U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Departments are required by law to develop and maintain governance structures, controls, and processes to safeguard resources and assets. A robust fraud risk framework helps to ensure that programs fulfill their intended purpose and that funds are spent effectively. HUD relies on public housing authorities (PHAs) to detect and prevent fraud, waste, and abuse in its housing programs.  Therefore, we audited the New York City Housing Authority’s (NYCHA) fraud risk management maturity with the objective of assessing its fraud risk management practices for preventing, detecting, and responding to fraud when administering HUD‐funded programs. We chose NYCHA because it is HUD’s largest PHA, administering billions of dollars in HUD funding and because its programs receive over 25 percent of HUD’s rental assistance funding nationwide.

 We found that NYCHA has established several antifraud controls, but its processes to mitigate fraud risks are largely reactive. NYCHA is actively taking steps to formalize a more proactive fraud risk management approach and is progressing toward a more mature antifraud program.  We assessed NYCHA’s antifraud efforts against established best practices to determine the maturity of its fraud risk management practices, and found it to be at an “initial” maturity level. We found NYCHA does not have a comprehensive strategy or framework for identifying and responding to fraud risks. Specifically, it did not (1) assess fraud risks across NYCHA or develop a process to regularly conduct assessments to identify and rank fraud risks, (2) develop a response plan for fraud risks based on a fraud risk assessment, and (3) implement a process to monitor and evaluate the effectiveness of fraud risk management activities.

 Due to the size and complexity of NYCHA, as well as its high fraud risk exposure, it should aim for a higher fraud risk maturity level. Without a comprehensive fraud risk management framework or antifraud strategy, HUD funding will continue to be at an increased risk of fraud, and NYCHA will not be positioned to understand how it can best improve its programs to detect fraud or potential fraud.  Further, since HUD has not issued formal guidance to PHAs regarding its expectation of PHAs in assisting HUD with its responsibility to implement fraud risk management activities over HUD programs, it is likely that many PHAs have not implemented formal fraud risk management programs. As a result, HUD is missing a critical control using leading practices that could detect and prevent fraud and minimize fraud risk at the PHA level in the Office of Public and Indian Housing programs that spend approximately $38.5 billion annually on voucher and public housing programs, representing over 50 percent of HUD’s budget.

Recommendations

Public and Indian Housing

  •  
    Status
      Open
      Closed
    2025-FO-1001-001-A

    Develop a strategy to comprehensively assess and respond to fraud risks across NYCHA. The strategy should identify who within NYCHA is responsible for designing and overseeing activities to prevent and detect fraud. The strategy should also include how NYCHA will (1) assess fraud risks across NYCHA methodically and periodically, (2) create response plans for fraud risks that are identified, and (3) monitor and evaluate the effectiveness of fraud risk management activities. The strategy should also designate fraud risk responsibilities across NYCHA.

  •  
    Status
      Open
      Closed
    2025-FO-1001-001-B

    Based on the strategy, (1) complete an assessment of fraud risks across NYCHA, (2) create response plans for fraud risks that are identified, and (3) develop procedures to monitor and evaluate the effectiveness of fraud risk management activities.

  •  
    Status
      Open
      Closed
    2025-FO-1001-001-C

    Assess whether HUD’s other extra-large PHAs have mature fraud risk management programs and use the assessment to develop a strategy to reduce the fraud risk exposure to HUD. The strategy should include working with extra-large PHAs to implement appropriate fraud mitigation activities.

  •  
    Status
      Open
      Closed
    2025-FO-1001-001-D

    Work with HUD’s Chief Risk Officer to issue a notice to all PHAs explaining that PHAs are responsible for fraud risk management and play a role in fulfilling HUD’s requirement to identify and mitigate fraud risks. This notice should clearly indicate that PHAs should implement fraud risk management, which includes (1) completing an assessment of fraud risks, (2) creating response plans for fraud risks that are identified, and (3) developing procedures to monitor and evaluate the effectiveness of fraud risk management activities.