Federal Reports

Fraud poses a significant risk to the integrity of federal programs and erodes public trust in government.  For the U.S. Department of Housing and Urban Development’s (HUD) disaster recovery programs, fraud results in communities and individuals not receiving needed assistance to recover from and mitigate future disasters.  Departments are required by law to develop and maintain governance structures, controls, and processes to safeguard resources and assets.  A robust fraud risk framework helps to ensure that programs fulfill their intended purpose and that funds are spent effectively. We audited the U.S. Virgin Islands Housing Finance Authority’s (VIHFA) fraud risk management practices to assess the maturity of its anti-fraud efforts.  HUD heavily relies on its grantees to detect and prevent fraud, waste, and abuse and VIHFA is a HUD Community Development Block Grant-Disaster Recovery (CDBG-DR) and -Mitigation (CDBG-MIT) grantee with nearly $2 billion in block grant funding.  Our objective was to assess VIHFA’s fraud risk management practices for preventing, detecting, and responding to fraud when administering programs funded by HUD grants addressing the 2017 disasters.

VIHFA does not have fraud risk management processes to prevent and detect fraud risks.  We assessed VIHFA’s fraud risk management program maturity at or below the lowest desired goal state (Ad Hoc), because some anti-fraud activities were disorganized, uncontrolled, and reactive, while other anti-fraud activities expected in a fraud risk management program were absent altogether.  VIHFA’s overall fraud risk management processes are at such a low maturity level because its management has not developed or implemented a structured fraud risk management framework, and it lacks a dedicated entity to lead fraud risk management activities.  VIHFA should immediately implement fraud risk management practices to adequately protect its HUD funding provided for disaster recovery and mitigation efforts.  Although VIHFA is currently working on implementing enterprise-risk management, fraud risk management activities do not appear to be incorporated. Because VIHFA is not proactively managing fraud risk, it likely missed opportunities to strengthen controls and reduce fraud vulnerabilities, leaving nearly $2 billion in HUD disaster recovery and mitigation funds at increased risk of fraud.  

To fully achieve its goal state, we recommend that HUD instructs VIHFA to develop and implement a fraud risk management program, which includes (1) a dedicated anti-fraud component to oversee risk management activities; (2) a fraud risk assessment process tailored to all levels of the organization to identify and assess risks; (3) regular evaluation of its fraud risk profile and fraud risk assessment outcomes, and; (4) fraud awareness initiatives to ensure staff’s fraud awareness when conducting day-to-day activities.

Our Objective(s)

To assess the Federal Aviation Administration's (FAA) actions to (1) improve its monitoring of controller staffing levels at contract towers and (2) evaluate training requirements and other factors that may impact staffing at contract towers. Why This Audit FAA's Contract Tower (FCT) Program consists of 266 contract towers staffed by over 1,500 controllers. Section 605 of the FAA Reauthorization Act of 2024 mandates our office to examine the adequacy of staffing levels, the supply and demand of trained and certificated personnel, and FAA's efforts to allow contractors to conduct initial and on-the-job air traffic controller training to candidates that do not have prior air traffic control experience. 

What We Found 

FAA restructured the FCT Program to improve monitoring of staffing levels at contract towers, but its processes for validating staffing data still have weaknesses. FAA reorganized the FCT Program's administration to delegate responsibility for monitoring staffing levels. FAA updated contractual requirements for contract towers that fall below their full performance level and for towers that are not operational due to staffing. FAA updated its processes for tracking contractors' full performance levels, storing documents, identifying and tracking when a contract tower is not operational, and conducting quarterly reviews. However, FAA still faces challenges validating controller staffing data provided by contractors. FAA altered training requirements to expand the controller hiring pool, but challenges remain to maintain adequate staffing levels at contract towers. FAA took steps to expand the controller hiring pool and streamline training requirements for entry-level controllers. However, these efforts have not improved staffing, as the FCT Program remained understaffed by roughly 18 percent as of April 2025. Controller attrition and stagnant wage rates continue to impact staffing levels at contract towers. 

Recommendations 

We made 3 recommendations to improve FAA's monitoring of controller staffing levels and boost controller staffing at contract towers.

We determined that USDA’s IT security directives are not sufficiently relevant and effective to address recent threats, as they are not consistently updated and some are similar in content or function, resulting in potential risks to USDA’s IT security posture.

The independent public accounting firm of McBride, Lock & Associates, LLC, under contract with the Office of Inspector General, audited Help America Vote Act (HAVA) grants administered by the Connecticut Secretary of the State, totaling $16.1 million. This included federal funds, state matching funds, and interest income earned on the Election Security grant.

This Office of Inspector General (OIG) Healthcare Facility Inspection program report describes the results of a focused evaluation of the care provided at the VA Fayetteville Coastal Healthcare System in North Carolina. 

This evaluation focused on five key content domains:
     •    Culture
     •    Environment of care
     •    Patient safety
     •    Primary care
     •    Veteran-centered safety net

The OIG issued no recommendations.

Kentucky generally fulfilled IIJA AML goals; however, we identified issues with its grant spending and financial performance tracking and reporting. 

Because BOR’s IRA-funded canal improvement projects have been cancelled, we are closing this audit.