generally leveled off in the year after transition. The Section 404(b) exemption has had some positive effects for companies. Research suggests that not having to obtain auditor attestations provides financial and nonfinancial relief for smaller (exempt) companies. Companies can redirect the time and money saved from compliance toward business growth and development. But research also suggests companies that announced they had to restate financial statements (due to material errors) tended to have weak internal control over financial reporting or be smaller. GAO's analysis of a nongeneralizable sample of 100 restatements in 2022 and 2023 also found that 41 of 56 exempt companies (73 percent) in its sample cited both ineffective internal control over financial reporting and material weaknesses compared to 26 of 44 nonexempt companies (59 percent). Why GAO Did This Study Amendments to the Sarbanes-Oxley Act since its 2002 passage sought to promote capital formation and reduce unnecessary cost burdens for smaller companies. These changes include exempting certain smaller and emerging growth companies from the auditor attestation requirement. GAO was asked to review the compliance costs and other effects of the Sarbanes-Oxley Act. Among its objectives, this report examines the compliance costs associated with Section 404 of the act, and the effects of the Section 404(b) exemption, such as on companies and the reliability of their financial information. GAO analyzed a nongeneralizable sample of SEC audit fee data for 2019–2023 (most recent available) as a proxy measure for Section 404(b) costs; a nongeneralizable sample of financial restatements; and SEC enforcement actions in 2022–2023. GAO also reviewed laws, annual cost surveys of public companies, relevant research studies, and prior GAO reports. GAO interviewed SEC and Public Company Accounting Oversight Board officials; 17 audit committee members from exempt and nonexempt companies; and representatives or members of seven trade associations (representing businesses, investors, accounting academics, auditing professionals, and financial executives). For more information, contact Michael E. Clements at clementsm@gao.gov.

What GAO Found The U.S. Department of Agriculture's (USDA) Natural Resources Conservation Service (NRCS) has a variety of dam safety responsibilities but has not consistently implemented them. NRCS assists project sponsors—typically local governments—in designing, planning, constructing, and rehabilitating watershed dams. Sponsors are responsible for safely operating and maintaining dams according to federal, state, local, and tribal laws and regulations. NRCS's responsibilities include (1) monitoring sponsors' compliance with operation and maintenance requirements, and (2) maintaining a national data inventory of NRCS-assisted dams. However, NRCS has not consistently reviewed operation and maintenance agreements with sponsors every 5 years or monitored the timely completion of dam inspections. As a result, 32 percent of significant- and high-hazard dams within their evaluated lives were past their required inspection due date, as of August 2024. In addition, key safety information NRCS collects—such as the condition of some dams—is missing or inaccurate. Without complete and accurate data, NRCS cannot ensure the safe operation and maintenance of dams across the country that help protect communities from flooding. A Natural Resources Conservation Service Watershed Dam in Virginia In addition, GAO found that some of NRCS's processes for funding rehabilitation projects are not fully transparent. NRCS's Watershed Rehabilitation Program (REHAB) provides project sponsors with funding to rehabilitate their dams, to help meet safety and performance standards. However, NRCS has not fully communicated to project sponsors key information related to funding availability, eligibility, or the types of projects to be funded. Sponsors for eight of the 25 dams GAO met with said they were either unaware of REHAB or unclear about the requirements for receiving funding. Without improved communication about the program, project sponsors may continue to miss opportunities to address critical safety issues. Additionally, for fiscal year 2024, NRCS did not document why its state offices advanced some applications to headquarters for funding consideration and not others. NRCS officials said the specific rationale for prioritizing some projects over others can vary by state. Without guidance for NRCS state offices to document the rationale for these decisions, NRCS cannot ensure it allocates funds in a consistent and transparent manner that aligns with agency goals to protect lives, property, and infrastructure. Why GAO Did This Study NRCS assisted in the designing, planning, and construction of nearly 12,000 watershed dams to control flooding and prevent damage to communities. Most of these dams were built between 1954 and 1980 in rural, agricultural areas of the U.S. As these dams have aged and surrounding areas have developed, stakeholders are concerned about the safety of the dams. GAO was asked to review how NRCS manages dam safety. This report assesses the extent to which (1) NRCS has implemented its dam safety responsibilities, and (2) NRCS's processes for funding dam projects under REHAB are transparent. GAO reviewed NRCS policies, guidance, and data, as well as relevant federal laws and regulations. GAO selected a nongeneralizable sample of 25 dams in five states based on condition, geography, and other factors. For these dams, GAO reviewed documentation and interviewed project sponsors. GAO conducted site visits at 10 of these dams in three states and interviewed officials from NRCS, state dam safety offices, and other stakeholders.

