1. Home
  2. |Insights
  3. |GAO: Ongoing DoD Fraud Risk Assessment Efforts Should Include Contractor Ownership

GAO: Ongoing DoD Fraud Risk Assessment Efforts Should Include Contractor Ownership

Client Alert | 1 min read | 11.27.19

On November 25, 2019, the Government Accountability Office (GAO) published a report examining risks posed to the Department of Defense (DoD) by contractors with “opaque ownership,” including financial and nonfinancial fraud and national security risks. Among other things, GAO found evidence that opaque ownership structures had been used to fraudulently inflate pricing and circumvent set-aside eligibility requirements in DoD procurements, and had enabled some foreign-owned companies to obtain contracts reserved for U.S. companies, access export controlled information without authorization, and/or misrepresent the country of origin of their offerings in order to meet domestic preference requirements. GAO recommended that DoD assess contractor ownership across DoD to determine whether additional ownership information should be collected to effectively manage potential fraud and national security risks. GAO noted that DoD has already begun a department-wide fraud risk management program, by requesting that DoD components identify risks and controls in place to mitigate these risks by July, 2019. The System for Award Management currently requires contractors to self-report information about their “immediate” and “highest-level” entity ownership – terms that do not necessarily match well with the often-complicated ownership structures of modern business, especially those contractors owned by private equity. This report may well result in additional reporting and certification requirements.

Insights

Client Alert | 2 min read | 07.15.26

CMMC Phase II Suspension Requires Reconsideration of Such Requirements in Solicitations

As discussed in more detail here, the U.S. Department of War (DoW) recently issued a memorandum (Memo 26-P-1023, dated July 13, 2026) directing the immediate suspension of Cybersecurity Maturity Model Certification (CMMC) Phase II requirements. Significantly, the memo directs that “all pending and future CMMC implementation milestones across DoW solicitations and contracts are held in abeyance until further notice.” Moreover, the DoW issued a memorandum on implementing these requirements (available here), directing agencies to issue amendments removing CMMC Level 2 and 3 requirements from active solicitations “as soon as practicable.” Contractors should monitor the government’s compliance with this requirement and should be prepared, if needed, to file a bid protest to protect their rights....