U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Document
Document

We audited the California Department of Housing and Community Development (HCD) with the objective of evaluating HCD’s fraud risk management practices for its Emergency Solutions Grants Coronavirus Aid, Relief, and Economic Security Act (ESG CARES Act) program and assessing the maturity of its efforts to prevent, detect, and respond to fraud.  Fraudulent activity in the ESG CARES Act program can lead to significant financial losses, reputational damage to the grantee and the U.S. Department of Housing and Urban Development (HUD), breach of fiduciary duty, and most importantly, loss of funding assistance to intended beneficiaries.  A robust antifraud program will help ensure that pandemic grant funds are put toward their intended uses, funds are spent effectively, and assets are safeguarded. 

Congress provided $4 billion for the ESG CARES Act program, which represented a 1,379 percent increase to the regular 2020 annual ESG appropriation.  Given the influx of funding, we initiated a series of audits examining ESG CARES Act grantees’ fraud risk management practices and evaluating whether selected ESG CARES Act grantees are adequately prepared to prevent, detect, and respond to fraud. HCD was selected because it was authorized more than $319.5 million in ESG CARES Act program funds, a 2,505 percent funding increase from its formula ESG allocation for fiscal year 2020.  

HCD was not adequately prepared to prevent, detect, and respond to fraud due to the lack of focus it placed on fraud risks and establishing a robust fraud risk management framework.  Although HCD established a departmentwide enterprise risk management (ERM) framework, it was not robust enough to proactively identify fraud risks, and it was not developed with leading industry standards and best practices.[1]  This deficiency resulted in the lowest desired maturity goal state – ad hoc – for the organization’s antifraud initiatives.  HCD noted that it had limited resources to implement additional fraud risk measures. Further, HCD believed that it was not necessary to create a separate fraud risk management framework or build upon its existing ERM framework to incorporate fraud risk management practices. 

HCD’s management is responsible for managing fraud risk, including assessing the potential of fraud, and designing and implementing strategies to mitigate fraud risks.  Because it placed little emphasis on identifying fraud risks under its ERM framework and did not improve its antifraud practices to rise to a higher fraud risk management maturity level, it put more than $319.5 million in ESG CARES Act funds at an increased risk of fraud.  Although a well-designed fraud risk management framework is not infallible regarding fraud and risks of fraud, it is a powerful tool that can enhance management decision making, strengthen HCD’s reputation, and reinforce its commitment to safeguard HUD funding with regulators and the public.  

We recommend that HUD instruct HCD to (1) establish a separate fraud risk management framework or evaluate and build upon its ERM framework by incorporating fraud risk management practices and (2) obtain training or technical assistance on the implementation of fraud risk management practices. 

Chief Financial Officers Council’s Antifraud Playbook; the U.S. Government Accountability Office’s (GAO) Standards for Internal Control in the Federal Government, also known as the Green Book; and GAO’s A Framework for Managing Fraud Risks in Federal Programs

Recommendations

Community Planning and Development

  •  
    Status
      Open
      Closed
    2024-LA-1001-001-A

    Establish a separate fraud risk management framework or evaluate and build upon its ERM framework by incorporating fraud risk management practices that are consistent with the principles of GAO’s Standards for Internal Control in the Federal Government (Green Book), including developing a fraud risk management framework in alignment with best practices identified in GAO’s A Framework for Managing Fraud Risks in Federal Programs and the Chief Financial Officers Council’s Antifraud Playbook.

  •  
    Status
      Open
      Closed
    2024-LA-1001-001-B

    Obtain training or technical assistance on the implementation of fraud risk management practices consistent with the principles of GAO’s Standards for Internal Control in the Federal Government (Green Book).