What GAO Found As determined by GAO's review of 69 federal legacy IT systems, the 11 legacy systems most in need of modernization are maintained by 10 federal agencies. These agencies' missions are essential to government operations such as health care, critical infrastructure, tax processing, and national security, and these legacy systems provide vital support to the agencies' missions. GAO identified 11 legacy IT systems as most in need of modernization (see table 1). Eight of the 11 systems use outdated languages, four have unsupported hardware or software, and seven are operating with known cybersecurity vulnerabilities. For example, both of the Department of the Treasury's selected systems run on Common Business Oriented Language (COBOL) and Assembly Language Code—programming languages that have a dwindling number of people available with the skills needed to support them. In addition, the Environmental Protection Agency's system contains obsolete hardware that is not supported by manufacturers and has known cybersecurity vulnerabilities that cannot be remediated without modernization. Table 1: The 11 Most Critical Federal Legacy IT Systems in Need of Modernization Agency System namea    Age of system Hardware/software/operating system(s) supported Legacy programming language(s) used Department of Agriculture System 1 41 Yes Yes Department of Commerce System 2b 30 Unknownc No Department of Defense System 3b 60 Yes Yes Department of Energy System 4 25 Yes Yes Department of Health and Human Services System 5b 55 Yes Yes Department of Homeland Security System 6 30 No No Department of the Interior System 7b 23 No Yes Department of Transportation System 8 31 No Yes Department of the Treasury   System 9 59 Yes Yes System 10 51 Yes Yes Environmental Protection Agency System 11 51 No No Legend: green shade = favorable characteristic, red shade = unfavorable characteristic, and grey shade = unknown characteristic. Source: GAO analysis of agency data. | GAO-25-107795 aDue to sensitivity concerns, GAO substituted a numeric identifier for the system names. bThis system was previously identified in GAO's 2019 review as one of the federal government's legacy systems in need of modernization (see GAO-19-471 and concurrent limited official use only report GAO-19-351SU). cCommerce officials stated that the Census Bureau, National Institute of Standards and Technology, and National Oceanic and Atmospheric Administration manage their own hardware for System 2, and that hardware information was unknown for the Census Bureau. As shown in table 2, agencies had developed modernization plans for nine of the 11 systems. Of the nine systems with plans, three included all three elements of a plan (at Homeland Security, the Interior, and the Environmental Protection Agency), and six did not include all elements of a plan (at Agriculture, Commerce, Health and Human Services, Transportation, and the Treasury). The two systems without plans belonged to Defense and Energy. Table 2: Extent to Which Agencies' Legacy IT Systems Documented Modernization Plans Included Key Elements Agency System namea Includes milestones to complete the modernization Describes the work necessary to modernize the system Summarizes planned disposition of legacy system Department of Agriculture System 1 Yes – planned completion 2031 No Partial Department of Commerce System 2 Partial Partial Partial Department of Defense System 3 No modernization plan     Department of Energy System 4 No modernization plan     Department of Health and Human Services System 5 Partial Partial Partial Department of Homeland Security System 6 Yes – planned completion September 2026 Yes Yes Department of the Interior System 7 Yes – planned completion August 2027 Yes Yes Department of Transportation System 8 Yes – planned completion 2030 No Partial Department of the Treasury System 9 Partial Partial No   System 10 Partial Yes Partial Environmental Protection Agency System 11 Yes – planned completion December 2028 Yes Yes Source: GAO analysis of agency modernization plans. | GAO-25-107795 Note: Agencies received a “partial” if the element was completed for a portion of the modernization. aDue to sensitivity concerns, GAO substituted a numeric identifier for the system names. The incomplete modernization plans are especially concerning for seven of the systems because they reportedly have modernizations already underway. These seven systems belonged to six agencies: Agriculture, Commerce, Defense, Health and Human Services, Transportation, and the Treasury. Until agencies fully document modernization plans for critical legacy IT systems, their modernization initiatives will have an increased likelihood of cost overruns, schedule delays, and overall project failure. Project failure would be particularly detrimental not only because of wasted resources, but also because it would prolong the lifespan of increasingly vulnerable and obsolete systems. This could expose agencies and system clients to security threats and potentially significant performance issues. Further, there are likely more legacy systems needing attention beyond what is highlighted in this report. GAO recommended nearly a decade ago, and has since made it a priority recommendation, that OMB direct agencies to identify legacy systems and/or investments needing to be modernized. OMB has not yet taken action. Given OMB's lack of action, Congress requiring federal agencies to develop modernization plans for critical legacy systems can expedite agencies' efforts. Why GAO Did This Study Each year, the federal government spends more than $100 billion on IT and cyber-related investments. Of this amount, agencies have typically reported spending about 80 percent on operations and maintenance of existing IT. This includes maintaining legacy systems that can pose significant challenges, such as increased costs and cybersecurity vulnerabilities. In June 2019, GAO identified 10 critical federal