HUD OCIO should update its enterprisewide business impact prioritization analysis procedures to include system dependencies and the characterization of system components (IG FISMA metric 61).

We recommend that the Deputy Secretary Develop and execute a detailed plan and timeline for both testing and reporting estimates of improper payments in the PIH-TBRA and PBRA programs in compliance with Federal law and OMB guidance.

Status

In response to the Management Alert, the Deputy Secretary stated that she would provide a plan in 30 days. On April 10, 2024, the Chief Financial Officer, Assistant Secretary for Housing, and Principal Deputy Assistant Secretary for Public and Indian Housing (PIH) stated their respective executives have been working together to develop a plan to accelerate HUD’s ability to produce statistically valid estimates. With respect to project-based rental assistance (PBRA), HUD plans to use ongoing data collection for fiscal year (FY) 2023 tier 1 and tier 2 payments to develop a statistical estimate in FY 2024. With respect to PIH-TBRA, in lieu of pursuing an estimate for the FY 2024 reporting cycle, PIH will focus on “its existing efforts to enhance PIH [IT] systems”, which HUD considers to be a more strategic use of resources. It is not clear from HUD’s response what PIH will do differently than it already had planned prior to the management alert as HUD did not provide a detailed plan or timeline for OIG review. As of June 21, 2024, a detailed plan or timeline has not been provided.

Analysis

As of June 21, 2024, HUD has not provided a detailed plan or timeline for OIG review. It remains unclear how HUD will produce an estimate in the PBRA programs in 2024 and when it will be able to produce an estimate for PIH-TBRA.

For HUD to close this recommendation, it must finish testing the full life cycle of payments in these programs and publicly report estimates of the improper payments in them. Merely producing a plan with future action target dates is not sufficient to meet the spirit of this recommendation.

PBRA and PIH-TBRA are the two largest program expenditures in HUD's portfolio, totaling $45.3 billion in FY 23, or 67.5 percent of HUD's total expenditures. HUD has been challenged with developing a compliant sampling methodology that can test the full payment cycle and that can be executed within the required timeframes. HUD’s sampling methodology did not test the full payment cycle. Further, the associated sample testing and statistical estimation of improper payments could not be completed in time for the required annual reporting of improper payment estimates in the Agency Financial Report (AFR), normally issued in November. To fully address this recommendation, the sampling methodology should test the full payment cycle, and the associated sample testing and statistical estimation must be completed in time to be included in the AFR.

Implementation of this recommendation will result in HUD better safeguarding taxpayer dollars and decrease improper payments.

Develop guidance for program offices to develop program office-specific action plans to address any causes found for high attrition rates in governmentwide high-risk MCOs and field offices in large cities.

Create a single, unified agency-specific MCO list updated to reflect current progress toward closing skills gaps.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

We recommend that the Deputy Assistant Secretary instruct PRDOH to implement a process to regularly conduct fraud risk assessments and determine a fraud risk profile. The fraud risk profile should include key findings and conclusions from the risk assessment, including the analysis of the types of fraud risks, their perceived likelihood and impact, risk tolerance, and the prioritization of risks.

We recommend that the Deputy Assistant Secretary for Grant Programs evaluate PRDOH’s risk exposure and tolerance as part of HUD’s program-specific fraud risk assessment for disaster grant programs.

We recommend that the Deputy Assistant Secretary for Grant Programs coordinate with HUD’s Chief Risk Officer to (1) provide training and technical assistance to PRDOH with a focus on the design, implementation, and performance of fraud risk assessments, and (2) establish a fraud risk management framework for the organization.

We recommend that the Deputy Assistant Secretary for Grant Programs assess whether grantees have mature fraud risk management programs within the disaster recovery and mitigation programs.

We recommend that the Deputy Assistant Secretary for Grant Programs determine the fraud risk exposure in HUD's disaster recovery and mitigation programs and work with grantees to implement appropriate fraud mitigation activities.

We recommend that the Director, Office of Disaster Recovery, perform monitoring of or otherwise review grantees’ detailed procedures for preventing duplication of benefits for each grant activity within the first year after HUD signs the grant agreement or before grantees process applications for assistance, whichever occurs first.

We recommend that the Director, Office of Disaster Recovery, develop and implement a process to review grantees’ detailed procedures for preventing duplication of benefits and require grantees to correct any deficiencies identified in the review before grantees process applications for assistance.

We recommend that the General Deputy Assistant Secretary, Office of Policy Development and Research, and the Deputy Chief Information Officer, Office of the Chief Information Officer develop the project management documents, as required by HUD’s Project Planning and Management Life Cycle V2.0 policy, including obtaining required approvals and ensuring that an adequate project risk management process is established for identifying, analyzing, and responding to project risks.

We recommend that the General Deputy Assistant Secretary, Office of Policy Development and Research; the Deputy Chief Information Officer; and the Director, Office of Disaster Recovery, identify and incorporate at least one additional data source into the Disaster Recovery Data Portal to further assist grantees with duplication of benefits assessments.

Provide additional guidance and training to servicers to address common loss mitigation issues found during this audit.