Fraud poses a significant risk to the integrity of federal programs and erodes public trust in government. For the U.S. Department of Housing and Urban Development’s (HUD) disaster recovery programs, fraud results in communities and individuals not receiving needed assistance to recover from and mitigate future disasters. Departments are required by law to develop and maintain governance structures, controls, and processes to safeguard resources and assets. A robust fraud risk framework helps to ensure that programs fulfill their intended purpose and that funds are spent effectively. We audited the U.S. Virgin Islands Housing Finance Authority’s (VIHFA) fraud risk management practices to assess the maturity of its anti-fraud efforts. HUD heavily relies on its grantees to detect and prevent fraud, waste, and abuse and VIHFA is a HUD Community Development Block Grant-Disaster Recovery (CDBG-DR) and -Mitigation (CDBG-MIT) grantee with nearly $2 billion in block grant funding. Our objective was to assess VIHFA’s fraud risk management practices for preventing, detecting, and responding to fraud when administering programs funded by HUD grants addressing the 2017 disasters.
VIHFA does not have fraud risk management processes to prevent and detect fraud risks. We assessed VIHFA’s fraud risk management program maturity at or below the lowest desired goal state (Ad Hoc), because some anti-fraud activities were disorganized, uncontrolled, and reactive, while other anti-fraud activities expected in a fraud risk management program were absent altogether. VIHFA’s overall fraud risk management processes are at such a low maturity level because its management has not developed or implemented a structured fraud risk management framework, and it lacks a dedicated entity to lead fraud risk management activities. VIHFA should immediately implement fraud risk management practices to adequately protect its HUD funding provided for disaster recovery and mitigation efforts. Although VIHFA is currently working on implementing enterprise-risk management, fraud risk management activities do not appear to be incorporated. Because VIHFA is not proactively managing fraud risk, it likely missed opportunities to strengthen controls and reduce fraud vulnerabilities, leaving nearly $2 billion in HUD disaster recovery and mitigation funds at increased risk of fraud.
To fully achieve its goal state, we recommend that HUD instructs VIHFA to develop and implement a fraud risk management program, which includes (1) a dedicated anti-fraud component to oversee risk management activities; (2) a fraud risk assessment process tailored to all levels of the organization to identify and assess risks; (3) regular evaluation of its fraud risk profile and fraud risk assessment outcomes, and; (4) fraud awareness initiatives to ensure staff’s fraud awareness when conducting day-to-day activities.