legacy IT systems that were most in need of modernization. As of February 2025, agencies have completed three of the 10 modernizations. Of the seven remaining modernizations, agencies planned to complete four in the next few years, two in 5 or more years, and one does not yet have a planned completion date established. GAO was asked to conduct an updated review of federal agencies' current legacy systems. GAO's specific objective for this report was to identify the federal legacy systems most in need of modernization and evaluate plans for modernizing them. To do so, GAO asked the 24 Chief Financial Officers Act agencies to provide their three legacy IT systems most in need of modernization and obtained a total of 69 systems. GAO scored these systems based on 16 system attributes and associated point values, such as age, vendor support, use of legacy programming languages, degree of cybersecurity risk, and operating costs. GAO ranked the systems based on their scores and selected those with the highest scores. For the resulting 11 systems, GAO compared the agencies' modernization plans against leading practices. According to government and industry best practices, agencies' documented plans for system modernization should include, at a minimum, (1) milestones, (2) a description of the work, and (3) details regarding disposition of the legacy system. GAO then analyzed agencies' documented modernization plans for the selected systems to determine whether the plans included these elements. This is a public version of a sensitive report that is being issued concurrently. Sensitive information, such as system names and identifiers, has been omitted.

What GAO Found As of February 2025, the Internal Revenue Service (IRS) had been implementing a strategy to improve taxpayer services with Inflation Reduction Act (IRA) funds. IRS developed two strategic objectives aligned with a range of service improvement projects. These included efforts such as to improve access to live assistance on the telephone and in person, and expand features that allow taxpayers to perform interactions online. GAO interviewed 10 selected groups that represent taxpayers about what they want and need from IRS. These included clear guidance and tools. IRS officials described ongoing or planned actions to address these wants and needs, such as simplifying taxpayer notices and providing IRS staff computer systems and data to help taxpayers. In March 2025, however, IRS said it is reassessing which IRA projects to continue because of changes in IRS funding and staffing levels. IRS's efforts to improve the taxpayer experience have been spurred by statutory requirements, including IRS's Taxpayer Experience Strategy as required by the Taxpayer First Act of 2019. IRS has acted to follow Office of Management and Budget (OMB) guidance for high-impact service providers, including developing annual plans to improve priority services. IRS faces challenges in demonstrating that it has improved the taxpayer experience, such as limited data and measures, uncertain funding and staffing levels, and changes in complex tax laws. IRS officials outlined efforts to address these challenges, such as developing new measures, data, and tools on how taxpayers experience IRS services. IRS documents state that these service improvements are intended to improve the taxpayer experience. For example, its 2023 strategic plan said IRS would make it easier for taxpayers to meet their tax responsibilities and receive tax incentives for which they are eligible. IRS has also taken some actions to develop and use evidence to assess progress in improving services but has not fully established an evidence-based approach such as by using 13 key practices GAO has identified to determine the effects of these efforts on the taxpayer experience. For example, IRS has not fully established key practices to: define taxpayer experience goals related to service improvements; generate new evidence from measures, analytical tools, and dashboards to track progress with the taxpayer experience goals; involve external stakeholders to help assess the effects of its service improvements on the taxpayer experience; and promote accountability for achieving the taxpayer experience goals. IRS officials said establishing an evidence-based approach using these and other key practices has been delayed. The IRS offices that had been coordinating IRA and taxpayer experience initiatives were disbanded in March 2025 and April 2025, respectively, according to IRS officials. As IRS reorganizes and reassesses priorities, integrating all key practices in an evidence-based approach can inform decisions to make the best use of resources in improving the taxpayer experience. Why GAO Did This Study IRS has struggled with long-standing challenges in improving how taxpayers experience interacting with IRS services. Policymakers have recognized the critical importance of improving taxpayer services IRS provides, as well as the related taxpayers' experience in using the services. IRA provided IRS tens of billions of dollars over 10 years for improving operations, including services to taxpayers. The IRA includes a provision for GAO to oversee the distribution and use of IRA funds. This report (1) describes IRS's plans and actions to improve services to meet taxpayer wants and needs, (2) describes IRS's plans and actions to improve the taxpayer experience and overcome related challenges, and (3) evaluates whether IRS is assessing how service improvement efforts have improved the taxpayer experience using evidence. GAO reviewed IRS documents and interviewed IRS officials and relevant stakeholders, including members of 10 selected groups that represent taxpayers. GAO also compared IRS's strategic plans, projects, and other documents to federal guidance, including federal statutes, OMB guidance, and practices that GAO had identified to help agencies build and use evidence to manage performance.

