What GAO Found According to data provided by Department of Defense (DOD) components, DOD has established almost 440 organizations that contain about 61,000 military and civilian personnel (and over 9,500 contractors), to conduct cyberspace operations. These organizations are most often aligned with U.S. Cyber Command (CYBERCOM) or retained by the military services and conduct a mixture of offensive, defensive, and DOD Information Network operations (see figure). CYBERCOM-aligned organizations include organizations such as Navy cyber strike activities and Army cyber protection battalions that oversee tactical Cyber Mission Force teams. Military service organizations include units such as Air Force communications squadrons and Marine Corps radio battalions. Other organizations include cybersecurity service providers that provide network protection services to non-service components, such as the Defense Threat Reduction Agency and the Defense Advanced Research Projects Agency. Department of Defense Organizations Conducting Cyberspace Operations To enable organizations conducting cyberspace operations, each unit is supported by organizations providing budgetary, personnel, policy, and training support. GAO identified 70 organizations and about 3,400 personnel that provide support to cyberspace operations. These include the Office of the Secretary of Defense, military department, and service headquarters, and other organizations. GAO found that some of the functions of these organizations may overlap. These include training courses the military services provide to organizations conducting cyberspace operations and the administration of DOD’s 23 cybersecurity service providers that conduct cybersecurity for DOD organizations. Although some overlap can be intentional and appropriate, unnecessary overlap can lead to organizations paying for the same service or product twice or more. As DOD considers the future organization and composition of its cyberspace operations forces, it will be important to take steps to reduce cost and inefficiencies while maintaining mission effectiveness. Why GAO Did This Study The U.S. and its allies face sophisticated cyber threats from both state and nonstate actors. To counter these threats, DOD conducts cyberspace operations to defend the nation, support allies and partners, and protect its DOD Information Network. Conference Report 118-301 includes a provision for GAO to review DOD’s management of cyberspace operations. GAO (1) identified the type and number of organizations and personnel that conduct cyberspace operations and (2) evaluated the extent to which there is overlap between organizations that provide budgetary, personnel, policy, or training support for cyberspace operations. GAO reviewed relevant documents, including DOD guidance, Secretary of Defense memorandums, and organizational command briefs. GAO collected and analyzed data from 434 organizations conducting and 70 organizations supporting cyberspace operations that were identified with DOD. GAO also interviewed relevant officials, such as those from the offices of the DOD and the military services’ principal cyber advisors.

What GAO Found The Federal Emergency Management Agency (FEMA) administers the Port Security Grant Program (PSGP), in coordination with the U.S. Coast Guard. This risk-based grant program provides funds to public and private sector entities to implement security plans and correct Coast Guard-identified vulnerabilities at U.S. ports. From fiscal year 2018 through 2024, FEMA awarded more than half of the $690 million in grant funds to eight port areas, and 82 port areas across the U.S. received funds. Three project types received 59 percent of grant funds from fiscal year 2021 through 2024: response vessels ($88.2 million), surveillance cameras ($76.1 million), and cybersecurity ($64.0 million). FEMA also awarded funds for other project types including communication equipment, physical security, and training. Examples of Projects Funded by the Port Security Grant Program FEMA and the Coast Guard have processes to evaluate grant applications and make award recommendations. However, the grant announcement does not include a description of all criteria used in these processes, as federal regulations require. Specifically, the fiscal year 2024 grant announcement does not (1) fully or accurately describe the scoring criteria used in the Coast Guard-led portion of the application evaluation process or (2) describe all factors other than merit criteria that FEMA may use in selecting applications for award, such as the five percent of funds set aside for highly effective projects in lower-risk ports. Adding this required information to the grant announcement could improve transparency and fairness for applicants and help them put forward applications better aligned with the evaluation criteria FEMA uses when awarding PSGP funds to enhance port security. Further, FEMA has not fully assessed the application evaluation process to ensure that its outcomes achieve the program’s multiple goals—funding projects in high-risk port areas; prioritizing projects aligned with national priorities; and funding highly effective projects in lower-risk port areas. For example, projects aligned with a national priority receive a 20 percent score increase, but FEMA has not assessed whether that increase leads to funding more projects aligned with national priorities. Assessing each step of the evaluation process could help FEMA ensure that the process leads to results aligned with FEMA’s program goals. Why GAO Did This Study U.S. ports are critical to the economy, and any disruption in maritime operations—such as an attack on a port—can impact the supply chain and the U.S. economy. GAO was asked to examine FEMA’s management of PSGP. This report examines the types and locations of projects awarded PSGP funds from fiscal year 2018 through 2024 and the extent FEMA followed required and recommended practices for grants, among other objectives. GAO analyzed FEMA and Coast Guard’s grant and scoring data from fiscal years 2018 through 2024, reviewed FEMA and Coast Guard program documents, and interviewed FEMA and Coast Guard officials. GAO visited two ports to gather port stakeholders’ perspectives on PSGP and observe projects that received PSGP funding. GAO also interviewed port stakeholders from nine Coast Guard-led maritime security committees.

