We audited the City and County of Honolulu’s Department of Budget and Fiscal Services’ and Department of Community Services’ (City) fraud risk management practices for its Emergency Solutions Grants Coronavirus Aid, Relief, and Economic Security Act (ESG CARES Act) program with the objective of assessing the maturity of the City’s fraud risk management framework that encompasses control activities to prevent, detect, and respond to fraud.…

We audited the California Department of Housing and Community Development (HCD) with the objective of evaluating HCD’s fraud risk management practices for its Emergency Solutions Grants Coronavirus Aid, Relief, and Economic Security Act (ESG CARES Act) program and assessing the maturity of its efforts to prevent, detect, and respond to fraud.  Fraudulent activity in the ESG CARES Act program can lead to significant financial losses,…

This report was issued from a developing series of six reports taking an in-depth look at how six communities used the pandemic funding they received to address a wide range of needs. This report focused on Coeur d’Alene, Idaho, with a detailed look at eight of the 45 pandemic programs that provided funding to the community. This report was led by the Pandemic Relief Accountability Committee (PRAC) in coordination with HUD OIG as a project…

HUD did not comply with PIIA because it did not report improper and unknown payment estimates for the Office of Public and Indian Housing’s Tenant-Based Rental Assistance (PIH-TBRA) program and the Office of Multifamily Housing Programs’ Project-Based Rental Assistance (PBRA) program, HUD’s largest rental assistance programs.  This noncompliance is significant because this is the seventh consecutive year in which HUD has been unable to…

The U.S. Department of Housing and Urban Development’s (HUD) Office of the Chief Human Capital Officer (OCHCO) and the Office of Departmental Equal Employment Opportunity (ODEEO) both have responsibilities related to increasing the percentage of employees who identify as Hispanic or Latino.  HUD provides an Annual Equal Employment Opportunity Program Status Report, also known as the Annual Management Directive 715 Report (MD-715), to the U…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the…

Retention is a shared responsibility between the U.S. Department of Housing and Urban Development’s (HUD) Office of the Chief Human Capital Officer (OCHCO) and HUD’s other program offices.  OCHCO sets the departmentwide retention strategy, while the program offices have responsibility for managing retention within their offices.  Our evaluation determined that HUD’s departmentwide retention strategy in fiscal years (FY) 2019-2022…

We have completed our fiscal year (FY) 2023 Federal Information Security Modernization Act of 2014 (FISMA) penetration test and vulnerability assessment.  The objective of this evaluation was to test and verify the technical implementation of a limited set of security controls on judgmentally selected U.S. Department of Housing and Urban Development (HUD) information systems and applications.HUD demonstrated successes in securely…

We contracted with the independent public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the financial statements of HUD as of and for the fiscal years ended September 30, 2023 and 2022, and to provide reports on HUD’s (1) internal control over financial reporting and (2) compliance with laws, regulations, contracts, and grant agreements and other matters, including whether financial management systems complied substantially with the…

We contracted with the independent public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the financial statements of Ginnie Mae as of and for the fiscal years ended September 30, 2023 and 2022, and to provide reports on Ginnie Mae’s (1) internal control over financial reporting and (2) compliance with laws, regulations, contracts, and grant agreements and other matters.  Our contract with CLA required that the audit be performed…

We contracted with the independent public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the financial statements of FHA as of and for the fiscal years ended September 30, 2023 and 2022, and to provide reports on FHA’s (1) internal control over financial reporting and (2) compliance with laws, regulations, contracts, and grant agreements and other matters.  Our contract with CLA required that the audit be performed in accordance…

We performed an audit examining HUD’s efforts to prevent duplication of benefits when using Community Development Block Grant (CDBG) Disaster Recovery and Mitigation funds.  Our objective was to determine how the U.S. Department of Housing and Urban Development (HUD) assesses the adequacy of grantee procedures to prevent a duplication of benefits, both before and after grant execution. HUD certified grantees’ high-level processes for…

We audited the U.S. Department of Housing and Urban Development (HUD), Office of Native American Programs’ (ONAP) coronavirus disease of 2019 (COVID-19) recovery programs.  We performed this audit to provide HUD with insight and a nationwide perspective on the challenges that grantees experienced with those programs.  Our audit objectives were to identify 1) the information, guidance, and training HUD provided to the grantees for the…

We audited the U.S. Department of Housing and Urban Development’s (HUD) Real Estate Assessment Center’s inspection process.  The audit objectives were to determine whether the Center (1) ensured that public housing properties were inspected within required timeframes before the coronavirus disease 2019 (COVID-19) pandemic; (2) could improve its Big Inspection Plan for inspecting high-priority non-National Standards for the Physical…

The Office of Evaluation began preliminary research related to the Program Management Improvement Accountability Act (PMIAA) of 2016.  The objective was to determine how HUD has implemented and complied with the requirements of PMIAA.  After completing informational interviews with HUD officials and reviewing related documentation, we have determined that a full evaluation is premature at this time because HUD is still implementing…

The Office of Community Planning and Development (CPD) traditionally uses onsite monitoring to monitor its grantees.  However, in response to the coronavirus disease 2019 pandemic, CPD shifted to 100 percent remote monitoring.  Monitoring was momentarily paused in fiscal year (FY) 2020 and was reinstituted remotely in FY 2021. To support its remote monitoring approach, CPD launched the Grantee Document Exchange (GDX), an externally…

We conducted this evaluation to assess the maturity of HUD’s Robotic process automation (RPA) activities and determine whether HUD had implemented related controls to address technology and program management risks.  RPA is a software technology used to emulate human actions on a computer.  RPA software programs, referred to as “bots,” can complete repetitive tasks quickly and consistently, freeing up employees to work on other,…

We conducted an attestation review of the U.S. Department of Housing and Urban Development’s drug control accounting for the fiscal year ended September 30, 2022.  We performed this review pursuant to section 705(d) of Public Law 105-277, which requires National Drug Control Program agencies to submit to the Director of ONDCP a detailed accounting of all funds spent by the agencies for National Drug Control Program activities during the…

We audited the U.S. Department of Housing and Urban Development’s (HUD) information technology (IT) infrastructure to support mandatory telework. During mandatory telework, more employees simultaneously needed remote access to HUD’s network and agency resources for an extended period, which presented unique risks and security requirements. While HUD is no longer operating under mandatory telework, understanding the challenges it faced is key to…

The Federal Information Security Modernization Act of 2014 (FISMA) requires all Federal agencies to conduct independent penetration tests and vulnerability assessments on a sampling of information systems annually.  In conjunction with our fiscal year 2022 FISMA evaluation (2022-OE-0001), we conducted a targeted penetration test and vulnerability assessment of sample systems that resulted in a Topic Brief.  The objective of this…