Technical writing
GAO Reports Database: The Congressional Watchdog Behind 900 Annual Federal Audits
The Government Accountability Office publishes 900+ reports, testimonies, and correspondence per year—audits, investigations, and evaluations of federal programs across every agency and department—representing the most comprehensive independent oversight of the federal government available to the public. Unlike inspector general reports (which are internal to the executive branch) or Congressional Research Service products (which are not always public), GAO reports are systematically published, freely accessible, and machine-readable through a public API.
What the GAO is
The Government Accountability Office is the legislative branch's investigative and audit arm. Congress created it in 1921 through the Budget and Accounting Act, which established the modern framework for federal fiscal accountability by separating the audit function from the executive branch agencies being audited. The GAO reports exclusively to Congress—not to the President—a structural independence that has defined its role for over a century.
The agency is headed by the Comptroller General of the United States, an appointment deliberately designed to insulate the office from political pressure. The Comptroller General serves a single non-renewable 15-year term, longer than any elected official or presidential appointee, and can be removed only by joint resolution of Congress for specific causes. Gene Dodaro has served as Comptroller General since 2010, appointed by President Obama after the retirement of David Walker. The non-renewable term means the Comptroller General has no incentive to moderate findings for career reasons.
The GAO employs approximately 3,500 staff and operates on an annual budget of roughly $700 million. Its workforce is heavily weighted toward auditors, analysts, attorneys, and subject-matter experts across every policy domain the federal government touches: defense acquisition, healthcare finance, environmental regulation, financial oversight, technology assessment, and law enforcement. The agency maintains offices in Washington, D.C., and field offices in major cities.
Work is initiated in two ways. Congress—through committees, subcommittees, or individual members—requests the GAO to examine a specific question or program. Statute also mandates certain recurring GAO reviews, most notably the annual review of the consolidated financial statements of the U.S. government and the biennial High Risk List. The GAO does not self-initiate investigations; every product responds to a congressional mandate or a specific congressional request.
Types of GAO products
The GAO produces several distinct categories of output, each serving a different function in the oversight ecosystem.
Reports are the GAO's flagship product. A typical report runs 50 to 200 pages and addresses a specific congressional question: how effectively is a program operating, are funds being spent as Congress intended, does a federal system have adequate controls to prevent fraud, is an agency meeting statutory deadlines? Reports include findings, conclusions, and recommendations directed at specific agency heads. GAO assigns each report a document number in the format GAO-YY-NNNNNN (e.g., GAO-24-106329), where the two-digit prefix indicates the fiscal year of publication. Reports are classified internally by priority: Priority A recommendations address the most significant vulnerabilities, Priority B recommendations address significant issues, and Priority C recommendations address efficiency improvements.
Testimonies are written and oral statements delivered before congressional committees. When a committee holds a hearing on a topic the GAO has studied, the Comptroller General or a senior official presents findings directly to members of Congress. Testimonies are published in full and indexed in the same database as reports.
Correspondence covers a range of shorter written products: letters responding to congressional inquiries, technical assistance memoranda, and enclosures providing information without the full analytical apparatus of a formal report. Correspondence products are included in the public database but are shorter and less thoroughly documented than formal reports.
Legal decisions include two major categories. Bid protest decisions—designated with a B-series number (e.g., B-420000)— resolve protests filed by contractors who believe a federal procurement was conducted improperly. The GAO resolves tens of thousands of bid protests per year and its decisions effectively constitute binding guidance on federal procurement law. Appropriations law opinions address questions about whether agencies are spending funds in ways Congress authorized; these opinions are the primary interpretive authority on the Antideficiency Act and related fiscal law.
High Priority Open Recommendations are tracked separately from reports. When the GAO issues a recommendation, it remains “open” until the relevant agency implements it. The GAO maintains a public database of open recommendations and publishes an annual report identifying the highest-priority ones. As of recent counts, more than 1,200 recommendations remain unimplemented across federal agencies, representing billions of dollars in potential savings and risk reduction if acted upon.