Why This Matters For over 25 years, GAO has recommended actions that the Department of Defense and other federal agencies should take to improve their most complex and costly acquisition programs, saving taxpayers tens of billions of dollars. Most recently, this work has emphasized structuring acquisition programs around iterative development—a process stemming from Agile software development that leading companies use to develop innovative, value-added products that respond quickly to users’ needs. Such leading practices offer proven approaches that can inform improvements to agencies’ acquisition of complex systems. A sound technical process is not the only driver for the consistent pattern of success that characterizes leading companies’ product development. Leading companies employ equally robust business processes to initiate, justify, and prioritize their investments in innovative products such as semiconductors and industrial automation systems. Key Takeaways Leading companies employ a forward-looking, agile approach to managing the overall mix of products, or product portfolios, through recurring processes. Leading Companies Manage Product Portfolios Through Recurring Processes Leading companies continually interact with business cases—collections of information that justify undertaking product development efforts. For example, based on regular assessments of business case data, portfolio managers may decide to add resources to improve weaker performing products or discontinue outdated products that impede demand for updated versions. Continually updating portfolios based on business case data enables leading companies to optimize their investments and ensure portfolios are responsive to the company’s strategic vision and evolving user needs. Leading companies also apply an iterative process to developing their business cases for individual products. This is a departure from the traditional business case process that locks in a new product’s cost, schedule, and performance baseline from the start. As they gain knowledge, leading companies continually improve the business case for a new product and update key elements to capture changes in user needs, technology readiness, and markets. Leading Companies Iteratively Develop Business Cases Leading companies systematically reassess business cases’ key elements—market and user needs, product definition, internal value, and target schedule—at least every 6 months to avert problems sooner. They make investments only as products demonstrate progress and business cases warrant further funding. For example, they reserve the largest allocations until they have validated a design for the minimum viable product—one that includes the minimum capabilities needed for customers to recognize value. Leading Companies Scale Investment as the Business Case Evolves How GAO Did This Study This report is the third of a series on product development leading practices—preceded by GAO-22-104513 and GAO-23-106222—and responds to three congressional reports with requests related to acquisition leading practices, portfolio management, and requirements. It examines the practices selected leading companies employ to guide product development investments. GAO identified eight companies based on rankings in well-recognized lists, interviewed company representatives, and analyzed documentation. For more information, contact Shelby S. Oakley at oakleys@gao.gov.

