We audited the Puerto Rico Department of Housing’s (PRDOH) fraud risk management practices to assess the maturity of its antifraud efforts. HUD heavily relies on its grantees to detect and prevent fraud, waste, and abuse and PRDOH is HUD’s second largest Community Development Block Grant Disaster Recovery and Mitigation (CDBG-DR and CDBG-MIT) grantee with over $20 billion in block grant funding. Our objective was to assess PRDOH’s fraud risk management practices for preventing, detecting, and responding to fraud when administering programs funded by HUD grants addressing the 2017 disasters.
PRDOH’s fraud risk management processes to mitigate fraud risks either did not exist or were reactionary in nature. This resulted in the lowest desired maturity goal state -- Ad Hoc -- for organizations’ antifraud initiatives. PRDOH must improve its fraud risk management practices to adequately protect HUD funding provided for disaster recovery and mitigation efforts. Because PRDOH does not proactively manage fraud risk and its fraud risk management program is at the lowest state of maturity, it may have missed opportunities to strengthen controls and eliminate fraud vulnerabilities, leaving more than $20 billion in HUD disaster recovery and mitigation funds at increased risk of fraud. Implementing best practices and maturing PRDOH’s fraud risk management program will improve HUD and Puerto Rico’s ability to prevent and detect fraud and effectively utilize federal funds to support long-term disaster recovery and mitigation needs.
We recommended that HUD instruct PRDOH to (1) implement a process to regularly conduct fraud risk assessments and determine a fraud risk profile, and (2) improve its fraud awareness initiatives.
Further, we recommended that HUD (3) evaluate PRDOH’s risk exposure and tolerance as part of its program-specific fraud risk assessment for disaster grant programs; (4) coordinate with HUD’s Chief Risk Officer to provide training and technical assistance to PRDOH with a focus on the design, implementation, and performance of fraud risk assessments, and establish a fraud risk management framework for the organization; (5) assess whether grantees have mature fraud risk management programs within the disaster recovery and mitigation program; and (6) determine the fraud risk exposure in HUD's disaster recovery and mitigation programs, and work with grantees to implement appropriate fraud mitigation activities.