Require targeted, role-specific training for program office staff and managers in areas where deficiencies were identified, including approvals, segregation of duties, recordkeeping, and delegated authority. This training should reinforce the importance of compliance with internal control requirements and include HUD escalation and enforcement mechanisms.

Assess and address barriers to timely and adequate responses from program offices during AIR program internal control testing. This assessment should:
a) Identify recurring causes for delayed or incomplete responses from program offices and implement escalation protocols or incentives to ensure timely fulfillment of AIR program requests;
b) Identify and implement efficiencies in the testing process to optimize the time program offices spend on the AIR program, such as streamlining communication, clarifying expectations, finding alternatives to time consuming tasks, and optimizing scheduling;
c) Provide additional guidance, training, or resources to program offices as needed to improve the quality and timeliness of submissions; and
d) Monitor response rates and timeliness, reporting persistent issues to senior leadership for corrective action.

Re-examine and enhance HUD’s process for evaluating the potential financial impact of control deficiencies identified by the AIR program or other sources to ensure that:
a) Assessments of financial impact are initiated promptly upon identification of control deficiencies;
b) The evaluation process is structured to deliver clear, actionable conclusions in sufficient time to inform any necessary adjustments to financial statements prior to the financial report date; and
c) Documentation of the assessment process and results is maintained to support audit requirements and management’s assertions.
 

Coordinate with the Principal Deputy Assistance Secretary for each Program Office to:
a) Define governance protocols to include reassessing HUD’s escalation protocols and enforcement mechanisms for repeated or willful noncompliance with documented controls, such as additional oversight, retraining, or disciplinary action as appropriate. Based on the assessment, update those protocols and mechanisms, as warranted.
b) Establish and resource a HUD-wide centralized digital repository for artifacts and key supporting documentation to provide consistent documentation retention and accessibility. Based on this initiative, define governance protocols for repository use, including security, version control, timely review/update requirements, and periodic audits to validate compliance.
 

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
 

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
 

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Issue guidance, including technical assistance, to all disaster recovery grantees that waivers for issues related to a disaster’s impact, like waivers of procurement policies, should be for reasonable and limited time periods after a disaster’s occurrence to ensure full and open competition.
 

Require the State to include in its procurement policy a reference to the New York State law which limits a State waiver of policies to 30 days unless renewed and to ensure that it clearly states whether the law affects the Governor’s 2012 waiver. Further, if it does not affect the 2012 waiver, require the State to take action to limit the use of that waiver to ensure full and open competition.
 

Require the State to implement a control, including documenting exceptions, to ensure that all contracts that exceed 5 years are approved by the Corporation.