What GAO Found The Department of Defense (DOD) has realized many benefits from its financial statement audits. For example, the DOD Office of Inspector General (OIG) reported that DOD's fiscal year 2024 remediation plans included the retirement of 89 outdated information systems and will result in savings of at least $760 million annually through fiscal year 2029. However, DOD still needs to make substantial progress in remediating its pervasive deficiencies, which auditors call material weaknesses. Although DOD's auditors downgraded one material weakness related to contingent legal liabilities, they identified a new one related to DOD's reporting of leases, resulting in no net change. Better financial management is critical to DOD's mission readiness, and it is important to demonstrating that DOD's financial statements and underlying financial information are reliable for decision-making. These audits help DOD to assess what is performing well and what areas still need improvement. For example, DOD OIG reported that DOD addressing its asset accountability challenges will provide leadership with more accurate information to assist in making operational decisions. The OIG noted that accurate asset data enable informed decisions about maintenance, replacement, and disposal, leading to better resource allocation and long-term planning. This in turn improves operations and helps better ensure optimum use of resources to support warfighter priorities. The National Defense Authorization Act for Fiscal Year 2024 mandates that the Secretary of Defense ensure that DOD receives a clean audit opinion on its financial statements by no later than December 31, 2028. In response, DOD reported that it realigned each reporting entities' roadmap. These roadmaps guide the implementation of corrective measures and establish milestones against which entities can measure progress, to accelerate audit progress and achieve the December 2028 mandate. Why GAO Did This Study DOD is responsible for about half of the federal government's discretionary spending and about 82 percent of the federal government's reported total physical assets. As of fiscal year 2024, DOD remains the only major federal agency that has never been able to receive a clean audit opinion on its financial statements. The Marine Corps received a clean audit opinion on its fiscal year 2023 financial statements, becoming the first military service to ever do so, and again receiving a clean audit opinion for fiscal year 2024. However, DOD and many of its component reporting entities' fiscal years 2018 through 2024 financial statement audits resulted in disclaimers of opinion. It is important for DOD to obtain a clean audit opinion to demonstrate that its financial statements and underlying financial information are reliable for decision-making and efficient and effective operations. In this Q&A report, GAO describes the audit approaches undertaken by the independent public accountants and results of DOD's and the military services' fiscal year 2024 financial statement audits, as well as DOD's planned timelines for addressing key audit findings. GAO reviewed relevant DOD, DOD OIG, and military service independent public accounting documentation and reports, as well as memorandums and status reports, and interviewed officials. GAO also analyzed DOD's and the military services' fiscal years 2023 through 2025 audit roadmaps as well as certain detailed project plans, which included milestones for certain corrective actions. For more information, contact Asif A. Khan at khana@gao.gov.

What GAO Found The Internal Revenue Service (IRS) reported that most of the projects associated with its 23 modernization programs were delivered on schedule for fiscal year 2024. In addition, IRS reported that it spent approximately $1.5 billion, $512 million less than it had originally planned for those programs. Specifically, 16 of the 23 programs had cost variances ranging from $5 million to $78 million in unspent funds. Best practices identified in prior GAO work call for documenting modernization plans that include: (1) milestones for completing the modernization, (2) a description of the work to be performed, and (3) details on the disposition of legacy systems, if applicable. GAO found that IRS documented plans for the 23 IT modernization programs active as of September 2024 and that most of the plans addressed the key elements. Specifically, 20 of the 23 plans fully addressed the first two elements, and three plans partially addressed those elements (see table). In addition, 10 programs fully addressed the third element, and two did not address it. GAO Assessment of the Internal Revenue Service’s Modernization Program Plans as of September 2024 Modernization plan element Yes Partially No Not applicable Includes milestones 20 3 0 0 Describes work to be performed 20 3 0 0 Includes disposition of legacy systems 10 3 2 8 Legend: Not Applicable = No corresponding legacy system to be retired. Source: GAO analysis of Internal Revenue Service data. | GAO-25-107611 Federal strategic planning guidance calls for agencies to align their programs with strategic goals and objectives. Consistent with this guidance, IRS aligned its modernization programs with its IT strategic goals and objectives. However, in March 2025 IRS told GAO that it had paused its modernization programs because it was reevaluating its priorities. The agency subsequently shared a draft modernization framework it was developing that included nine initiatives that it planned to pursue instead of the 23 programs. The nine are designed to meet specific technology demands, such as a unified application program interface. According to a June 2025 Taxpayer Advocate report to Congress, to enable this reprioritization, many projects continue to be paused or have been canceled. As IRS fully develops its new IT modernization framework, it will continue to be important for the agency to (1) align new initiatives with documented agency strategic objectives, and (2) have program plans that address key elements. In addition, for the 23 programs that IRS was previously pursuing, it is also important that IRS consider the usability of the work performed to date. Why GAO Did This Study IRS relies extensively on IT to annually collect trillions of dollars in taxes, distribute hundreds of billions of dollars in refunds, and carry out its mission of providing service to America's taxpayers in meeting their tax obligations. In August 2022, Congress appropriated approximately $4.8 billion through the Inflation Reduction Act of 2022 to IRS for business systems modernization. The appropriated amounts are to remain available through the end of fiscal year 2031. For fiscal year 2024, IRS spent about $5 billion on IT, including $1.5 billion on modernization programs reported to Congress. Applicable Appropriations Committee reports include a provision for GAO to review IRS’s IT programs. GAO’s report (1) summarizes IRS’s fiscal year 2024 cost and schedule performance for its modernization programs, and (2) determines whether IRS had developed modernization program plans consistent with best practices and aligned with its strategic vision. GAO summarized IRS’s reported planned versus actual cost and schedule for its modernization programs delivered in fiscal year 2024, as reported in quarterly status reports to Congress. In addition, GAO analyzed fiscal year 2024 modernization program plans to determine the extent to which they met best practices. GAO also interviewed relevant IRS officials.

