Obtain training or technical assistance on the implementation of fraud risk management practices consistent with the Internal Control Integrated Framework, issued by COSO.

Use the fraud risks and fraud schemes HUD OIG identified and involve relevant stakeholders to create a program-specific fraud risk inventory to support HUD’s anti-fraud efforts and enhance oversight of the Capital Fund program.

Communicate Capital Fund program fraud risks and schemes to all its stakeholders, including PHAs, to increase program effectiveness.

Determine whether data currently collected from PHAs can be leveraged to identify and mitigate fraud risks and consider whether any additional data needs to be collected or systems enhanced to mitigate fraud risks.

Systematically evaluate whether control deficiencies identified by the AIR program have affected the accuracy or completeness of HUD’s financial statements. This assessment should include: 
a) Review relevant financial statement line items, disclosure, and account balances for misstatements attributable to ineffective controls;
b) Document the evaluation results, including the rationale for conclusions regarding the presence or absence of misstatements;
c) Make correcting entries to September 30, 2025 balances, as appropriate;
d) Retain supporting analysis for both internal and external review; and
e) Leverage test of balances results to inform remediation efforts.

Work with program offices through remediation activities to determine the underlying causes of the control deficiencies identified by the AIR program.
 

Based on the causes identified, coordinate with the program offices through remediation activities to develop corrective action plans with defined milestones, responsible parties, and timelines. Progress should be tracked, documented, and periodically reported to senior management.
 

Require targeted, role-specific training for program office staff and managers in areas where deficiencies were identified, including approvals, segregation of duties, recordkeeping, and delegated authority. This training should reinforce the importance of compliance with internal control requirements and include HUD escalation and enforcement mechanisms.

Assess and address barriers to timely and adequate responses from program offices during AIR program internal control testing. This assessment should:
a) Identify recurring causes for delayed or incomplete responses from program offices and implement escalation protocols or incentives to ensure timely fulfillment of AIR program requests;
b) Identify and implement efficiencies in the testing process to optimize the time program offices spend on the AIR program, such as streamlining communication, clarifying expectations, finding alternatives to time consuming tasks, and optimizing scheduling;
c) Provide additional guidance, training, or resources to program offices as needed to improve the quality and timeliness of submissions; and
d) Monitor response rates and timeliness, reporting persistent issues to senior leadership for corrective action.

Re-examine and enhance HUD’s process for evaluating the potential financial impact of control deficiencies identified by the AIR program or other sources to ensure that:
a) Assessments of financial impact are initiated promptly upon identification of control deficiencies;
b) The evaluation process is structured to deliver clear, actionable conclusions in sufficient time to inform any necessary adjustments to financial statements prior to the financial report date; and
c) Documentation of the assessment process and results is maintained to support audit requirements and management’s assertions.
 

Coordinate with the Principal Deputy Assistance Secretary for each Program Office to:
a) Define governance protocols to include reassessing HUD’s escalation protocols and enforcement mechanisms for repeated or willful noncompliance with documented controls, such as additional oversight, retraining, or disciplinary action as appropriate. Based on the assessment, update those protocols and mechanisms, as warranted.
b) Establish and resource a HUD-wide centralized digital repository for artifacts and key supporting documentation to provide consistent documentation retention and accessibility. Based on this initiative, define governance protocols for repository use, including security, version control, timely review/update requirements, and periodic audits to validate compliance.
 

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
 

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
 

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Issue guidance, including technical assistance, to all disaster recovery grantees that waivers for issues related to a disaster’s impact, like waivers of procurement policies, should be for reasonable and limited time periods after a disaster’s occurrence to ensure full and open competition.
 

Require the State to include in its procurement policy a reference to the New York State law which limits a State waiver of policies to 30 days unless renewed and to ensure that it clearly states whether the law affects the Governor’s 2012 waiver. Further, if it does not affect the 2012 waiver, require the State to take action to limit the use of that waiver to ensure full and open competition.
 

Require the State to implement a control, including documenting exceptions, to ensure that all contracts that exceed 5 years are approved by the Corporation.