April 8, 2025

Article - False Claims Act Compliance StrategiesThe False Claims Act (FCA) has long been a critical tool for the U.S. government in fighting fraud within federal contracting. Recently, heightened enforcement efforts by the Department of Justice (DOJ) and other federal agencies have led to significant settlements and a growing concern among government contractors. As these enforcement actions ramp up, it’s crucial for contractors to take proactive steps to mitigate risk—especially through strengthening their internal audit functions and whistleblower programs. These mechanisms serve as key safeguards against potential FCA violations and can help organizations identify and address compliance issues before they escalate into costly legal battles.

Heightened FCA Enforcement in Government Contracting

Federal agencies and the Department of Justice (DOJ) are ramping up their FCA enforcement efforts, leading to significant settlements:

  • Lockheed Martin Settlement: In February 2025, Lockheed Martin agreed to a $29.74 million settlement over allegations of defective pricing on F-35 military aircraft contracts (Reuters).
  • Dell and Iron Bow Technologies Settlement: In November 2024, Dell paid $2.3 million and Iron Bow Technologies paid $2 million to resolve allegations of overcharging the U.S. Army for computer equipment (Business Insider).
  • Tetra Tech EC Settlement: A former Navy contractor, Tetra Tech EC, agreed to pay $97 million in February 2025 for falsifying data and soil samples during a military cleanup project (SF Chronicle).

Additionally, emerging areas of FCA enforcement include:

  • Cybersecurity Compliance: Contractors failing to adhere to federal cybersecurity standards are now targets of FCA scrutiny (Government Contracts Law).
  • Diversity, Equity, and Inclusion (DEI) Programs: A recent executive order raises compliance risks for federal contractors with DEI programs, potentially exposing them to FCA claims (WilmerHale).

How Internal Audit Can Mitigate FCA Risk

A robust internal audit function is instrumental in identifying, preventing, and responding to FCA violations. Effective internal audits address several key areas:

  • Monitoring Compliance: Regular audits of billing, pricing, and cybersecurity compliance so that all contract activities adhere to government regulations reduces the likelihood of fraudulent or erroneous claims.
  • Strengthening Internal Controls: By reviewing policies and procedures so they align with government contract requirements (such as FAR, DFARS, and CAS), internal audits can help prevent issues such as mischarging or defective pricing.
  • Detecting Anomalies: Proactively identifying unusual transactions or patterns allows contractors to address small issues before they snowball into major compliance breaches or FCA investigations.

Steps for Mid-Size Government Contractors Without an Internal Audit Function

For mid-size government contractors that don’t yet have a dedicated internal audit function, partnering with a trusted firm like GRF can provide significant benefits. Here are some practical steps to consider:

  • Co-Source or Outsource Internal Audit: By co-sourcing or outsourcing, contractors can leverage specialized expertise without the cost of a full-time internal audit team. This includes FCA risk assessments, cybersecurity reviews (NIST/CMMC), and compliance audits.
  • Conduct a Risk Assessment: Identify high-risk areas such as billing practices, contract compliance, procurement, and cybersecurity. Firms like GRF can assess these areas and pinpoint potential weaknesses in your controls, helping to reduce FCA exposure.
  • Enhance Compliance and Internal Controls: Review for compliance with critical regulations like FAR, DFARS, CAS, and cybersecurity standards such as NIST 800-171 and CMMC.
  • Establish Monitoring & Oversight Mechanisms: Even without an internal audit team, mid-size contractors can implement self-assessments, third-party audits, and periodic reviews to spot issues early.
  • Develop a Whistleblower Response Plan: Since many FCA violations come to light through whistleblower reports, having a clear process for managing complaints and implementing corrective actions can help prevent legal escalation.
  • Prepare for Government Audits & Investigations: Conduct mock audits and regular compliance assessments (either internally or with a third-party firm like GRF) to enhance readiness for potential investigations by agencies like the DCAA or DOJ.
  • Invest in Cybersecurity Compliance: As CMMC and NIST standards evolve, it’s critical for contractors to assess their cybersecurity posture and make the necessary adjustments to meet federal mandates.

The Importance of Whistleblower Programs

Under the FCA’s qui tam provisions, whistleblowers (often employees) can file lawsuits on behalf of the government and receive a portion of the recovery. A well-designed whistleblower program is essential for contractors seeking to avoid potential FCA liability.

A strong internal whistleblower program provides several benefits:

  • Encourages Internal Reporting: Safe, anonymous channels for reporting concerns reduce the likelihood that employees will escalate issues directly to the DOJ.
  • Enables Early Intervention: Addressing potential violations internally—before they escalate into formal investigations—helps contractors maintain compliance and protect their reputation.
  • Demonstrates a Culture of Integrity: A robust whistleblower program signals to both regulators and employees that compliance is a top priority for the organization.

How GRF Supports Whistleblower Programs & Independent Investigations

Whistleblower reports are often a leading source of FCA investigations, making it crucial for government contractors to have secure and well-managed reporting mechanisms in place. Without a structured approach, contractors risk FCA violations, reputational damage, and legal consequences.

Here’s how GRF can assist:

  • Design & Implement Secure, Anonymous Whistleblower Programs: GRF helps establish confidential reporting mechanisms that enable employees, subcontractors, and vendors to raise concerns without fear of retaliation.
  • Independent Investigations & Compliance Reviews: If a whistleblower allegation arises, GRF conducts independent, third-party investigations to assess the validity of the claims, evaluate internal controls, and recommend corrective actions—mitigating risks before they attract regulatory scrutiny.
  • FCA & Fraud Risk Assessments: We evaluate internal controls, policies, and reporting structures to identify any gaps that could expose contractors to FCA violations and DOJ investigations.
  • Training & Awareness Programs: GRF provides training for employees, leadership, and compliance teams, reinforcing FCA compliance, fraud prevention, and reporting best practices.
  • Regulatory Guidance & Crisis Management: If a whistleblower complaint results in a government inquiry, GRF assists with internal responses, voluntary disclosures, and compliance enhancements, establishing proper documentation and remediation efforts.

How to Build a Worldclass Whisteblower ProgramWith whistleblower activity on the rise, it’s essential that government contractors establish secure reporting systems to proactively address FCA risks. GRF’s expertise in internal audit, compliance, and investigations helps organizations reduce exposure, strengthen ethical cultures, and navigate potential risks. For more information, GRF has drafted a whitepaper on whistleblower programs which can be downloaded here.

Get Started Today!

The rising enforcement of the False Claims Act makes it more critical than ever for government contractors to strengthen their compliance frameworks. By establishing a strong internal audit function and an effective whistleblower program, contractors can identify and address risks early, avoiding costly settlements, reputational damage, and legal consequences.

At GRF, we understand the unique regulatory challenges facing government contractors. Our experienced internal audit professionals are dedicated to helping organizations establish and maintain strong compliance frameworks that reduce exposure to FCA liability.

For more details on recent FCA settlements, enforcement trends, or how GRF can support your internal audit and whistleblower programs, contact us today.

Melissa Musser, CPA, CISA, CITP, CIA, is a Partner and Director of GRF Risk & Advisory Services and currently serves as a board member for the Institute of Internal Auditors (IIA) DC Chapter. She is also the past president and incoming Mid-Atlantic District Representative of the IIA.

Melissa Musser, CPA, CIA, CITP, CISA

Partner and Director, Risk & Advisory Services

Call

Mac Lillard, GRF

Mac Lillard, CPA/ABV/CITP, CIA, CFE, CISA/CRISC

Senior Manager, Risk & Advisory Services

Call