Departments are required by law to develop and maintain governance structures, controls, and processes to safeguard resources and assets. A robust fraud risk framework helps to ensure that programs fulfill their intended purpose and that funds are spent effectively. HUD relies on public housing authorities (PHAs) to detect and prevent fraud, waste, and abuse in its housing programs.  Therefore, we audited the New York City Housing Authority’s (NYCHA) fraud risk management maturity with the objective of assessing its fraud risk management practices for preventing, detecting, and responding to fraud when administering HUD‐funded programs. We chose NYCHA because it is HUD’s largest PHA, administering billions of dollars in HUD funding and because its programs receive over 25 percent of HUD’s rental assistance funding nationwide.

 We found that NYCHA has established several antifraud controls, but its processes to mitigate fraud risks are largely reactive. NYCHA is actively taking steps to formalize a more proactive fraud risk management approach and is progressing toward a more mature antifraud program.  We assessed NYCHA’s antifraud efforts against established best practices to determine the maturity of its fraud risk management practices, and found it to be at an “initial” maturity level. We found NYCHA does not have a comprehensive strategy or framework for identifying and responding to fraud risks. Specifically, it did not (1) assess fraud risks across NYCHA or develop a process to regularly conduct assessments to identify and rank fraud risks, (2) develop a response plan for fraud risks based on a fraud risk assessment, and (3) implement a process to monitor and evaluate the effectiveness of fraud risk management activities.

 Due to the size and complexity of NYCHA, as well as its high fraud risk exposure, it should aim for a higher fraud risk maturity level. Without a comprehensive fraud risk management framework or antifraud strategy, HUD funding will continue to be at an increased risk of fraud, and NYCHA will not be positioned to understand how it can best improve its programs to detect fraud or potential fraud.  Further, since HUD has not issued formal guidance to PHAs regarding its expectation of PHAs in assisting HUD with its responsibility to implement fraud risk management activities over HUD programs, it is likely that many PHAs have not implemented formal fraud risk management programs. As a result, HUD is missing a critical control using leading practices that could detect and prevent fraud and minimize fraud risk at the PHA level in the Office of Public and Indian Housing programs that spend approximately $38.5 billion annually on voucher and public housing programs, representing over 50 percent of HUD’s budget.