What GAO Found In response to GAO's December 2022 report on the Federal Employees Health Benefits (FEHB) program, the Office of Personnel Management (OPM) has taken some steps to manage the program's fraud risks, such as completing fraud risk assessments. However, two recommendations, including that OPM identify and remove ineligible family members from FEHB, remain open. In this second review of the FEHB program, GAO found that OPM's ongoing efforts to manage fraud risks do not fully align with selected leading practices. OPM designated an entity to lead fraud risk management, but its future is uncertain. OPM designated the Risk Management Council (RMC) to lead its fraud risk management efforts. However, in April 2025, OPM officials stated that the agency is in a transition period, and it is uncertain whether the RMC will continue to lead these efforts. With a pause in fraud risk management at the agency level, OPM has the opportunity to address persistent fraud risks and safeguard government investments in FEHB. OPM has not assessed the full range of fraud risks facing the FEHB program. OPM's most recent fraud risk profile identifies two inherent fraud risks—an ineligible family member on an FEHB plan and an FEHB provider submitting false claims to an FEHB carrier—but does not reflect other fraud risks (see fig.). Officials could not explain or provide documentation as to why their fraud risk assessment and profile did not capture these inherent fraud risks. Examples of Fraud Risks Not on the Office of Personnel Management's Fraud Risk Profile for the Federal Employees Health Benefits Program OPM does not involve key stakeholders directly in its fraud risk assessment process. According to OPM officials, the agency relies on OPM's Office of Inspector General (OIG) reports and carrier information on fraud, waste, and abuse to inform its fraud risk assessments. However, OPM does not engage directly with these stakeholders to identify FEHB fraud risks and obtain insights. Involving key stakeholders in its fraud risk assessments would help OPM leverage stakeholders' extensive knowledge to better identify the full range of fraud risks and determine how to address them. Why GAO Did This Study FEHB is the largest employer-sponsored health insurance program in the country. It provides benefits to more than 8.2 million federal employees, family members, and other eligible individuals. FEHB's total cost to the government and enrollees was about $70 billion in fiscal year 2024. OPM is responsible for administering the FEHB program and managing the risk of fraud. GAO was asked to review OPM's fraud risk management efforts in the FEHB program. This report assesses the extent to which OPM has (1) designated an entity to lead fraud risk management activities, (2) assessed the full range of fraud risks in the FEHB program, and (3) involved key stakeholders in its fraud risk assessments. GAO reviewed OPM documentation and policies, and interviewed OPM and OPM OIG officials regarding fraud risk management activities in the FEHB program. GAO compared this information with selected leading practices of GAO's Fraud Risk Framework, as well as federal standards for internal control.

