From 2017-2019, Congress appropriated approximately $39.5 billion in “Community Development Block Grant-Disaster Recovery” funds. The Government Accountability Office (GAO) says these funds may be at risk of fraud from contractors, disaster recovery applicants, and grantees.
A GAO review has found that the Department of Housing and Urban Development (HUD) has taken some steps to assess fraud risks agency-wide, but it hasn’t conducted a comprehensive fraud risk assessment. In addition, HUD’s current approach to evaluating fraud risk hasn’t involved stakeholders, like grantees, who are responsible for designing and implementing the program’s controls.
GAO identified four categories of fraud risks facing HUD’s Community Development Block Grant – Disaster Recovery (CDBG-DR) from 2007 to 2020, including risks from contractors, disaster recovery applicants, grantees, and others. In total, the watchdog identified 78 cases from Department of Justice (DOJ) public announcements and 110 HUD Office of Inspector General (OIG) enforcement cases. For example, in 2012 following Hurricane Sandy, a New Jersey couple applied for disaster assistance and fraudulently received $79,000 in CDBG-DR funds, according to HUD OIG records. The couple was convicted of conspiracy, falsification, and theft and was sentenced to 5 years imprisonment. The funding was for a seaside property they fraudulently claimed was their primary residence, but was later determined to be a summer vacation home that was ineligible for assistance.
GAO also found that the CDBG-DR operates in a decentralized risk environment that may make it vulnerable to fraud since CDBG-DR funds flow through a number of entities before reaching their intended beneficiaries. In addition, the risk environment in which CDBG-DR operates may contribute to negative financial impacts, such as improper payments. Fraud can have nonfinancial impacts as well, such as fraudulent contractors obtaining a competitive advantage and preventing other businesses from obtaining contracts.
GAO found that HUD has taken some steps to assess fraud risks agency-wide. For example, HUD conducts an agency-wide assessment of risks through a Front-End Risk Assessment, which also considers fraud risks. In 2020, HUD redesigned its agency-level approach to evaluate fraud risks through its Fraud Risk Management Maturity Model. While HUD has taken some steps to assess fraud risks agency-wide, GAO found that HUD has not conducted a comprehensive fraud risk assessment of CDBG-DR, as called for in GAO’s Fraud Risk Framework. Further, HUD’s current fraud risk approach does not involve relevant stakeholders such as grantees. Leading practices include tailoring the fraud risk assessment to the program and also involving relevant stakeholders responsible for the design and implementation of the program’s fraud controls in the assessment process.
GAO makes two recommendations, including that HUD comprehensively assess fraud risks to CDBG-DR and involve relevant stakeholders in the assessment. HUD neither agreed nor disagreed with the recommendations, and instead offered a description of mitigating actions.