U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Hotline

Crime, Fraud, Waste, and Abuse
March 24, 2026
  • Community Planning and Development
2026-FW-1002
View Full Report

Fraud poses a significant risk to the integrity of federal programs and erodes public trust in government.  For the U.S. Department of Housing and Urban Development’s (HUD) disaster recovery programs, fraud results in communities and individuals not receiving needed assistance to recover from and mitigate future disasters.  Departments are required by law to develop and maintain governance structures, controls, and processes to safeguard resources and assets.  A robust fraud risk framework helps to ensure that programs fulfill their intended purpose and that funds are spent effectively. We audited the U.S. Virgin Islands Housing Finance Authority’s (VIHFA) fraud risk management practices to assess the maturity of its anti-fraud efforts.  HUD heavily relies on its grantees to detect and prevent fraud, waste, and abuse and VIHFA is a HUD Community Development Block Grant-Disaster Recovery (CDBG-DR) and -Mitigation (CDBG-MIT) grantee with nearly $2 billion in block grant funding.  Our objective was to assess VIHFA’s fraud risk management practices for preventing, detecting, and responding to fraud when administering programs funded by HUD grants addressing the 2017 disasters.

VIHFA does not have fraud risk management processes to prevent and detect fraud risks.  We assessed VIHFA’s fraud risk management program maturity at or below the lowest desired goal state (Ad Hoc), because some anti-fraud activities were disorganized, uncontrolled, and reactive, while other anti-fraud activities expected in a fraud risk management program were absent altogether.  VIHFA’s overall fraud risk management processes are at such a low maturity level because its management has not developed or implemented a structured fraud risk management framework, and it lacks a dedicated entity to lead fraud risk management activities.  VIHFA should immediately implement fraud risk management practices to adequately protect its HUD funding provided for disaster recovery and mitigation efforts.  Although VIHFA is currently working on implementing enterprise-risk management, fraud risk management activities do not appear to be incorporated. Because VIHFA is not proactively managing fraud risk, it likely missed opportunities to strengthen controls and reduce fraud vulnerabilities, leaving nearly $2 billion in HUD disaster recovery and mitigation funds at increased risk of fraud.  

To fully achieve its goal state, we recommend that HUD instructs VIHFA to develop and implement a fraud risk management program, which includes (1) a dedicated anti-fraud component to oversee risk management activities; (2) a fraud risk assessment process tailored to all levels of the organization to identify and assess risks; (3) regular evaluation of its fraud risk profile and fraud risk assessment outcomes, and; (4) fraud awareness initiatives to ensure staff’s fraud awareness when conducting day-to-day activities.
 

Recommendations

Community Planning and Development

  •  
    Status
      Open
      Closed
    2026-FW-1002-001-A
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Develop and implement a fraud risk management program with an emphasis on obtaining high-level management buy-in to ensure commitment from the board and senior management and subsequently, to ensure involvement of all levels of the program in setting an anti-fraud culture and tone to effectively combat fraud. This would include ensuring the program includes specific procedures to effectively manage fraud disclosures from employees and emphasis on reporting fraud to the HUD OIG Hotline.

  •  
    Status
      Open
      Closed
    2026-FW-1002-001-B

    Establish a dedicated anti-fraud component to design and oversee risk management activities within the organization and its subrecipients.

  •  
    Status
      Open
      Closed
    2026-FW-1002-001-C

    Implement fraud risk assessment processes tailored to all levels of the program to identify and assess risks to determine VIHFA’s disaster recovery and mitigation program’s risk profile.

  •  
    Status
      Open
      Closed
    2026-FW-1002-001-D

    Evaluate its program’s fraud risk profile and fraud risk assessment outcomes to (1) design risk responses and specific actions for responding to fraud, and (2) develop, document, and communicate an anti-fraud strategy for employees and stakeholders that contain all key elements described in GAO’s “A Framework for Managing Fraud Risks in Federal Program” (3) monitor and evaluate fraud risk management activities to improve the organization’s fraud risk management.

  •  
    Status
      Open
      Closed
    2026-FW-1002-001-E

    Implement fraud awareness initiatives, such as official anti-fraud training for staff and stakeholders, including subrecipients. This could include developing frequent formal communication containing newsletters or bulletins and post physical visual displays to ensure staff’s fraud awareness when conducting day-to-day activities.

  •  
    Status
      Open
      Closed
    2026-FW-1002-001-F

    Upon completion of recommendations 1A – 1E, assess whether VIHFA has established and implemented mature fraud risk management practices within its disaster recovery and mitigation programs.