What GAO Found The factors that contributed to the Commonwealth of Puerto Rico’s debt crisis in 2015 included the territory’s persistent deficits and its use of debt to manage these deficits. In 2018, GAO identified specific causes of its deficits based on interviews with Puerto Rico officials, federal officials, and other relevant experts, along with a literature review. These causes included inadequate financial management and oversight practices, policy decisions such as using debt proceeds to balance budgets, and a prolonged economic contraction. Puerto Rico’s fiscal conditions have improved since 2016. Its most recent audited government-wide financial statements—from fiscal year 2022—show a total net surplus of $1.9 billion, a reversal from prior years which predominantly had net deficits. More recently, in its 2024 fiscal plan for Puerto Rico, the Financial Oversight and Management Board cited the territory’s progress in aligning revenues and expenses and stabilizing its finances. Additionally, the territory has restructured most of its debt using the debt restructuring processes established by the Puerto Rico Oversight, Management, and Economic Stability Act (PROMESA), though negotiations and litigation over the debt of its public utility are ongoing. Between fiscal years 2016 and 2022, Puerto Rico’s public debt decreased by $12.5 billion, or 19 percent, as shown below. Puerto Rico’s Total Public Debt Outstanding Fiscal Years 2016 to 2022 While Puerto Rico’s fiscal condition has improved in recent years, the territory continues to face fiscal and economic risks. These include access to reliable and affordable electricity, increasingly powerful storms and rising temperatures, declining population, and pension liabilities. Additionally, the territory’s financial management and reporting issues, such as delays in issuing audited financial statements, pose risks to its ability to make informed decisions. Why GAO Did This Study After accumulating debt for many years, Puerto Rico began defaulting on debt payments in 2015. In response, Congress passed, and the President signed, PROMESA. This act established a process for Puerto Rico to restructure its debts and created the Financial Oversight and Management Board, with broad powers of budgetary and financial control. PROMESA also includes provisions for GAO to 1) examine factors contributing to Puerto Rico’s debt crisis and federal actions for preventing a future one and 2) study fiscal issues in Puerto Rico and the other U.S. territories and periodically report on their public debt. This statement summarizes GAO’s key findings from this work related to (1) the factors that contributed to the debt crisis in Puerto Rico, (2) how fiscal and economic conditions have changed since 2016, and (3) the fiscal and economic risks that Puerto Rico faces. This statement is based on GAO reports issued between October 2017 and June 2025. Detailed information on the objectives, scope, and methodology can be found within each report. For more information, contact Michelle Sager at sagerm@gao.gov.

What GAO Found DOD's Financial Management Regulation (FMR) includes timelines for reimbursing service members for costs incurred for permanent change of station (PCS) moves. However, GAO found that parts of the FMR guidance are unclear and have inconsistent PCS reimbursement timelines—including both a 30-calendar day and a 25-business day timeline. Military service officials told GAO that this lack of clarity causes confusion. Without clear guidance, service members might carry the burden of moving costs beyond a reasonable period. GAO reviewed 3 fiscal years of PCS data from two selected military services—the Army and the Marine Corps—to identify the extent to which such reimbursements were delayed, monitored, and addressed. GAO found that these services regularly monitor PCS reimbursements through multistep reviews and post-payment audits. However, instances of delays persist. Specifically, during the 3-year period, GAO found the following delays, by service: Army. Of the 586,417 PCS voucher reimbursements processed, 40,798 (7.0 percent), were delayed beyond the 30-calendar day time frame the Army follows under the FMR. Of those, most were paid within 31 to 60 calendar days. These delays totaled almost $139 million in reimbursements. Marine Corps. Of the 176,216 voucher reimbursements processed, 17,134 (9.7 percent) were delayed beyond the 10-business day time frame the Marine Corps follows. Most of those delays, which totaled almost $47 million, were paid within 11 to 20 business days. Had the vouchers been processed using the 30-day calendar time frames in the FMR, the Marine Corps would have 1,118 voucher reimbursements processed (0.6 percent), totaling $5.7 million, delayed in that period. Number and Percent of PCS Reimbursement Delays for the Army and the Marine Corps, Fiscal Years 2021-2023 Note: The Army follows a 30- and the Marine Corps a 10-day timeline for voucher reimbursements. The data reflect the number and percentage of permanent change of station (PCS) transactions involving service members and excludes data related to sensitive or classified PCS relocations. Army and Marine Corps officials cited challenges associated with processing PCS reimbursements on time, including multiple offices being involved and higher staffing needs, particularly during summer months. Each service lacks a single entity with authority and responsibility to monitor and address problems associated with such delays. Such an entity for each service could help improve their ability to resolve delays expeditiously and help ensure timely PCS reimbursements to service members. Why GAO Did This Study In 2024, more than 400,000 service members received PCS travel orders and moved to a new duty station. When the military services order these moves, service members are entitled to timely PCS reimbursements to cover costs. A January 2023 report by the Suicide Prevention and Response Independent Review Committee cited delayed payments, especially PCS reimbursements, as a financial stressor associated with suicide risk for service members. House Report 118-125 includes a provision for GAO to review delayed payments to service members, with an emphasis on PCS reimbursement delays. GAO's review assesses the extent to which (1) DOD has guidance on monitoring timelines for PCS reimbursements and (2) the Army and Marine Corps monitor and address delays in PCS reimbursements. GAO analyzed guidance related to the monitoring of PCS reimbursements; interviewed DOD and military service finance officials; and analyzed PCS data from fiscal years 2021 through 2023 (the latest complete year of data available at the time of GAO's data request and review).

