Federal Reports

The Postal Reorganization Act (PRA) of 1970 entrusted the Postal Service with a mission to provide trusted and affordable universal service to the American public. Congress established the U.S. Postal Service as an independent agency that receives the vast majority of its funding through revenue from postage. It is supported by the longstanding mailbox and mail delivery monopolies rather than from congressional appropriations. Over the last few decades, however, the steady decline of mail volume, the substantial liability of health and retirement benefit programs and, recently, an increasingly competitive package market have strained USPS’s financial sustainability.

We audited the California Department of Housing and Community Development (HCD) with the objective of evaluating HCD’s fraud risk management practices for its Emergency Solutions Grants Coronavirus Aid, Relief, and Economic Security Act (ESG CARES Act) program and assessing the maturity of its efforts to prevent, detect, and respond to fraud. Fraudulent activity in the ESG CARES Act program can lead to significant financial losses, reputational damage to the grantee and the U.S. Department of Housing and Urban Development (HUD), breach of fiduciary duty, and most importantly, loss of funding assistance to intended beneficiaries. A robust antifraud program will help ensure that pandemic grant funds are put toward their intended uses, funds are spent effectively, and assets are safeguarded. Congress provided $4 billion for the ESG CARES Act program, which represented a 1,379 percent increase to the regular 2020 annual ESG appropriation. Given the influx of funding, we initiated a series of audits examining ESG CARES Act grantees’ fraud risk management practices and evaluating whether selected ESG CARES Act grantees are adequately prepared to prevent, detect, and respond to fraud. HCD was selected because it was authorized more than $319.5 million in ESG CARES Act program funds, a 2,505 percent funding increase from its formula ESG allocation for fiscal year 2020. HCD was not adequately prepared to prevent, detect, and respond to fraud due to the lack of focus it placed on fraud risks and establishing a robust fraud risk management framework. Although HCD established a departmentwide enterprise risk management (ERM) framework, it was not robust enough to proactively identify fraud risks, and it was not developed with leading industry standards and best practices.[1] This deficiency resulted in the lowest desired maturity goal state – ad hoc – for the organization’s antifraud initiatives. HCD noted that it had limited resources to implement additional fraud risk measures. Further, HCD believed that it was not necessary to create a separate fraud risk management framework or build upon its existing ERM framework to incorporate fraud risk management practices. HCD’s management is responsible for managing fraud risk, including assessing the potential of fraud, and designing and implementing strategies to mitigate fraud risks. Because it placed little emphasis on identifying fraud risks under its ERM framework and did not improve its antifraud practices to rise to a higher fraud risk management maturity level, it put more than $319.5 million in ESG CARES Act funds at an increased risk of fraud. Although a well-designed fraud risk management framework is not infallible regarding fraud and risks of fraud, it is a powerful tool that can enhance management decision making, strengthen HCD’s reputation, and reinforce its commitment to safeguard HUD funding with regulators and the public. We recommend that HUD instruct HCD to (1) establish a separate fraud risk management framework or evaluate and build upon its ERM framework by incorporating fraud risk management practices and (2) obtain training or technical assistance on the implementation of fraud risk management practices. Chief Financial Officers Council’s Antifraud Playbook; the U.S. Government Accountability Office’s (GAO) Standards for Internal Control in the Federal Government, also known as the Green Book; and GAO’s A Framework for Managing Fraud Risks in Federal Programs

The independent public accounting firm of Brown & Company CPAs and Management Consultants, PLLC, under contract with the Office of Inspector General, audited Help America Vote Act (HAVA) grants administered by the Iowa Secretary of State, totaling $18.28 million. This included federal funds, state matching funds, and interest earned on the Election Security and Coronavirus Aid, Relief, and Economic Security (CARES) Act grants.

The VA Office of Inspector General (OIG) conducted an inspection to assess allegations regarding staff's failure to follow informed consent and against medical advice (AMA) discharge processes and that staff held a patient on the locked mental health unit involuntarily for 48 hours at the VA Southern Nevada Healthcare System (facility) in Las Vegas. The OIG identified a related concern regarding alignment of a medical center policy (MCP) with Nevada state law and Veterans Health Administration requirements.The patient presented to the Emergency Department requesting assistance with substance withdrawal and was admitted to the locked inpatient mental health unit for management of withdrawal symptoms. The OIG substantiated that staff, lacking a standardized process to follow, failed to have the required informed consent discussion to inform the patient that the unit is locked and treats patients with mental health conditions.Upon admission, the patient complained of the restrictive environment and behavior of fellow patients. After verbally requesting an AMA discharge, the patient agreed to remain. The next day, the patient completed a written AMA request and, in accordance with facility policy, was discharged within 24 hours of the request. However, Nevada law states that any patient voluntarily admitted must be released immediately after filing a written request for discharge.The OIG determined that although staff did not hold the patient involuntarily for 48 hours and followed their AMA discharge policy as written, the policy was inconsistent with state law.The OIG found the Facility Director failed to assign responsibility for ensuring the policy adhered to state laws, as required. This failure provided a gap, which may have led to the MCP not aligning with state law.The OIG made seven recommendations to the Facility Director related to the informed consent discussion process, MCP development process, and staff education on MCPs.