What GAO Found The State Department is responsible for investigating and reporting end-use violations to Congress—that is, foreign partners’ violations of requirements for the purpose, transfer, and security of defense articles and services they received from the U.S. government. State relies primarily on the Department of Defense (DOD) to identify incidents that could constitute violations. As of February 2025, DOD was tracking more than 150 incidents, many of them detected by DOD security cooperation organizations (SCO) at diplomatic posts. However, GAO found State has not provided clear guidance to DOD defining the types of incidents that warrant State’s attention. Without such guidance, SCO officials told GAO they exercise professional judgement in deciding whether to inform State about incidents. As a result, State may be unaware of potential violations it needs to investigate. Further, State’s investigations of potential end-use violations are inconsistent, in part because its guidance for conducting investigations does not establish required actions or time frames. For example, for one potential violation, State officials gathered information, reviewed transfer agreements, and worked with SCO officials to resolve it. For another potential violation, State officials did not take any action. Moreover, State has not consistently documented the status or findings of its investigations since 2019. As a result, State does not have readily available information about foreign partners’ compliance with arms transfer agreements. Such information could inform decisions about future arms sales. In addition, State has not shared its findings with SCO officials, who could implement measures to address violations or prevent their recurrence. Status of State Department Investigations Is Missing for Many Incidents That Potentially Violated U.S. Arms Transfer Agreements as of February 2025 Since 2019, State has reported three end-use violations to Congress, but State cannot show that it determined whether most known incidents met legal reporting criteria. Under law, State is required to report to Congress (1) substantial violations of purpose, transfer, and security requirements that may have occurred and (2) any unauthorized transfers that did occur. State documented in memorandums its determinations for three incidents. However, State officials could not provide similar documentation for more than 150 others. State officials said they do not have formal procedures for determining whether incidents meet the reporting criteria or for recording these determinations. Without guidance establishing such procedures, State cannot ensure it is reporting to Congress in accordance with the law. As a result, Congress may not have information to support oversight, such as considering legislation to prohibit transfers of defense articles and services to foreign partners that have violated their agreements. Why GAO Did This Study To enhance U.S. national security, the U.S. government provides defense articles and services, such as weapons and military training, to dozens of foreign partners around the world. Recipients agree to comply with legal end-use requirements that prohibit using the provided articles or services for unauthorized purposes, transferring them to unauthorized entities, and failing to keep them secure. Congress included a provision in House Report 118-301 for GAO to review State and DOD procedures related to alleged violations of relevant end-use requirements of defense articles and services. This report examines the extent to which (1) State and DOD identify and track potential violations, (2) State investigates potential violations and communicates its findings to agency stakeholders, and (3) State reports appropriate incidents to Congress. GAO reviewed laws and agency policies for guidance on identifying, investigating, and reporting potential violations to Congress. GAO also analyzed documentation and information about potential violations, State’s investigations, and its reports to Congress. In addition, GAO interviewed agency officials in the U.S. and at 10 diplomatic posts, including during visits to five countries that GAO selected to reflect an array of incident types and geographic locations.