What GAO Found The Department of Homeland Security's (DHS) Office of Intelligence and Analysis (I&A) has four primary strategic oversight requirements based in statute and policy: develop (1) an annual consolidated budget proposal, (2) an annual intelligence priorities framework, (3) enterprise program reviews and submit an evaluation report annually to the DHS Secretary, and (4) intelligence training for enterprise staff. Although these have been policy requirements since 2013, GAO found that I&A has not consistently completed them due to a lack of leadership focus. For example, I&A had not fulfilled its requirement to propose a consolidated budget for the Intelligence Enterprise until fiscal year 2025. Developing and implementing procedures to develop a consolidated budget would help I&A complete this annual requirement. In turn, this would help ensure components are budgeting the necessary resources to share intelligence on threats. GAO found that I&A addressed six of eight leading collaboration practices. For example, I&A ensured accountability for enterprise-wide activities by establishing performance standards to evaluate collaboration. Status of Department of Homeland Security (DHS) Office of Intelligence and Analysis (I&A) Actions to Collaborate with the DHS Intelligence Enterprise that Address Leading Practices However, I&A has partially addressed two of eight practices. For instance, with respect to the leading practice of leveraging resources and information, GAO found that at the time of its review, I&A lacked a process to identify experts in relevant components to coordinate on reviews of intelligence products. According to I&A and component analysts this has caused errors in products. In June 2025, I&A finalized a coordination list of experts, but it is too soon to tell if it is working as intended. Fully implementing this process could help I&A ensure its product reviews are more robust and avoid publishing inaccurate or incomplete information. Why GAO Did This Study Violent extremists and adversarial nation-states pose a complex set of threats to the U.S. Addressing these threats requires coordinated intelligence sharing across the DHS Intelligence Enterprise—the primary method to integrate DHS's intelligence programs. Led by I&A, it includes the intelligence offices of nine other DHS components. Internal DHS reviews have proposed enhancements to I&A's oversight and coordination roles for the enterprise. GAO was asked to review issues related to I&A's oversight of the DHS Intelligence Enterprise. This report addresses the extent to which I&A is (1) conducting its required strategic oversight, and (2) addressing leading practices in its required collaboration with the DHS Intelligence Enterprise. GAO reviewed DHS policies for I&A's strategic oversight requirements and enterprise collaboration efforts. GAO interviewed management officials from all enterprise components. GAO conducted discussion groups with analysts in three components and three I&A analytic centers that collaborate most frequently with I&A on intelligence products. Finally, GAO compared I&A efforts to leading collaboration practices.

What GAO Found All four federal agencies GAO selected for review generally reported supporting K-12 science, technology, engineering, and mathematics (STEM) education for rural populations as part of broader initiatives that served numerous populations. Agency officials provided examples of how these initiatives have supported rural STEM education in various ways. For example, some initiatives have supported recruiting and training STEM educators. Other initiatives have focused on enhancing STEM learning and career exploration for students in rural schools, such as through educational field trips and hands-on activities. School and district officials GAO visited in Alabama, Maine, Nevada, and South Dakota said that staffing challenges and limited access to STEM learning opportunities and materials were barriers to providing K-12 STEM education in rural areas. For example, officials from one district in rural Alabama said their district had no certified math teachers to serve their 300 students in grades seven through 12 in the 2023-24 school year. Stakeholders also said the cost and logistics of traveling long distances in remote rural areas limited opportunities for certain field trips or learning activities. Rural districts GAO visited varied in terms of remoteness and size and experienced these challenges differently. Remoteness and Transportation Costs Can Limit Access to Learning Opportunities School and district officials in the four states GAO visited said that improving access to STEM learning materials and showing students how STEM topics related to their lives were among the ways they effectively supported rural K-12 STEM education. In many cases, their efforts were made possible by partnering with groups such as university research centers, nonprofit organizations, and local employers. To improve access to STEM materials, rural stakeholders highlighted strategies such as using federal funds to purchase equipment and sharing materials across rural districts. For example, a federally-funded research institute in Nevada maintains a robotics lending library and ships STEM materials to teachers in rural schools throughout the state. Stakeholders also consistently highlighted the value of connecting STEM activities to students' local environments, like projects related to beekeeping and growing vegetables in South Dakota, to spark