From 2017-2019, Congress appropriated approximately $39.5 billion in "Community Development Block Grant-Disaster Recovery" funds. These funds may be at risk of fraud from contractors, disaster recovery applicants, and grantees.
The Department of Housing and Urban Development has taken some steps to assess fraud risks agency-wide, but it hasn't conducted a comprehensive fraud risk assessment. In addition, HUD's current approach to evaluating fraud risk hasn't involved stakeholders, like grantees, who are responsible for designing and implementing the program's controls.
Our 2 recommendations to HUD address these issues.
Damage in Florida following Hurricane Michael
What GAO Found
GAO identified four categories of fraud risks facing the Department of Housing and Urban Development's (HUD) Community Development Block Grant – Disaster Recovery (CDBG-DR) from 2007 to 2020, including risks from contractors, disaster recovery applicants, grantees, and others, as shown below. In total, we identified 78 cases from Department of Justice (DOJ) public announcements and 110 HUD Office of Inspector General (OIG) enforcement cases. For example, in 2012 following Hurricane Sandy, a New Jersey couple applied for disaster assistance and fraudulently received $79,000 in CDBG-DR funds, according to HUD OIG records. The couple was convicted of conspiracy, falsification, and theft and was sentenced to 5 years imprisonment. The funding was for a seaside property they fraudulently claimed was their primary residence, but was later determined to be a summer vacation home that was ineligible for assistance. GAO also found that the CDBG-DR operates in a decentralized risk environment that may make it vulnerable to fraud since CDBG-DR funds flow through a number of entities before reaching their intended beneficiaries. In addition, the risk environment in which CDBG-DR operates may contribute to negative financial impacts, such as improper payments. Fraud can have nonfinancial impacts as well, such as fraudulent contractors obtaining a competitive advantage and preventing other businesses from obtaining contracts.
HUD has taken some steps to assess fraud risks agency-wide. For example, HUD conducts an agency-wide assessment of risks through a Front-End Risk Assessment, which also considers fraud risks. In 2020, HUD redesigned its agency-level approach to evaluate fraud risks through its Fraud Risk Management Maturity Model. While HUD has taken some steps to assess fraud risks agency-wide, GAO found that HUD has not conducted a comprehensive fraud risk assessment of CDBG-DR, as called for in GAO's Fraud Risk Framework. Further, HUD's current fraud risk approach does not involve relevant stakeholders such as grantees. Leading practices include tailoring the fraud risk assessment to the program and also involving relevant stakeholders responsible for the design and implementation of the program's fraud controls in the assessment process. Ensuring that a fraud risk assessment is completed specifically for CDBG-DR may provide greater assurance that HUD addresses CDBG-DR fraud risks, including ones identified in this report.
Why GAO Did This Study
In response to a historic string of natural disasters, Congress appropriated approximately $39.5 billion in CDBG-DR grant funds in 2017 through 2019, with most of the funding designated for Texas, Florida, Puerto Rico, and the U.S. Virgin Islands. However, accompanying this unprecedented amount of funding is an increased vulnerability to fraud given that CDBG-DR involves multiple factors.
GAO was asked to review a range of disaster recovery issues following the 2017 disaster season. This report addresses: (1) the fraud risks and risk environment of CDBG-DR and their impacts; and (2) the steps HUD has taken to assess fraud risk agency-wide, and specifically for CDBG-DR, in alignment with leading practices. GAO reviewed DOJ public announcements and HUD OIG enforcement cases to identify CDBG-DR fraud risks. GAO assessed HUD's procedures against leading practices in the Fraud Risk Framework. GAO interviewed HUD officials responsible for CDBG-DR and fraud risk assessment; and conducted site visits to Florida and Texas, selected partly for the amount of CDBG-DR funds they received, among other factors.
GAO makes two recommendations, including that HUD comprehensively assess fraud risks to CDBG-DR and involve relevant stakeholders in the assessment. HUD neither agreed nor disagreed with our recommendations, and instead offered a description of mitigating actions. GAO continues to believe the recommendations are warranted.
Recommendations for Executive Action
|Department of Housing and Urban Development||1. The Assistant Secretary for Community Planning and Development should comprehensively assess fraud risks to CDBG-DR, including identifying inherent fraud risks affecting it, assessing the likelihood and impact of inherent fraud risks, determining fraud risk tolerance, and examining the suitability of existing fraud controls. The assessment should also consider CDBG-DR's risk environment and be informed by the fraud risks identified in this report. (Recommendation 1)|
|Department of Housing and Urban Development||2. In comprehensively assessing fraud risks to CDBG-DR, the Assistant Secretary for Community Planning and Development should involve relevant stakeholders in the assessment process, including CDBG-DR grantees (states, territories, and local governments) that design and implement fraud controls. (Recommendation 2)|