Why This Matters Medicaid section 1115 demonstrations allow states to test new approaches for delivering services and have become a significant feature of the program. The Centers for Medicare & Medicaid Services (CMS) policy is for demonstrations to be budget neutral (i.e., not raise costs for the federal government). We have previously recommended CMS use valid methods to determine budget neutrality. GAO Key Takeaways Federal spending on Medicaid demonstrations nearly doubled from 2013 through 2023—the latest available data. CMS sets spending limits for each demonstration that are intended to ensure that demonstrations are budget neutral. The limits are based on projections of what Medicaid would have spent without the demonstration. The higher the projected spending, the higher the spending limit. In 2021, CMS began requiring states to use recent spending data rather than outdated historical spending projections when calculating spending limits—a method that better ensures budget neutrality. We estimated that this reduced potential federal spending by about $123 billion for two selected demonstrations. However, in 2022, CMS adjusted this policy and allowed spending limits to partially reflect outdated historical spending projections. This increased potential federal spending by an estimated $17 billion in three selected demonstrations. Also in 2022, CMS began allowing spending limits to include certain costs for services to address health-related social needs, such as housing assistance. Some of these costs could not have occurred absent the demonstration because they are not allowable under Medicaid. This increased potential federal spending by almost $4 billion in five selected demonstrations and did not ensure budget neutrality. Federal Expenditures Under Medicaid Demonstrations Note: Expenditures are adjusted for inflation. How GAO Did This Study We analyzed CMS expenditure data on Medicaid demonstration spending. We reviewed CMS policy changes from 2020 through 2024 and approval documents for six state demonstrations, selected for variation in approval dates. We estimated how the changes in CMS policies would affect federal spending.

What GAO Found The Department of Defense (DOD) is developing the National Background Investigation Services (NBIS)—an IT system for conducting background investigations for most federal agencies and over 13,000 industry organizations that work with the government. However, delays have hindered NBIS deployment. DOD initially planned for NBIS to be fully operational in 2019 and changed its deadline several times. It now projects major development to be complete by the end of fiscal year 2027. DOD’s Missed Deployment Targets for the National Background Investigation Services (NBIS) Program, as of August 2025 DOD paused the NBIS program in 2024 and has since taken a new approach to its management and oversight of the program. In March 2024, DOD appointed a new Defense Counterintelligence and Security Agency (DCSA) director and NBIS program manager and subsequently revised its previous plans to develop an entirely new IT system. As of September 2025, DOD plans to migrate personnel vetting data to the cloud and modernize legacy systems. DOD also transferred some authority over the NBIS program to the Office of the Under Secretary of Defense for Acquisition and Sustainment in early 2024 as part of its efforts to address NBIS delays, cost overruns, and technical issues; and it created the NBIS Requirements Governance Board to regularly review the program. GAO is currently reviewing DOD’s new schedule and cost estimate for NBIS following recent reforms. In contrast to its past approach, DCSA has stated that it intends to meet all of GAO’s scheduling best practices with the use of a software tool instead of an integrated master schedule for NBIS. DCSA has also taken some action consistent with GAO’s best practices for cost estimating, including completing an independent cost estimate. DCSA now projects spending an additional $2.2 billion on NBIS development, in addition to costs of $2.4 billion it spent on NBIS and legacy systems since fiscal year 2017. Leadership is critical to the development of the NBIS system and the successful implementation of Trusted Workforce 2.0. Setbacks in NBIS development have led to delays in achieving Trusted Workforce 2.0 milestones. New DCSA leadership in 2024 set the program on a path that is intended to show marked improvements. However, sustained leadership by DOD will be critical to achieving personnel vetting reform. Why GAO Did This Study U.S. government personnel vetting processes, such as background investigations, rely on IT systems to process data on millions of federal employees and contractor personnel. Since 2018, the government has undertaken a major reform of personnel vetting called Trusted Workforce 2.0. DOD has been developing NBIS as the new IT system for personnel vetting. This statement summarizes information on (1) DOD efforts to revise its approach to NBIS development, (2) GAO’s ongoing work on the most recent NBIS schedule and cost estimate, and (3) the importance of sustained leadership for NBIS to achieve personnel vetting reforms under Trusted Workforce 2.0. This statement is based on GAO’s prior reports on NBIS from December 2021 through June 2024 as well as ongoing work. To perform prior and ongoing work, GAO analyzed information on NBIS from DCSA and the Office of Personnel Management, and interviewed knowledgeable officials.

By helping the agency improve its efficiency and protect its integrity, the OIG enhances GAO's ability to provide Congress and the public with timely, fact-based, non-partisan information that can be used to improve government and save taxpayer dollars. The Strategic Plan for Fiscal Years 2026–2030 illustrates the OIG's unwavering commitment to being a leading force in government oversight. Guided by this plan, the OIG will continue to promote accountability, integrity, and efficiency within GAO through meaningful, timely, and impactful oversight. This updated plan supersedes OIG-21-2SP, OIG Strategic Plan: 2021–2025, December 21, 2020. For more information, contact the OIG at (202) 512-5748 or oig@gao.gov.

