Federal Reports

This independent auditors’ report on the U.S. Small Business Administration’s (SBA) improper payment reporting is required by the Payment Integrity Information Act of 2019. We contracted with the independent certified public accounting firm KPMG LLP to conduct a performance audit of SBA’s Fiscal Year (FY) 2022 compliance with the Act. The auditor was engaged to review the payment integrity section of SBA’s Agency Financial Report Fiscal Year 2022 (AFR) and accompanying materials to determine whether the agency complied with the reporting requirements under the Act.In the report, KPMG auditors found SBA was not compliant with 9 of the 10 reporting requirements under the Act and Office of Management and Budget (OMB) guidance.• The agency’s risk assessment methodology did not consider certain identified risk factors to adequately conclude whether the Restaurant Revitalization Fund, Shuttered Venue Operators Grant, and the payments for covered loans in the 7(a) and 504 Certified Development Company loan guaranty programs under the debt relief assistance program were likely to include improper and unknown payments above or below the statutory threshold.• The sampling and estimation methodology plans were not appropriate for the SBA disaster assistance loans, COVID-19 Economic Injury Disaster Loans (COVID-19 EIDL), and Economic Injury Disaster Loan Targeted Advance programs and activities. • SBA did not demonstrate improvements to payment integrity for 7(a) loan guaranty purchases because the improper payment estimate increased between fiscal years 2021 and 2022, and• SBA did not publish improper and unknown payment estimates, corrective action plans, and reduction targets within the AFR and accompanying materials for PPP loan guaranty purchases and forgiveness activities.SBA indicates that it is committed to reducing the dollar amount of improper payments, ensuring program integrity, and continuing to implement effective risk management procedures in accordance with improper payment legislation.

This report presents the results of our audit of U.S. Postal Service Products Billing Determinants.

We performed a self-initiated audit at the Miami Processing and Distribution Center and four delivery units serviced by the P&DC during the week of January 30, 2023. The delivery units included the Allapattah Station, Doral Branch, Flagler Station, and Princeton Branch.

Quality Review of FLRA OIG Audit Operations for the Period April 1, 2022 through March 31, 2023

We performed a self-initiated audit at the Miami Processing and Distribution Center and four delivery units serviced by the P&DC during the week of January 30, 2023. The delivery units included the Allapattah Station, Doral Branch, Flagler Station, and Princeton Branch.We issued individual reports for the four delivery units and the P&DC we visited. We issued another report summarizing the results of our audits at all four delivery units with specific recommendations for management to address.

This report offers the OIG’s perspective relative to fraud risks facing the company as it continues its expansion into large-scale acquisitions and infrastructure programs. If history is any indicator, funding from the Infrastructure Investment and Jobs Act—like other large spending bills—will be targeted by criminals through a variety of unlawful fraudulent schemes. To its credit, the company recently established an Integrated Risk and Compliance Program (IRCP) to monitor fraud risks and establish capabilities to proactively identify fraudulent activity. We have already engaged with the IRCP, and we are optimistic that our insights will help make the company a harder target for fraud-related crimes. Since 2017, however, our office has investigated 99 fraud-related cases impacting the company and helped recover $120 million in restitution, forfeitures, and other recoveries. We have also issued 22 audit reports during this period identifying weak controls that would-be criminals could exploit. With the company anticipating that it will have at least $30 billion in active capital projects in fiscal year 2023, this report synthesizes some of our prior work, illustrates how fraud risks manifest, and shares ways the company can mitigate these risks. Our work focuses specifically on four high-risk fraud areas: • Contracts and procurements• Health care• Employee wrongdoing• Cybercrime

The Postal Service has been working on several measures to protect its international business. The OIG suggests it develop commercial shipping options, both in inbound and outbound, to better cater to the requirements of large ecommerce shippers and provide more support to help smaller merchants navigate the complexity of international shipping. USPS could also speed up efforts to combat fake, low-cost shipping labels on packages shipped to the U.S., which harm both revenue and brand. Finally, it could provide more clarity on the role the Postal Service intends to play in the international shipping arena now and in the future.

We audited the U.S. Department of Housing and Urban Development’s (HUD) temporary policy for endorsement of loans with COVID-19 forbearance activity because an analysis of data in HUD’s systems showed that there may have been loans that did not comply with the policy’s requirements. The policy was one aspect of HUD’s broader emergency response to COVID-19, which also included an eviction moratorium and loan forbearance for borrowers experiencing financial hardship. The objectives of the audit were to determine (1) whether HUD’s temporary endorsement policy related to COVID-19 forbearance activity was properly followed by lenders, (2) whether HUD monitored and enforced indemnification agreements for loans that were subject to the temporary policy, and (3) HUD’s reasons for ending the policy during the pandemic and its plans to evaluate and use such policies in the future.HUD could improve oversight of the temporary endorsement policy. Specifically, HUD did not ensure that (1) lenders consistently followed policy requirements and (2) indemnification agreement data and records related to the policy were complete and accurate. These deficiencies occurred or went undetected due to unclear guidance and because HUD did not update its oversight strategy to specifically cover the policy and reconcile relevant data and records. As a result, the Federal Housing Administration (FHA) insurance fund was exposed to greater risk from at least $83 million in loans for which lenders did not follow requirements, and HUD’s ability to monitor and enforce indemnification agreements could be compromised until it corrects its data and records. Additionally, HUD terminated the policy due to limited use and did not have plans to further evaluate or use the policy in the future. As a result, HUD did not know whether using a similar policy during future disasters and emergencies or permanently could manage risk to the insurance fund while increasing lender participation.We recommend that HUD (1) require lenders to execute 5-year indemnification agreements for loans that were missing required agreements or were otherwise ineligible to put up to $1.8 million to better use by avoiding potential losses; (2) request and analyze data from lenders for loans at risk of noncompliance to identify loans that should have been subject to the policy or were otherwise ineligible for insurance and require lenders to protect HUD against losses on these loans to put up to $26.8 million to better use; (3) record indemnification agreement data in its system for agreements that were executed but not recorded to put up to $3.5 million to better use; (4) review and correct indemnification agreement data as needed in its system; (5) update indemnification agreements with incorrect or missing information; and (6) consider evaluating whether and how a similar policy could be used in the future. This should include studying lenders’ use of the policy, the long-term performance of loans endorsed under it, and the compliance, guidance, and process issues discussed above to refine future policies.