Federal Reports

This statutory report presents the activities and accomplishments of the OIG from April 1, 2025, through September 30, 2025. The audits, investigations, and related work highlighted in the report are products of our mission to identify and stop fraud, waste, and abuse; and promote accountability, efficiency, and effectiveness through our oversight of the Department’s programs and operations.

Beginning in 2021, the U.S. Department of Housing and Urban Development (HUD) Office of Inspector General (OIG) conducted several audits to assess HUD’s anti-fraud efforts and to develop inventories of fraud risks for several of its programs.  Our previous work found that HUD’s fraud risk management program was in its early stages of development and we recommended that HUD perform program-specific fraud risk assessments and incorporate these assessments into an agency-wide plan to further advance its program. To continue assisting HUD in improving its anti-fraud efforts, we conducted this work to identify potential fraud risks and schemes that could negatively impact HUD’s Single Family Housing program.  Our objective was to assist HUD by developing an inventory of fraud risks for its Single Family Housing program.

As part of a larger effort by the HUD Office of Housing Operational Risk Division that included developing fraud risk inventories for all components of the Office of Housing, HUD created a fraud risk inventory for the Single Family Housing program that identified 28 fraud risks or schemes and covered many aspects of the program including appraisal, application, origination, servicing, invoices, and claims.  We identified five overall fraud risk factors that increase the chance of fraud occurring in the program by increasing the incentive, opportunity, and likelihood for an individual considering committing fraud.  We used these fraud risk factors, along with the results of brainstorming sessions, interviews, and reviews of audit reports, investigations, and press releases from HUD OIG and other agencies, to develop an inventory of 64 potential fraud schemes that HUD had not previously identified.  These schemes could be used to defraud the Single Family Housing program and undermine its integrity, resulting in an increased risk to the FHA insurance fund, borrowers, and lenders.  

We recommend that the HUD Office of Single Family Housing (1) use the OIG’s fraud risk inventory included in this report to enhance its Single Family program-specific fraud risk inventory, (2) include lenders and servicers in the fraud risk identification process and communicate the risks and schemes identified for the Single Family Housing program to relevant stakeholders, and (3) incorporate data and system enhancements into its plans to improve HUD’s ability to monitor and respond to fraud risks in the Single Family Housing program.

The Integrated Financial and Acquisition Management System (iFAMS) is a comprehensive financial management system intended to replace multiple legacy systems and combine both acquisition and financial functions. iFAMS, as part of the system’s financial-related functionality, contains sensitive acquisition information like pricing and labor rates. This information must be protected. The VA OIG conducted this audit to determine whether iFAMS user access controls that are intended to limit account privileges are sufficient to safeguard VA data and comply with applicable laws, regulations, and guidance.

The OIG found access was not sufficiently limited as required for all 20 Technology Acquisition Center (TAC) users sampled. The team determined 91 percent of the 2,818 users with access to TAC data did not work for TAC but were requesting access to TAC information as of February 2025. Additionally, 78 percent of these users had roles that granted exceptionally broad access to sensitive acquisition information, presenting widespread risk of unnecessary access.

This risk occurred, in part, because iFAMS access controls were too broad. Additionally, quality reviews did not capture all access granted to a user. Finally, the electronic tool that is available for supervisors and information owners to routinely see user roles and accesses does not show all accesses the users have been granted.

Unnecessary access could compromise sensitive acquisition data in iFAMS. With every additional user who can access sensitive information, the risk of misuse increases. VA concurred with the OIG’s three recommendations to improve iFAMS access controls before the system is implemented further.

KPMG LLP’s (KPMG) report on its financial statement audit of the National Credit Union Administration’s (NCUA) financial statements, which includes the Share Insurance Fund, the Operating Fund, the Central Liquidity Facility, and the Community Development Revolving Loan Fund, as of and for the year ended December 31, 2025. The NCUA prepared financial statements in accordance with the Office of Management and Budget (OMB) Circular No. A-136 Revised, Financial Reporting Requirements, and subjected them to audit. Under a contract monitored by the NCUA OIG, KPMG, an independent certified public accounting firm, performed an audit of NCUA’s financial statements as of December 31, 2025. The contract required that the audit be performed in accordance with generally accepted government auditing standards issued by the Comptroller General of the United States, OMB audit guidance, and the Government Accountability Office/President's Council on Integrity and Efficiency Financial Audit Manual. KPMG’s audit report for 2025 includes: (1) an opinion on the financial statements, (2) conclusions on internal control over financial reporting, and (3) a section addressing compliance and other matters. In its audit of the NCUA, KPMG found:• The financial statements were fairly presented, in all material respects, in conformity with U.S. generally accepted accounting principles,• There were no deficiencies in internal control identified as material weaknesses or significant deficiencies and• No instances of reportable noncompliance with laws and regulations it tested or other matters that are required to be reported under Government Auditing Standards or OMB guidance.