The annual fragmentation, duplication, and overlap report (GRCD) catalogs areas where multiple federal programs address the same or similar goals. Since the first such report in 2011, the GAO has identified hundreds of areas of fragmentation, duplication, or overlap, with Congress and agencies implementing actions that have generated tens of billions of dollars in financial benefits.
GAO audit types
Within the broad category of reports, the GAO conducts several methodologically distinct types of work.
Financial audits examine whether financial statements fairly present the financial condition of an entity in accordance with generally accepted accounting principles. The GAO's most consequential recurring financial audit is the consolidated financial statements of the U.S. government, which it has been unable to express a clean opinion on for every year the audit has been conducted. The Department of Defense alone—a $700+ billion organization— failed its first-ever financial audit in 2018 and has received a disclaimer of opinion in every subsequent year, reflecting material weaknesses in property accountability systems, financial management information systems, and the basic ability to reconcile reported balances to underlying transaction records.
Performance audits evaluate whether programs are achieving their intended goals and whether resources are being used efficiently and effectively. A performance audit might ask: Is the FAA's air traffic control modernization program on track? Are VA healthcare waitlists actually declining? Is the SBA's small business lending program reaching underserved communities? Unlike financial audits, performance audits do not result in an opinion on financial statements; they result in findings about program effectiveness and recommendations for improvement.
Investigations are targeted inquiries into specific allegations of waste, fraud, or abuse. When a congressional committee receives a whistleblower complaint or believes a specific federal program has been misused, it may request a GAO investigation. GAO investigators have subpoena-equivalent authority to obtain agency records and can conduct interviews under oath. Investigation reports often reveal specific dollar amounts of fraud or waste attributable to particular management failures.
Technology assessments are produced by the GAO's Science, Technology Assessment, and Analytics team. At congressional request, the GAO evaluates emerging technologies—artificial intelligence, quantum computing, synthetic biology, hypersonic weapons—and assesses their implications for federal policy, national security, and regulatory frameworks. These assessments are increasingly central to congressional consideration of technology legislation.
High-impact findings
The breadth of the GAO's mandate means its reports touch every major federal spending category. Several areas of recurring high-impact findings illustrate the pattern.
Department of Defense financial management is the single largest area of GAO concern by dollar value at risk. The DOD manages roughly $700 billion in annual budget authority, controls trillions of dollars in assets (real property, weapons systems, equipment, inventory), and operates financial systems that are so fragmented and outdated that it cannot produce auditable financial statements. Material weaknesses identified across successive audits include property accountability (the DOD cannot always locate or value its own equipment), financial system interfaces (automated systems that reconcile incorrectly), and journal vouchers (manual adjustments made without adequate documentation). The DOD has committed to achieving a “clean” audit opinion within this decade; the GAO has noted that progress has been slower than planned.
COVID-19 relief improper payments represent the largest single fraud event in the GAO's tracking history. Multiple GAO reports found that the CARES Act programs disbursed more than $135 billion in improper payments, including fraudulent Paycheck Protection Program loans, unemployment insurance claims filed for deceased individuals or using stolen identities, and Economic Injury Disaster Loan advances paid to ineligible recipients. The speed of program deployment and the deliberate waiver of standard identity-verification controls to reach recipients quickly created the conditions for fraud at scale.
Medicare improper payments are a perennial GAO finding, estimated by the Centers for Medicare & Medicaid Services at roughly $50 billion per year. The GAO has repeatedly flagged inadequate prepayment review, insufficient provider enrollment screening, and claims processing systems that pay first and audit later as systemic drivers. Medicare improper payments have appeared on the GAO High Risk List continuously since 1990.