What GAO Found The Social Security Administration (SSA) relies on IT hardware and software to deliver services that touch the lives of virtually every American. From fiscal years 2020 through 2024, SSA obligated $1.4 billion or more annually on IT acquisitions. Social Security Administration Contract Obligations, Fiscal Years 2020-2024 SSA’s IT acquisition staff include contracting officers, who award and manage contracts, and contracting officer’s representatives, who assist contracting officers with contract administration functions. These staff reside in the Office of Acquisition and Grants and the Office of the Chief Information Officer, respectively, which face staffing and training challenges. Staffing. The Office of Acquisition and Grants has limited data on contracting officer workloads to inform staffing assessments. Similarly, the Office of the Chief Information Officer completed workload assessments for contracting officer’s representatives who support software contracts, but it has conducted limited assessments for those supporting hardware and service contracts. Executive orders and related guidance from early 2025 direct executive agencies, including SSA, to reduce their workforces and consolidate certain procurements at the General Services Administration. SSA is in the process of identifying changes to its IT acquisition workforce as of May 2025. To operate effectively in this changing environment, SSA needs quality workload information that accounts for complexity to ensure it can accurately assess and document its IT acquisition staffing needs to accomplish its future goals. Training. An SSA assessment found that senior-level contracting officers had deficiencies in acquisitions-related competencies. SSA officials said they are seeking trainings to address these deficiencies; however, SSA’s existing training plan has not been updated since 2019. Given the time since the last training plan update and ongoing organizational changes, it is not clear if SSA will prioritize implementing training to address these gaps. A training plan that addresses the acquisitions-related competency gaps identified for contracting officers, including those who support IT contracts, remains vital as it would help ensure that contracting officers have the skills to support SSA’s current and future IT contracting needs. Why GAO Did This Study SSA’s IT acquisition staff oversee how the agency buys and maintains technology resources. SSA, however, has experienced long-standing human capital and IT modernization planning challenges. These challenges preceded SSA’s efforts to reduce the size of its workforce and contractor and IT spending. GAO was asked to review SSA’s workforce planning practices for staff who support IT contracts. This report examines SSA’s obligations for IT products and services from fiscal years 2020 to 2024; and the extent to which the Office of Acquisition and Grants and the Office of the Chief Information Officer assessed and addressed their IT acquisition workforce needs. To conduct this work, GAO analyzed SSA’s contract obligation data for fiscal years 2020 to 2024 (the latest available information for a full fiscal year) and determined that the data were reliable. GAO also reviewed SSA guidance, data on contracting officer and contracting officer representative assignments, and a competency assessment report for contracting officers.

What GAO Found The U.S. African Development Foundation (USADF), as part of its overall internal controls, had some policies and procedures to mitigate fraud, waste, and abuse, but no strategic approach, from fiscal year 2020 through 2024. USADF did have conflict of interest rules, ethics training, and some financial controls; however, many of the related policies were outdated, not centrally located, and did not reflect actual practices. The President has indicated his intention to close USADF in his fiscal year 2026 budget request, and Congress has approved a partial rescission of USADF’s fiscal year 2025 funding. However, no final decisions about the future of USADF have been made as of July 2025. If USADF continues to operate, an effective agency-wide internal control environment—where management uses processes to help an entity consistently and effectively achieve its objectives—could help USADF detect and mitigate potential fraud, waste, and abuse. USADF has taken some steps but has implemented few leading practices for managing fraud risks. For example, USADF did not have a dedicated individual or entity to lead fraud risk management activities and had not followed leading practices to plan and conduct regular fraud risk assessments or to develop a strategy to mitigate them. Without strategically and systematically implementing leading practices for managing fraud risks, USADF is more vulnerable to fraud. U.S. African Development Foundation Operates Throughout Africa GAO also found that USADF had some policies and procedures to ensure award funds were used appropriately, but they were incomplete, and most were outdated. For example, many policies guiding the use of grants were outdated or undocumented, which opens the door for the misuse of funds. Further, GAO found that there were instances when USADF may have used an award type that did not align with legal requirements. Without adequate award policies and procedures and trained procurement staff, USADF could not ensure that it appropriately used funds to achieve its mission. Why GAO Did This Study Established in 1980 as a nonprofit government corporation, USADF has aimed to support African-led enterprises, while addressing challenges around food insecurity, insufficient energy access, and unemployment, particularly among women and youth. In fiscal year 2024, Congress appropriated $45 million to USADF, which also received funds from other sources. USADF has faced allegations of fraud, waste, and abuse, and the Office of Inspector General has an ongoing investigation into USADF. GAO was asked to review fraud risk management at USADF. This report examines the extent that USADF (1) had policies to systematically prevent, detect, and respond to the risk of fraud, waste and abuse, (2) followed leading practices for managing fraud risk, and (3) had policies to ensure funding for program and operational awards were used to achieve its mission. GAO reviewed relevant laws and agency documents; interviewed USADF officials in Washington, DC, Zambia, and Nigeria; and conducted a site visit to USADF grantees in Zambia.

