The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the…

We audited HUD and its grantees’ monitoring of subrecipients and contractors in HUD’s Emergency Solutions Grants Coronavirus Aid, Relief, and Economic Security Act (ESG-CV) program to assess subrecipient monitoring in the program.  ESG and ESG-CV grantees often rely on subrecipients and contractors to carry out ESG-CV-funded activities on behalf of the grantees, and are required to monitor subrecipients to ensure that the purpose of…

We performed a review of the U.S. Department of Housing and Urban Development’s (HUD) monitoring and tracking of Continuum of Care (CoC) grantees that have been slow to spend their grant funds.  Our objectives were to determine whether HUD was effectively tracking and monitoring CoC grant spending and to determine the impact of COVID-19 on CoC grantee spending.HUD generally tracked and monitored its grantees; however, it did not prioritize…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

We audited the U.S. Department of Housing and Urban Development’s (HUD) Community Development Block Grant Coronavirus Aid, Relief, and Economic Security (CARES) Act program.Our audit objective was to determine what challenges grantees faced in using program funds for activities that prepare for, prevent, or respond to the coronavirus and its impact.  We used a survey questionnaire to gather feedback and insight directly from 1,047 program…

We reviewed the U.S. Department of Housing and Urban Development’s (HUD) information technology (IT) modernization roadmap.  A significant number of HUD’s mission-essential applications have not been modernized, which presents multiple sources of risk.  These applications are hosted on legacy information systems and mainframe platforms, which are operationally inefficient, increasingly difficult to secure, and costly to maintain.…

We audited information systems controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment as part of the internal control assessments for the fiscal year 2019 financial statements audit under the Chief Financial Officer’s Act of 1990. Our objective was to assess general controls over HUD’s computing environment for compliance with HUD information technology policies and Federal information system security…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

We conducted this limited review to identify the U.S. Department of Housing and Urban Development’s (HUD) Coronavirus Aid, Relief, and Economic Security Act (CARES Act) drawdown levels for the initial round of Emergency Solutions Grants (ESG) funding.  In addition, we researched information published by grantees on how they have used and will use their funds.  Our objective was to highlight the grantees’ (1) drawdown levels for…

We audited selected controls of U.S. Department of Housing and Urban Development’s New Core Interface Solution application as part of the internal control assessments for the fiscal year 2019 financial statement audit.  Our objective was to review the controls for compliance with Federal information system security and financial management requirements. The OIG has determined that the contents of this audit report would not be appropriate…

This memorandum report summarizes survey and interview results on the impact mandatory telework is having on U.S. Housing and Urban Development’s (HUD) operations. The HUD Office of Inspector General (OIG) conducted surveys and interviews to evaluate HUD’s use of agency-wide telework in response to the novel coronavirus disease of 2019 (COVID-19) pandemic. The study was designed to provide insights into the types of obstacles that impeded HUD…

We reviewed the U.S. Department of Housing and Urban Development’s (HUD) Continuum of Care Program (CoC) award review process based on an anonymous hotline complaint alleging problems with the CoC competitive award process.  The objective of our review was to determine whether HUD performed its CoC competitive review and award process in accordance with NOFA program requirements, focusing on ranking and scoring CoC projects.…

This topic brief summarized the current status of all information technology (IT) and privacy program recommendations issued to the U.S. Department of Housing and Urban Development (HUD) by the Office of Inspector General’s Office of Evaluation, Information Technology Evaluations Division (iTED) from Fiscal Year (FY) 2014 through 2019.  The report breaks down numbers of recommendations by functional areas and analyzes the progress…

We initiated our audit in accordance with our strategic goal to provide the U.S. Department of Housing and Urban Development (HUD) with services and products to address vulnerabilities, to provide opportunities for improvements, and to recognize positive outcomes.  The audit objective was to determine whether the HUD Office of Community Planning and Development (CPD) monitored and ensured that its Disaster Relief Appropriations Act, 2013,…

We conducted an attestation review of the U.S. Department of Housing and Urban Development (HUD), Office of Special Needs Assistance Continuum of Care, regarding drug control accounting and associated management assertions for fiscal year 2018.  As required by Federal statute 21 U.S.C. 1704(d), we reviewed HUD’s Report on Drug Control Accounting, including its written assertions.  Our responsibility is to express a conclusion on the…

We audited the U.S. Department of Housing and Urban Development’s (HUD) oversight of its Community Compass Technical Assistance and Capacity Building (Community Compass) program.  We conducted the audit because we received a complaint alleging that HUD did not ensure that the program operated in compliance with applicable requirements and we had not audited the program.  Our audit objective was to determine whether HUD had adequate…

We audited HUD’s oversight of Community Development Block Grant (CDBG) funds used for Section 108 repayments.  This audit was part of our annual audit plan.  The objective of this audit was to determine whether HUD effectively monitored the use of CDBG funds in repaying Section 108 loans and whether it was feasible to enact a threshold or maximum amount of CDBG funds that grantees may use to repay loans. HUD’s oversight of the use of…

We audited the U.S. Department of Housing and Urban Development’s (HUD) Community Compass and Technical Assistance and Capacity Building program due to a complaint specific to the Continuum of Care (CoC) and homeless portion of the program.  The complaint alleged that the Office of Special Needs Assistance Programs had been steering technical assistance notice of funding availability applicants toward coordinating or subcontracting with a…

As part of our annual risk and internal planning process, we audited the U.S. Department of Housing and Urban Development (HUD), Office of Block Grant Assistance’s (OBGA) Community Development Block Grant (CDBG) Disaster Recovery program.  Our analysis noted that Congress had historically provided disaster funding through supplemental appropriations, yet OBGA had not created a formal codified program.  Instead, it had issued multiple…

We audited the U.S. Department of Housing and Urban Development (HUD), Office of Community Planning and Development’s (CPD) risk assessment and monitoring of its grantees.  We initiated this assignment due to significant findings previously reported, which showed that CPD did not have effective risk assessment or monitoring of the State Community Development Block Grant program at either the field office or national level. …