IRS processing and enforcement have been the subject of multiple recent GAO reports covering filing backlogs, customer service phone wait times, paper return processing delays, and the tax gap (the difference between taxes legally owed and taxes actually collected, estimated at $600+ billion annually). GAO recommendations in this area have included expanding electronic filing mandates, modernizing legacy mainframe systems, and increasing audit coverage of high-income returns.
Infrastructure program oversight covers FAA air traffic control modernization, federal building energy efficiency, bridge and highway condition, and the disbursement of the $1.2 trillion Infrastructure Investment and Jobs Act. The GAO's High Risk List includes FAA's air traffic control modernization as a long-running area of concern, reflecting a decades-long program that has experienced repeated cost overruns and schedule slippage.
The GAO High Risk List
The High Risk List is the GAO's most consequential periodic publication. Issued in odd-numbered years since 1990—coinciding with the start of each new Congress—the list identifies federal programs and operations that are at high risk of fraud, waste, abuse, or mismanagement, or that are in need of broad reform. Inclusion on the High Risk List is a significant institutional signal: it tells Congress that a program requires sustained attention and that previous oversight has not produced adequate corrective action.
The current High Risk List contains approximately 38 areas. Long-tenured entries include DOD weapon systems acquisition (on the list since 1990), Medicare and Medicaid (since 1990), IRS tax enforcement and filing systems, the Office of Personnel Management's personnel security and suitability program, VA healthcare, federal oil and gas resources management, Department of Energy environmental cleanup, and the financial viability of the U.S. Postal Service. More recent additions include the management of IT acquisitions and operations government-wide, the 2020 Census, and federal emergency management.
Removal from the High Risk List requires meeting five criteria: demonstrated top leadership commitment, the capacity to address the problem, a corrective action plan, demonstrated progress, and evidence that the problem is resolved or well on its way to resolution. Few areas are removed in any given biennial cycle; the list has grown longer over time as new systemic vulnerabilities have been identified. The full High Risk List with agency-by-agency status updates is available at gao.gov/highrisk/overview.
Data access
The GAO provides public API access to its reports database, making programmatic bulk retrieval practical without scraping.
The primary API endpoint is https://www.gao.gov/api/reports/latest.json, which returns a JSON array of recent GAO products sorted by publication date descending. Individual reports can be retrieved by document number at https://www.gao.gov/api/reports/{ gao-number }. The JSON response for each product includes the document number (doc_num, e.g., GAO-24-106329), title, description, published date, report type, highlights, topics, agencies covered, and a products_url linking to the full report on gao.gov.
Full-text search across the GAO corpus is available through the Elasticsearch-backed endpoint at https://efts.gao.gov/LATEST/search. This endpoint accepts query parameters including query (full-text search), dateRange, dateRangeStart, dateRangeEnd, and resultSize. A query like ?query=defense&dateRange=custom&dateRangeStart=2024-01-01&dateRangeEnd=2024-12-31&resultSize=10 returns the ten most relevant GAO products mentioning “defense” published in 2024. Unlike the structured API, this endpoint searches report text, not just metadata, making it suitable for finding reports on specific topics across the full historical archive.
Open recommendations are tracked in a separate database at gao.gov/recommendations, where each recommendation's implementing agency, priority level, associated report, date issued, and current implementation status are publicly visible and filterable. The High Risk List status page at gao.gov/highrisk/overview provides area-by-area progress summaries with links to the underlying reports that document each high-risk designation.
