The OIG evaluated the U.S. Department of Housing and Urban Development’s (HUD) progress in applying zero trust security principles to protect personally identifiable information (PII).  HUD maintained a significant number of records that contain PII with limited zero trust controls in place to secure these data.  In FY 2022, HUD established a zero trust implementation plan to help the agency address the five zero trust pillars…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the…

We audited HUD and its grantees’ monitoring of subrecipients and contractors in HUD’s Emergency Solutions Grants Coronavirus Aid, Relief, and Economic Security Act (ESG-CV) program to assess subrecipient monitoring in the program.  ESG and ESG-CV grantees often rely on subrecipients and contractors to carry out ESG-CV-funded activities on behalf of the grantees, and are required to monitor subrecipients to ensure that the purpose of…

We audited the U.S. Department of Housing and Urban Development (HUD), Office of Native American Programs’ (ONAP) coronavirus disease of 2019 (COVID-19) recovery programs.  We performed this audit to provide HUD with insight and a nationwide perspective on the challenges that grantees experienced with those programs.  Our audit objectives were to identify 1) the information, guidance, and training HUD provided to the grantees for the…

We audited the U.S. Department of Housing and Urban Development (HUD), Office of Native American Programs’ (ONAP) Coronavirus Aid, Relief, and Economic Security (CARES) Act and American Rescue Plan (ARP) Act to identify drawdown levels for its block grant programs and assessed information ONAP made publicly available. As of October 4, 2022, grantees had drawn $231.6 million of the $300 million in CARES Act block grant funds and $135.8 million…

We audited the U.S. Department of Housing and Urban Development’s (HUD) fraud risk management program at the enterprise and program-office levels and assessed its overall maturity.  Our objective was to determine HUD’s progress in implementing a fraud risk management framework at the enterprise and program-office levels that encompasses control activities to prevent, detect, and respond to fraud. The Antifraud Playbook established by the…

We performed a review of the U.S. Department of Housing and Urban Development’s (HUD) monitoring and tracking of Continuum of Care (CoC) grantees that have been slow to spend their grant funds.  Our objectives were to determine whether HUD was effectively tracking and monitoring CoC grant spending and to determine the impact of COVID-19 on CoC grantee spending.HUD generally tracked and monitored its grantees; however, it did not prioritize…

We audited the U.S. Department of Housing and Urban Development (HUD), Office of Native American Programs’ sale of defaulted loan notes and real estate-owned (REO) properties on tribal trust and other restricted lands. We performed this audit as a result of congressional interest in the Section 184 program and work performed during prior HUD, Office of Inspector General, audits. The objective of our audit was to determine whether HUD…

We audited the U.S. Department of Housing and Urban Development’s (HUD) efforts to meet the Geospatial Data Act of 2018 (the Act).Our audit objective was to determine whether HUD met the 13 responsibilities stated in the Act with regard to its collection, production, acquisition, maintenance, distribution, use, and preservation of geospatial data.  The Act also generally requires covered agencies provide access to geospatial data and…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…