The Department of Housing and Urban Development hands out tens of billions of dollars a year in grants and contracts. At the same time, the agency’s fraud risk management program is still in the early stages.
Elliott Johnson Jr., a senior management analyst in the HUD’s Office of the Chief Risk Officer, said a new tool that will help both mature the agency’s processes and reduce the amount of fraud in programs.
Led by the deputy CFO, HUD created a tool called the front end risk assessment (FERA) policy.
“It was phenomenal from the standpoint of the oversight community because it looked at the risk associated with the program, supplemental funding and the distress it put on a particular program area,” Johnson said after speaking at the recent AGA Internal Controls and Fraud Prevention Summit. “Previously, it was cumbersome as heck for the program folks because when you work on a program, such as trying to make sure you get safe, decent, affordable housing for folks and you’re doing something to assess the risk, you’re saying this is taking energy and time away from me to do what I really need to do as opposed to doing something that oftentimes we end up with a 300-page doorstop.”
Starting in 2018, the CRO and CFO offices started revising the policy to make sure it was useful, easy to use and less cumbersome on the program folks, and most importantly helped them prevent fraud.
Johnson said working closely with the agency’s inspector general’s office and relying on the Green Book, the standards for internal controls produced by the Government Accountability Office, the new FERA tool enables program offices to identify its real and potential risks in days instead of months.
“It has 21 different categories from compliance to systems to reputational and so on,” he said. “Since 2019, we’ve done roughly 20 program risk assessments. Our oversight community has bought into it and has been incredible because we’ve gotten nothing but outstanding feedback from GAO and our IG off of the assessments.”
21 risk categories to measure
HUD released the lasted FERA update in September, detailing the 21 categories, which range from funding, time and schedule to political visibility to regulatory involvement to legislative risk.
“FERA allows you to look through each one of the risk categories, assess whether it is high, medium or low and once you complete that throughout all the categories, you can put an appropriate risk response,” Johnson said. “What it really ends up being is like an itinerary for how you’re going to propose to spend the money down ensure that you get it safely through to the end of the funding. The absolute difference between the prior version and this one is that folks are actually using it after they complete it. They refer back and forth to it like a map you are using to drive across the country. Before no one would ever take the time to look through 300 pages or something to try to find where they saw the risk.”
Johnson added because the program offices are using FERA’s risk roadmap, IG and GAO auditors have more confidence that HUD is taking steps to eliminate or mitigate risks and make course corrections as needed.
The most recent IG report recognized HUD’s progress, but found it needs more resources to improve its anti-fraud controls and promote a culture of fraud.
The IG made five recommendations to the CRO and two more to the CFO for how to address their challenges.
Auditors, however, said FERA as well as the new risk management policy, which HUD updated in March and includes the concepts outlined in the FERA tool, as well as establishing fraud risk management as one of its top priority risks in its fiscal 2022 annual risk profile and designating November as HUD’s fraud risk awareness month are all steps to creating a risk management culture.
“A fraud-aware culture is a key component of an anti-fraud program and can act as a preventive measure for combating fraud in HUD programs. However, due to HUD’s weak fraud risk management program and chief risk officer’s lack of resources, HUD’s anti-fraud culture and tone across program offices did not prioritize anti-fraud activities,” the IG stated. “Further, due to the ad hoc nature of HUD’s fraud risk management program, HUD missed opportunities to reduce losses to fraud by implementing controls, such as creating a supported anti-fraud entity, leveraging fraud data analytics, and introducing fraud-specific training.”
FERA to roll out more broadly
Johnson said the FERA tool, new policy and the focus by the CRO office is making progress to create that culture of risk management.
He said HUD tested out FERA through a string of pilots as a way to improve the process, and now it’s ready to roll out the program more broadly.
“We finally have a support contract in place that will soon to be announced. We have that for five years, and we can get rolling and provide the type of support to programs and for them to be able to do it on an annual basis at will,” he said. “We’ll have each one of the program areas with the risk profile process. We’ll be able to assess the risk exposure as relates to fraud at the program level and then from a department level. We can overlay each one of the programs and develop and understand what we our maturity is across our 16 program offices.”
HUD isn’t the only agency facing challenges in combating fraud. The Justice Department said in October its Fraud Section attorneys have prosecuted more than 192 defendants in more than 121 criminal cases related to CARES Act programs and funds. The Fraud Section has also seized more than $78 million in cash from CARES Act-related fraud schemes, as well as numerous real estate properties and luxury items purchased with such proceeds.
The Pandemic Response Accountability Committee (PRAC) also has been preaching the need for agencies to do more to combat fraud.
GAO to update fraud guidance
Rebecca Shea, GAO’s director of the Forensic Audits and Investigative Service team, said they will soon release an updated anti-fraud resource guide to help agencies be more proactive and change the culture around preventing fraud.
“We will be releasing a new two-page, very visually oriented product that is focused on various fraud topics. They are little premiers. The first one will be on why measuring fraud is hard. Everybody wants a number. But it’s really hard,” she said. “We are doing other fraud topics and you can use that to talk with your management about various fraud topics.”
Shea added GAO also is trying to figure out what is the best way to measure fraud and how that might be used to incentivize fraud risk management and how to develop return on investments type of estimates.
“We also have an effort on going to look at ways we can clarify aspects of our fraud risk framework. There are a lot of leading practices, 38 of them in the framework, and maybe some of them are clearer than others,” Shea said at the AGA event. “We will provide some amplifications and clarifications of some elements. You may have wondered what do we really mean by fraud risk tolerance? Do we tolerate fraud? Nope. We will provide some clarifications on those topics that folks have questions about.”