Python: fetching and analyzing recent GAO reports
The following script uses the GAO API and full-text search endpoint to retrieve the 50 most recent products, compute distribution by report type, identify the agencies with the most audit coverage, extract the top topic categories, and count reports in the last 12 months mentioning fraud or improper payments. No API key is required.
import requests
import json
from collections import Counter, defaultdict
from datetime import datetime, timedelta
# ---------------------------------------------------------------------------
# GAO Reports API -- Recent reports, type distribution, top agencies, topics
# Docs: https://www.gao.gov/about/what-gao-does/reports-testimonies
# API: https://www.gao.gov/api/reports/latest.json (no key required)
# Full-text search: https://efts.gao.gov/LATEST/search
# ---------------------------------------------------------------------------
BASE_API = "https://www.gao.gov/api/reports"
SEARCH_API = "https://efts.gao.gov/LATEST/search"
HEADERS = {
"User-Agent": "research-bot/1.0 (contact: research@example.org)",
"Accept": "application/json",
}
# ---------------------------------------------------------------------------
# Step 1: Fetch the 50 most recent GAO reports via the latest endpoint
# Each record includes: doc_num, title, description, published_date,
# report_type, highlights, topics, agencies, products_url
# ---------------------------------------------------------------------------
resp = requests.get(f"{BASE_API}/latest.json", headers=HEADERS, timeout=30)
resp.raise_for_status()
reports = resp.json()
# The API returns a list of report objects directly
print(f"Fetched {len(reports)} recent GAO reports\n")
# Limit to 50 most recent (already sorted by date descending)
reports = reports[:50]
# ---------------------------------------------------------------------------
# Step 2: Distribution by report type
# Common types: Report, Testimony, Correspondence, Legal Decision
# ---------------------------------------------------------------------------
type_counter = Counter()
for r in reports:
rtype = r.get("report_type") or r.get("type") or "Unknown"
type_counter[rtype] += 1
print("=== Report type distribution (last 50 products) ===")
for rtype, count in type_counter.most_common():
bar = "\u2588" * count
print(f" {rtype:<22} {count:>3} {bar}")
print()
# ---------------------------------------------------------------------------
# Step 3: Agencies with the most audit findings
# The \'agencies\' field is a list of agency names or dicts
# ---------------------------------------------------------------------------
agency_counter = Counter()
for r in reports:
agencies = r.get("agencies", [])
if isinstance(agencies, list):
for a in agencies:
name = a.get("name", a) if isinstance(a, dict) else str(a)
if name:
agency_counter[name] += 1
elif isinstance(agencies, str) and agencies:
agency_counter[agencies] += 1
print("=== Top 10 agencies by audit coverage (last 50 reports) ===")
for agency, count in agency_counter.most_common(10):
print(f" {count:>3} {agency}")
print()
# ---------------------------------------------------------------------------
# Step 4: Top subject/topic categories
# ---------------------------------------------------------------------------
topic_counter = Counter()
for r in reports:
topics = r.get("topics", [])
if isinstance(topics, list):
for t in topics:
label = t.get("name", t) if isinstance(t, dict) else str(t)
if label:
topic_counter[label] += 1
print("=== Top 15 topic categories ===")
for topic, count in topic_counter.most_common(15):
print(f" {count:>3} {topic}")
print()
# ---------------------------------------------------------------------------
# Step 5: Reports mentioning "fraud" or "improper payments"
# Use the full-text search endpoint with date range (last 365 days)
# Endpoint: GET https://efts.gao.gov/LATEST/search
# Params: query, dateRange, dateRangeStart, dateRangeEnd, resultSize
# ---------------------------------------------------------------------------
one_year_ago = (datetime.utcnow() - timedelta(days=365)).strftime("%Y-%m-%d")
today = datetime.utcnow().strftime("%Y-%m-%d")
fraud_params = {
"query": "fraud OR \"improper payments\"",
"dateRange": "custom",
"dateRangeStart": one_year_ago,
"dateRangeEnd": today,
"resultSize": 100,
}
fraud_resp = requests.get(SEARCH_API, params=fraud_params, headers=HEADERS, timeout=30)
fraud_resp.raise_for_status()
fraud_data = fraud_resp.json()
total_fraud = fraud_data.get("hits", {}).get("total", {})
if isinstance(total_fraud, dict):
total_fraud = total_fraud.get("value", 0)
print("=== Reports mentioning fraud or improper payments (last 12 months) ===")
print(f" Total matching: {total_fraud:,}")
fraud_hits = fraud_data.get("hits", {}).get("hits", [])
fraud_types = Counter()
for hit in fraud_hits:
src = hit.get("_source", {})
fraud_types[src.get("report_type", "Unknown")] += 1
if fraud_types:
print(" By product type:")
for rtype, count in fraud_types.most_common():
print(f" {rtype:<22} {count}")
print()
# ---------------------------------------------------------------------------
# Step 6: Print summary table of the 10 most recent reports
# ---------------------------------------------------------------------------
print("=== 10 most recent GAO products ===")
print(f" {\'#\':<3} {\'Published\':<12} {\'Doc #\':<18} {\'Type\':<15} Title")
print(" " + "-" * 110)
for i, r in enumerate(reports[:10], start=1):
doc_num = r.get("doc_num", "N/A")
title = (r.get("title") or "")[:60]
pub_date = (r.get("published_date") or "")[:10]
rtype = (r.get("report_type") or "Unknown")[:14]
if len(r.get("title", "")) > 60:
title += ".."