What GAO Found U.S. Customs and Border Protection (CBP) uses non-intrusive inspection (NII) systems, such as X-ray machines, to inspect vehicles and travelers at land ports of entry (POE). As part of this process, CBP officers use large-scale NII systems to scan entire vehicles and their contents. These scans produce images that CBP officers review to help detect illegal drugs or other contraband. In 2020, to increase vehicle scans, CBP began deploying these systems to preprimary inspection areas—before a traveler is interviewed by a CBP officer. Previously, NII systems were generally used only when an officer determined that further inspection was required after the interview. Non-Intrusive Inspection Systems Deployed in the Preprimary Inspection Area at the Bridge of the Americas, El Paso, Texas CBP uses performance data to help ensure large-scale NII systems are operational, but it has not defined all key performance parameters for NII systems. For one key parameter, CBP reports and uses data on the percent of time that large-scale NII systems are available for operational use. However, CBP has not clearly defined or reported results for its other two key parameters related to inspection rate and examination of containers and cargo. For example, CBP’s inspection rate parameter requires 100 percent inspection of high-risk commercial vehicles and container cargo, but CBP has not clearly defined the term high risk. Clearly defining and reporting results for all of its key performance parameters would help CBP manage the NII program and inform future procurement decisions. CBP has made progress deploying large-scale NII systems. As of February 2025, 52 of 153 planned systems are fully operational, nearly all at preprimary inspection areas. Deployments have cost more than CBP estimated due to, for example, unexpected construction challenges. Congress directed CBP to develop a plan to achieve 100 percent scanning of commercial and passenger vehicles and rail containers at land POEs using large-scale NII by 2027. However, some POEs lack installation space and CBP’s plans for the southwest border omit nine passenger vehicle crossings that together account for nearly 40 percent of passenger vehicle traffic at that border. Without these crossings in its plan, CBP risks entry of many unscanned passenger vehicles, hampering its ability to prevent illegal drugs and other contraband from entering the U.S. Why GAO Did This Study Since 2019, CBP has received over $2 billion that they have used to deploy additional NII systems to land POEs, which are a key drug smuggling route. GAO was asked to review the implementation and effectiveness of CBP’s NII program. This report examines (1) how CBP uses NII systems during inspections at land POEs, (2) CBP’s assessment of large-scale NII performance, and (3) the status of large-scale NII system deployments. GAO analyzed NII program documentation, including inspection procedures, performance data, and deployment plans, and interviewed program officials. GAO also interviewed and observed CBP officers conducting inspections at land POEs within all four field offices where large-scale NII systems had been deployed in preprimary inspection areas. These POEs included a variety of large-scale NII systems and types of crossings (passenger and commercial vehicles, and rail) along the southwest border. GAO also interviewed officials at a northern border field office that was in the process of deploying new large-scale NII systems.

