Develop and implement a strategy for collecting and analyzing agency-wide data, to include subrecipient and beneficiary data, to identify trends and potential indicators of fraud across programs.
Publication Report
2023-FO-0001 | October 26, 2022
Improvements are Needed in HUD’s Fraud Risk Management Program
We audited the U.S. Department of Housing and Urban Development’s (HUD) fraud risk management program at the enterprise and program-office levels and assessed its overall maturity. Our objective was to determine HUD’s progress in implementing a… moreRelated Recommendations
Chief Financial Officer
- Status2023-FO-0001-001-AOpenClosedPriorityPriority
We believe these open recommendations, if implemented, will have the greatest impact on helping HUD achieve its mission to create strong, sustainable, inclusive communities and quality affordable homes for all.
Perform a complete agency-wide fraud risk assessment (which incorporates the fraud risk assessments performed at the program level) and use the results to develop and implement an agency-wide plan to move HUD’s fraud risk management program out of the ad hoc phase.
Status
HUD has made steady progress in building its Fraud Risk Management program. In FY2024, HUD received Congressional approval to establish the Office of the Chief Risk Officer (OCRO). With its Fraud Risk Management Policy in place since 2022, OCRO worked with the HUD Risk Management Council to develop the Department’s approach and establish a cross-functional approach for Fraud Risk Management program accountability. The CRO also completed a fraud risk exposure assessment method that enables the Department to provide a risk-based approach to prioritize program fraud risk assessments and a department-level Fraud Risk Management Playbook to align HUD’s cross-functional activities and accountability to the GAO Fraud Risk Framework and CFO Council practices. The CRO is also working on tools and templates that are being customized for HUD program offices to help them complete their fraud risk assessments. Priority program offices are targeted to complete fraud risk assessments in 2025.
Analysis
While HUD has made progress in the area of fraud risk management, there is still work to be done for HUD to complete an entity wide fraud risk assessment. HUD's exposure analysis will help it to determine where to focus its efforts. The Department still needs to conduct program specific fraud risk assessments. Based on the demonstration by MFH, we believe that MFH has made great progress in its fraud risk assessment, and we are encouraged that it has identified areas of weakness that it plans to target. However, PIH and CPD have not been able to demonstrate progress in this area. We believe that the tools and templates the OCRO is developing, along with the continued support, will help PIH and CPD to complete these assessments.
To fully address this recommendation, HUD must provide evidence that it has performed an agency-wide fraud risk assessment performed at the program level, adopted and implemented its fraud risk assessment program departmental policy and that each HUD program office has established office-specific risk programs.
Develop and implement a procedure to collect and analyze reported suspected instances of fraud, along with other relevant data points, that can be leveraged to develop more robust antifraud risk mitigation tools.
Communicate to HUD program staff the differences between HUD’s enterprise risk management, PIIA, and financial risk management risk assessment processes to ensure an understanding of their roles and responsibilities within HUD’s fraud risk management program.
Develop and implement activities to raise awareness of fraud, such as participating in organized antifraud conferences or a newsletter that includes instances of recent fraud in Federal programs.
Collaborate with the Chief Risk Officer to conduct a workforce assessment to determine the level of dedicated full-time staff resources needed by the Chief Risk Officer to effectively (1) administer HUD’s enterprise and fraud risk management programs and (2) support program risk officers by increasing employee and stakeholder awareness of potential fraud schemes that could impact each program respectively.
If the workforce assessment determines that additional staff are needed, work with the Chief Risk Officer to staff the necessary positions.