GAO Audit Flags $4.2 Billion in Duplicative Federal IT Contracts, May 6 Release Expected

GAO audit identifies $4.2 billion in overlapping federal IT contracts

A forthcoming Government Accountability Office audit has identified approximately $4.2 billion in overlapping federal information-technology contracts across 14 agencies, and the report is scheduled for public release on May 6 at 10 a.m. Eastern, according to two congressional appropriators familiar with a closed-door briefing on Capitol Hill. The audit, titled Federal Information Technology Contract Overlap: Fiscal Years 2023 Through 2026, found that three agencies alone account for more than $900 million in duplicative cloud-computing and cybersecurity work, the officials said.

The 18-month review began in October 2024 and compared contract descriptions, obligation data, and vendor identities across roughly 1,200 active IT awards, according to a GAO investigator involved in preparing the report. The investigator said the team flagged 117 contracts with overlapping scopes, including instances where two agencies paid separate contractors to build nearly identical data dashboards and where three departments each retained outside firms to manage separate zero-trust security architectures.

"The dollar figures are preliminary until the final report is printed, but the total is not expected to move by more than $100 million either way," the GAO investigator said. The investigator spoke on condition of anonymity because the report remains under embargo until its official release.

The findings arrive as the House Appropriations Committee begins drafting fiscal 2027 spending bills and as the Office of Management and Budget prepares a May 8 directive that will freeze new obligations on at least three of the contested contracts, according to a budget analyst at OMB. The analyst said the directive is intended to prevent additional duplication while Congress and agency inspectors general review the audit.

Specific agencies and projects named in the audit

The Agriculture Department's $312 million cloud migration for its Farmers.gov portal is among the largest single examples of overlap cited in the report, the two congressional appropriators said. The project, awarded in February 2025 to a Virginia-based systems integrator, closely mirrors a $198 million student-aid portal modernization at the Education Department and a $276 million loan-servicing platform at the Small Business Administration, the officials said.

The Department of Homeland Security accounts for another major cluster of duplication. The Cybersecurity and Infrastructure Security Agency awarded a $427 million contract in November 2024 to expand continuous-diagnostic monitoring across civilian agencies, while the General Services Administration already obligated $391 million for a separate FedRAMP cloud-authorization initiative that covers many of the same systems, according to the GAO investigator. The two programs share at least 14 vendor relationships and five technical standards, the investigator said.

Health and Human Services also appears repeatedly. The department's $241 million public-health data exchange and the Centers for Disease Control and Prevention's $184 million disease-surveillance modernization rely on overlapping data pipelines and could be consolidated under a single interagency agreement, the report concludes. The two congressional appropriators said the duplication was especially striking because both projects use the same contractor and operate out of facilities in the Atlanta metropolitan area.

The audit further identifies $53 million in duplicative software licenses across the Justice Department, the Interior Department, and the Environmental Protection Agency, the GAO investigator said. The licenses cover identical project-management suites that agencies purchased through separate blanket purchase agreements rather than a government-wide acquisition contract.

Capitol Hill reaction and what comes next

House appropriators are expected to use the report during markups scheduled for the week of May 11, the two congressional officials said. One aide said the committee staff has already drafted language that would redirect roughly $600 million of the identified overlap into a newly created shared-services fund at the General Services Administration. The language could be inserted into the fiscal 2027 Financial Services and General Government appropriations bill, the aide said.

The OMB budget analyst said agency chiefs of staff met on April 30 at 3 p.m. in Room 252 of the Eisenhower Executive Office Building to coordinate their responses. The meeting produced a 12-page action memo, dated May 1, that orders the 14 agencies to submit consolidation plans by May 15 and to halt new task orders on the three most expensive overlapping contracts by May 8, the analyst said.

Senate oversight staff have also been briefed, according to one of the congressional appropriators. The staffer said the Senate Homeland Security and Governmental Affairs Committee is likely to hold a hearing on the audit during the last week of May, with invitations to the comptroller general and the OMB deputy director for management expected to go out by May 12.

The stakes extend beyond the $4.2 billion total. A former OMB official who worked on federal IT policy said overlapping contracts have delayed the retirement of legacy systems and increased the risk of cyber intrusions because security patches must be applied across multiple parallel platforms. The former official spoke on condition of anonymity to discuss sensitive internal reviews.

Watch for the GAO report's public release on May 6, the OMB directive on May 8, and the House Appropriations Committee markup during the week of May 11. If the proposed redirection language survives, the first shared-services contracts could be awarded by August, according to the budget analyst.