What GAO Found Generative artificial intelligence (AI) systems create outputs using algorithms, which are often trained on text and images obtained from the internet. Technological advancements in the underlying systems and architecture, combined with the open availability of AI tools to the public, have led to widespread use. The Department of Veterans Affairs (VA) increased its number of AI use cases between 2023 and 2024. VA has also identified challenges in using AI—such as difficulty complying with federal policies and guidance, having sufficient technical resources and budget, acquiring generative AI tools, hiring and developing an AI workforce, and securing sensitive data. GAO has identified a framework of key practices to help ensure accountability and responsible AI use by federal agencies—including VA—in the design, development, deployment, and continuous monitoring of AI systems. VA and other agencies can use this framework as they consider, select, and implement AI systems (see figure). Figure: GAO’s Artificial Intelligence (AI) Accountability Framework VA’s use of the AI accountability framework along with a solid foundation of IT management and AI use cases could enable the department to better position itself to support ongoing and future work involving the technology. Why GAO Did This Study Developments in generative AI—which can create text, images, audio, video, and other content when prompted by a user—have revolutionized how the technology can be used in many industries, including healthcare, and at federal agencies including VA. AI is a transformative technology for government operations, but it also poses unique challenges because the source of information used by AI systems may not always be clear or accurate. These challenges may be difficult for federal agencies including VA to overcome. In prior reports, GAO found that VA has experienced longstanding challenges in managing its IT projects and programs. This raises questions about the efficiency and effectiveness of its operations and its ability to deliver intended outcomes needed to help advance the department’s mission. GAO’s statement describes (1) VA’s AI use and challenges, and (2) principles and key practices for federal agencies that are considering implementing AI. GAO summarized a prior report that described VA’s use of AI. GAO also summarized key practices for federal agencies and other entities that are considering implementing AI systems.

What GAO Found The Department of Defense’s (DOD) Transportation Command (TRANSCOM) awarded its Global Household Goods Contract (GHC) in 2021 with the goal of improving both service members’ experiences with military moves and the government’s ability to oversee quality service. TRANSCOM intended to fully transition the household goods shipment and storage aspects of its Defense Personal Property Program to the contract. Various challenges delayed contract implementation initially, but limited GHC shipments began in April 2024. According to TRANSCOM, as GHC shipment volume and geographic coverage increased, the contractor faced limits in its capacity to manage the higher volumes, which resulted in missed or delayed pickups and deliveries. Citing continuous performance challenges, the Secretary of Defense directed the creation of a Permanent Change of Station Joint Task Force in May 2025 to develop recommendations for DOD's strategic path forward for the program. DOD ultimately terminated the GHC in June 2025. Military Service Member Move TRANSCOM did not have sufficient, comprehensive information about GHC (1) capacity, (2) performance, and (3) costs to effectively manage risks and oversee contract implementation. TRANSCOM officials had identified capacity constraints as a risk to the GHC before implementation, but they had only limited information on the contractor’s capacity and could not verify that information. DOD lacked comprehensive feedback on service members’ experiences with the GHC, limiting its assessment of contractor performance. Respondents to GAO’s survey of service members and spouses reported inadequate communication with the contractor’s customer service representatives about the status of their shipments and delays in multiple phases of the moving process. TRANSCOM did not have complete information regarding costs associated with the GHC transition; DOD incurred unplanned transition costs, paid management fees for task orders ultimately not carried out by the contractor, and lacked clarity on how GHC costs compared to existing program costs. By obtaining more comprehensive information on program capacity, performance, and costs, DOD will be better positioned to manage risks and oversee the program effectively as it develops its strategic path forward. Why GAO Did This Study DOD arranges for the worldwide movement and storage of about 300,000 personal property shipments of service members and their families each year, at an annual cost of approximately $2 billion. As a result of dissatisfaction with its relocation program, TRANSCOM awarded the GHC, worth up to $17.9 billion over approximately 9 years, to a single commercial move manager in November 2021. However, DOD terminated the contract in June 2025 due to the contractor’s failure to perform services specified in the terms and conditions of the contract. The House report accompanying a bill for the Servicemember Quality of Life Improvement and National Defense Authorization Act for Fiscal Year 2025 included a provision for GAO to review DOD’s management and oversight of the GHC. This report (1) describes DOD’s implementation of the GHC and (2) assesses the extent to which DOD had the information needed to effectively oversee contract implementation. GAO reviewed the GHC and implementation plans, DOD guidance, and acquisition regulations; interviewed DOD officials and performed two site visits; and surveyed service members and spouses on their experiences with GHC moves. GAO met with moving industry and contractor representatives and reviewed capacity, performance, and cost information.