Require targeted, role-specific training for program office staff and managers in areas where deficiencies were identified, including approvals, segregation of duties, recordkeeping, and delegated authority. This training should reinforce the importance of compliance with internal control requirements and include HUD escalation and enforcement mechanisms.
2026-FO-0002 | December 18, 2025
Audit of the U.S Department of Housing and Urban Development’s Fiscal Years 2025 Financial Statements
Chief Financial Officer
- Status2026-FO-0002-001-DOpenClosed
- Status2026-FO-0002-001-EOpenClosed
Assess and address barriers to timely and adequate responses from program offices during AIR program internal control testing. This assessment should:
a) Identify recurring causes for delayed or incomplete responses from program offices and implement escalation protocols or incentives to ensure timely fulfillment of AIR program requests;
b) Identify and implement efficiencies in the testing process to optimize the time program offices spend on the AIR program, such as streamlining communication, clarifying expectations, finding alternatives to time consuming tasks, and optimizing scheduling;
c) Provide additional guidance, training, or resources to program offices as needed to improve the quality and timeliness of submissions; and
d) Monitor response rates and timeliness, reporting persistent issues to senior leadership for corrective action. - Status2026-FO-0002-001-FOpenClosed
Re-examine and enhance HUD’s process for evaluating the potential financial impact of control deficiencies identified by the AIR program or other sources to ensure that:
a) Assessments of financial impact are initiated promptly upon identification of control deficiencies;
b) The evaluation process is structured to deliver clear, actionable conclusions in sufficient time to inform any necessary adjustments to financial statements prior to the financial report date; and
c) Documentation of the assessment process and results is maintained to support audit requirements and management’s assertions.
- Status2026-FO-0002-001-GOpenClosed
Coordinate with the Principal Deputy Assistance Secretary for each Program Office to:
a) Define governance protocols to include reassessing HUD’s escalation protocols and enforcement mechanisms for repeated or willful noncompliance with documented controls, such as additional oversight, retraining, or disciplinary action as appropriate. Based on the assessment, update those protocols and mechanisms, as warranted.
b) Establish and resource a HUD-wide centralized digital repository for artifacts and key supporting documentation to provide consistent documentation retention and accessibility. Based on this initiative, define governance protocols for repository use, including security, version control, timely review/update requirements, and periodic audits to validate compliance.
2026-OE-0001 | December 18, 2025
HUD FY 2025 Federal Information Security Modernization Act (FISMA) Evaluation Report
Chief Information Officer
- Status2026-OE-0001-001-AOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2026-OE-0001-001-BOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2026-OE-0001-001-COpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2026-OE-0001-001-DOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2026-OE-0001-001-EOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2026-OE-0001-001-FOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2026-OE-0001-001-GOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2026-OE-0001-001-HOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2026-OE-0001-001-IOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2026-OE-0001-001-JOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2026-OE-0001-001-KOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2026-OE-0001-001-LOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2026-OE-0001-001-MOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2025-FW-1001 | September 04, 2025
New York State Can Improve Its Disaster Recovery Procurement Processes
Community Planning and Development
- Status2025-FW-1001-001-AOpenClosed
Issue guidance, including technical assistance, to all disaster recovery grantees that waivers for issues related to a disaster’s impact, like waivers of procurement policies, should be for reasonable and limited time periods after a disaster’s occurrence to ensure full and open competition.
- Status2025-FW-1001-001-BOpenClosed
Require the State to include in its procurement policy a reference to the New York State law which limits a State waiver of policies to 30 days unless renewed and to ensure that it clearly states whether the law affects the Governor’s 2012 waiver. Further, if it does not affect the 2012 waiver, require the State to take action to limit the use of that waiver to ensure full and open competition.
- Status2025-FW-1001-001-COpenClosedClosed on January 07, 2026
Require the State to implement a control, including documenting exceptions, to ensure that all contracts that exceed 5 years are approved by the Corporation.