Reporting Errors in Small Business Contracting at NNSA

The U.S. Government Accountability Office (GAO) recently released a report, GAO-25-106820, detailing significant errors in the National Nuclear Security Administration’s (NNSA) small business contracting data. The report, presented to the Senate Committee on Armed Services, found that between fiscal years 2018 and 2022, NNSA and its six management and operating (M&O) contractors incorrectly reported $1.1 billion of their $16.8 billion in small business awards. An additional $1.9 billion in reported contracts lacked sufficient data to verify whether the awards were actually made to small businesses. These findings highlight systemic issues in small business contracting oversight and point to potential risks in data reliability, oversight, and fraud prevention.

One of the core problems identified in the report is the absence of a requirement for M&O contractors to verify a business’s small status before reporting contract awards. As a result, businesses misrepresenting themselves as small, whether intentionally or unintentionally, contributed to the errors. Compounding this issue, contracting officers made mistakes in procurement systems, sometimes misclassifying businesses due to data entry errors or system limitations. For example, some M&O contractors’ procurement systems failed to capture exceptions to size standards, leading to misreporting of businesses that should not have been counted as small.

NNSA’s oversight mechanisms have not effectively ensured accurate reporting. The agency has relied heavily on summary-level data from the Electronic Subcontracting Reporting System (eSRS), which does not provide granular contract-level details necessary to verify small business achievements. Moreover, while NNSA has access to the Department of Energy’s (DOE) Management and Operating Subcontract Reporting Capability (MOSRC) data, it has not been leveraging it to validate reported figures. GAO’s findings suggest that NNSA’s lack of systematic data validation and internal auditing has led to continued reporting inaccuracies.

Further complicating matters, GAO found that NNSA had not conducted compliance audits of its M&O contractors since 2020 due to resource constraints. The Small Business Administration (SBA) conducted compliance reviews for two M&O contractors in 2022 and found several deficiencies, including improper size certifications and missing NAICS codes on subcontracting forms. Despite these findings, NNSA did not take additional steps to address similar deficiencies across its other contractors. This suggests a broader failure to disseminate and implement lessons learned from compliance reviews, which could have mitigated recurring errors.

Another critical issue identified in the report is NNSA’s failure to assess and mitigate fraud risks in its Small Business Program. The agency has acknowledged that fraud is a risk but has not implemented a systematic approach to identifying or addressing it. The lack of verification mechanisms allows businesses to misrepresent their size status, and without proactive fraud detection controls, NNSA cannot ensure that legitimate small businesses receive intended contracting opportunities. GAO’s Fraud Risk Framework outlines best practices for identifying and mitigating fraud risks, which NNSA has yet to fully adopt.

The implications of these findings are significant. Misreported small business awards undermine the integrity of federal small business contracting goals, potentially depriving eligible businesses of opportunities. Furthermore, without robust oversight and accurate data, policymakers and federal agencies cannot make informed decisions about small business participation in government contracting. The report calls for stronger internal controls, systematic data validation, and improved oversight to ensure compliance with small business contracting regulations.

To address these issues, GAO has made five key recommendations: (1) NNSA and its M&O contractors should identify the root causes of reporting errors and implement corrective actions, (2) NNSA should enhance oversight of reported data, (3) the agency should improve verification processes for small business awards, (4) lessons learned from compliance reviews should be documented and shared across contractors, and (5) NNSA should develop and implement fraud risk mitigation strategies. NNSA has agreed to implement these recommendations, but it remains to be seen whether concrete actions will follow.

Disclaimer: This blog post summarizes the findings of GAO-25-106820 and does not provide legal advice. The information presented is based on publicly available data and is not guaranteed to be accurate or comprehensive.