students' interest in STEM. Why GAO Did This Study STEM education helps prepare K-12 students for careers in STEM fields to enhance innovation and global competitiveness. About 10 million K-12 students were enrolled in public schools in rural areas in 2022, the most current year of data available. The August 2022 Research and Development, Competition, and Innovation Act includes a provision for GAO to examine issues related to rural STEM education. This report describes (1) selected federal agencies' initiatives that support rural K-12 STEM education, (2) challenges selected recipients of federal funds and other stakeholders have reported related to supporting rural K-12 STEM education, and (3) approaches selected recipients of federal funds have found to be effective for supporting rural K-12 STEM education. To conduct this work, GAO examined federal initiatives that support rural K-12 STEM education at four agencies— the Department of Agriculture, Department of Education, National Aeronautics and Space Administration, and National Science Foundation. GAO selected these agencies in part based on the number of K-12 STEM education initiatives they administered and their STEM education funding levels as of fiscal year 2022, the most recent year for which data were available when selected. GAO also visited rural school districts in four states—Alabama, Maine, Nevada, and South Dakota—selected to include a variety of geographic regions and rural district characteristics. GAO also interviewed stakeholders from national organizations and local employers in the four states and reviewed relevant federal laws and regulations. For more information, contact Melissa Emrey-Arras at emreyarrasm@gao.gov.

What GAO Found In July 2025, GAO identified 11 recommendations under the purview of the Social Security Administration's Chief Information Officers (CIO) from previously issued work. Each of these recommendations relates to a GAO High-Risk area: (1) Ensuring the Cybersecurity of the Nation or (2) Improving IT Acquisitions and Management. In addition, GAO has designated one of the 11 as a priority recommendation. For example, GAO previously recommended that the Social Security Administration fully implement event logging requirements to detect, investigate, and remediate cyber threats. GAO also recommended that the agency implement procedures for comparing its inventories of active software licenses to purchased licenses to identify opportunities to reduce cost and improve investment decisions. The CIOs' continued attention to these recommendations will help ensure the secure and effective use of IT at the agency. Why GAO Did This Study CIO open recommendations are outstanding GAO recommendations that warrant the attention of agency CIOs because their implementation could significantly improve government IT operations by securing IT systems, identifying cost savings, improving major government programs, eliminating mismanagement of IT programs and processes, or ensuring that IT programs comply with laws, among others. For more information, contact Nick Marinos at marinosn@gao.gov.

Why GAO Did This Study The Federal Aviation Administration (FAA) requires pilots, mechanics, and others who hold FAA certificates to waive their rights to recover attorney's fees and expenses as a condition of settling enforcement actions against them, according to FAA officials. Under the Equal Access to Justice Act (EAJA), individuals who prevail over FAA in certain FAA legal enforcement actions may, absent a waiver, be entitled to recover their attorney's fees and other expenses, if certain conditions are met. FAA officials said that they require these EAJA waivers to ensure that the individual cannot bring any additional claims against the agency and to avoid spending staff resources responding to frivolous EAJA applications. FAA took about 2,200 actions against individuals' certificates, including revocation and suspension, during fiscal years 2019 through 2023, according to FAA data. About 10 percent of those individuals signed a settlement agreement and could potentially have qualified for EAJA awards if they had not waived their rights to the fees and if they met additional eligibility requirements. Attorneys and organizations representing pilots and mechanics that GAO interviewed identified drawbacks to FAA's use of these waivers as a condition of settling enforcement cases. The drawbacks included that the waivers may weaken the protections EAJA is intended to provide against agency overreach; cause attorneys not to take the cases because they risk not getting paid without potential EAJA fees; and cause FAA to miss opportunities to identify whether or how their enforcement process could be improved. When asked to respond to these drawbacks, FAA officials stated that settlement agreements usually involve FAA prevailing and therefore the individual would not be eligible for an EAJA award even if FAA did not include a waiver in those agreements. They also noted that settlements can allow both sides to get a quicker and more satisfactory outcome and that FAA would be unwilling to enter into settlements if they did not include a waiver out of concern that the settlements could be used to support an EAJA claim. Moreover, according to FAA officials, waivers would not cause FAA to miss opportunities to improve its enforcement process because FAA would have identified a problem when it entered into a settlement withdrawing its case. An EAJA award would not provide any additional information, according