print(f" {i:<3} {pub_date:<12} {doc_num:<18} {rtype:<15} {title}")
print()
# ---------------------------------------------------------------------------
# Step 7: Write full 50-report payload to JSON for downstream analysis
# ---------------------------------------------------------------------------
with open("gao_recent_reports.json", "w") as f:
json.dump(reports, f, indent=2, default=str)
print(f"Wrote {len(reports)} GAO report records to gao_recent_reports.json")
print("Each record includes doc_num, title, description, published_date,")
print("report_type, highlights, topics, agencies, and products_url.")
The script illustrates several practical patterns for working with the GAO API. The structured /api/reports/latest.json endpoint returns clean JSON with consistent fields suitable for metadata analysis; the efts.gao.gov endpoint provides full-text search across the entire corpus. Because the GAO's agency and topic fields can contain either strings or nested objects depending on the product type, the script handles both representations. For bulk historical analysis, the full-text search endpoint supports date-range filtering going back to 1971, making it possible to build a comprehensive longitudinal dataset of GAO findings by topic or agency without scraping individual report pages.
The doc_num field follows a consistent format (GAO-YY-NNNNNN) that encodes the fiscal year of publication as the first two digits after the hyphen. This allows easy filtering by year without parsing dates, and the document number is stable across all GAO systems—the same number appears in the API, on the report landing page, and in congressional citations. Using document numbers as primary keys when building a local GAO database avoids the ambiguity that would arise from using titles (which can be edited) or URLs (which can change across site redesigns).
GAO data in the Federal Data Hub
GAO reports are a critical secondary source for the Federal Data Hub because they document the quality and reliability of the primary datasets the Hub ingests. When the GAO finds that a federal agency's data system contains material weaknesses, those findings directly inform how the Hub weights and presents that data. A GAO finding that the DOD cannot reconcile property records, for example, is relevant to any analysis built on DOD procurement or inventory data.
The Federal Data Hub cross-references GAO recommendations against the agencies and programs tracked in its regulatory catalog. When an agency receives a GAO recommendation relating to data quality, reporting accuracy, or information system controls, that recommendation is surfaced alongside the relevant dataset entries. Open recommendations that have not been implemented are flagged, since unimplemented data quality recommendations are a signal that the underlying regulatory data may not fully reflect agency operations.
The GAO High Risk List also directly maps to Federal Data Hub coverage: every program on the High Risk List is a program for which multiple federal datasets exist, and the GAO's assessment of systemic management failures is the most authoritative public characterization of what those datasets can and cannot reliably represent. Medicare claims data, DOD contract data, and IRS tax gap estimates each carry interpretive caveats that trace directly to decades of GAO oversight findings.
Related: PACER federal courts database · USASpending federal contracts
Part of the Federal Regulatory Data Hub.