to the officials. Officials from the United States Coast Guard and the National Marine Fisheries Service, which, like FAA, bring and settle enforcement actions against individuals, said that their agencies also typically use language in settlement agreements with those individuals that would prevent them from recovering attorney's fees under EAJA. The officials offered rationales for this practice similar to FAA's, such as ensuring that settlement agreements resolve all matters associated with a case. What GAO Found In the United States, parties in litigation are generally responsible for their own legal expenses regardless of whether they win or lose the case. EAJA is an exception to this general rule in that it allows individuals in covered proceedings to which the federal government is a party to recover their attorney's fees and expenses, under certain circumstances. Section 340 of the FAA Reauthorization Act of 2024 includes a provision for GAO to examine FAA's use of waivers of rights to seek attorney fees under EAJA as a condition of settlement of certain legal enforcement actions against pilots, flight engineers, mechanics, and repair technicians (or individuals acting in those capacities). This report provides information on FAA's use of waivers in settlement agreements; legal and industry views on FAA's use of these waivers and FAA's perspective on these views; and a comparison of FAA's use of waivers with the practices of selected other agencies. GAO reviewed relevant statutes, regulations, case law, and data from FAA's enforcement-action database from fiscal years 2019 through 2023, which was the most current data available; interviewed industry groups representing individuals subject to FAA enforcement actions, law professors who had written about EAJA, and aviation lawyers; and spoke with officials from FAA, the National Marine Fisheries Service, and the Coast Guard. For more information, contact Derrick Collins at collinsd@gao.gov.

What GAO Found Comparative clinical effectiveness research evaluates and compares the health outcomes of two or more medical treatments, services, or items. In 2010, Congress authorized the establishment of the Patient-Centered Outcomes Research Institute (PCORI) to conduct this research and improve its quality and relevance, and directed the Department of Health and Human Services (HHS) to publicly disseminate and help incorporate these research findings into clinical practice. PCORI and HHS obligated a total of $3.1 billion for fiscal years 2019 through 2024. PCORI Award Obligations and HHS Obligations for Comparative Clinical Effectiveness Research Activities, Fiscal Years 2019 Through 2024 Note: PCORI's award obligations and HHS's obligations may be expended in years subsequent to the year they were made. PCORI's award obligations do not include funds used by PCORI for its operations. From 2016 to March 2025, HHS disseminated findings from 16 PCORI-funded studies through a newsletter and social media, among other methods, according to officials. HHS also helped to implement the findings of one PCORI-funded study through one of its dissemination and implementation programs. GAO found that PCORI uses key performance management practices—identifying long- and near-term goals and associated performance measures—to assess the performance of its dissemination and implementation efforts. Similarly, HHS does this for its three largest dissemination and implementation programs. In 2020, GAO reported HHS had plans to evaluate its dissemination and implementation portfolio and, according to officials, this evaluation would develop near-term goals and performance measures. However, it is unclear whether the evaluation will be conducted as planned. HHS has not yet requested proposals for the evaluation, and officials attributed recent delays to leadership changes in August 2024 and March 2025. Further, in March 2025, HHS announced staff reductions and a departmental reorganization, which had not been implemented as of April 2025. Establishing near-term goals and performance measures as part of the planned evaluation will help enable HHS to regularly assess performance and determine whether the dissemination and implementation portfolio efforts as a whole are achieving the intended aim of promoting evidence-based, patient-centered care to improve health outcomes. Why GAO Did This Study Federal law includes provisions for GAO to regularly review PCORI and HHS comparative clinical effectiveness research activities. PCORI, a federally funded nonprofit corporation, makes awards for research studies that focus on health issues facing people in the U.S., such as mental and behavioral health, cardiovascular disease, and cancer. Disseminating findings from this research can provide important information on effective treatments to improve health care decision-making for stakeholders, such as providers and patients. Also, implementing these findings into clinical practice may further result in improved health outcomes. This report describes HHS efforts to disseminate and help implement PCORI-funded research findings and examines the extent to which PCORI and HHS have used key performance management practices to assess their respective efforts, among other issues. GAO reviewed PCORI and HHS documentation and data for fiscal years 2019 through 2024. GAO also interviewed PCORI representatives, HHS officials, and representatives from a nongeneralizable sample of nine stakeholder groups, such as provider and patient organizations.