We reviewed the U.S. Department of Housing and Urban Development’s (HUD) information technology (IT) modernization roadmap.  A significant number of HUD’s mission-essential applications have not been modernized, which presents multiple sources of risk.  These applications are hosted on legacy information systems and mainframe platforms, which are operationally inefficient, increasingly difficult to secure, and costly to maintain. …

We audited information systems controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment as part of the internal control assessments for the fiscal year 2019 financial statements audit under the Chief Financial Officer’s Act of 1990. Our objective was to assess general controls over HUD’s computing environment for compliance with HUD information technology policies and Federal information system…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to…

We audited the U.S. Department of Housing and Urban Development’s (HUD) implementation of the prevailing wage provisions of the Davis-Bacon Act for its Federal Housing Administration (FHA)-insured multifamily construction projects.  We conducted the audit because we received an anonymous complaint alleging that HUD did not implement correct wage determinations for a $33 million multifamily construction project located in Oxnard, CA. …

We audited the U.S. Department of Housing and Urban Development’s (HUD) Office of Policy Development and Research’s implementation of the responsibilities stated in the Geospatial Data Act of 2018 (The Act).  We performed this review in response to a congressional mandate that HUD’s geospatial data be audited at least once every 2 years.  The Act requires that we audit HUD’s collection, production, acquisition, maintenance,…

We audited selected controls of U.S. Department of Housing and Urban Development’s New Core Interface Solution application as part of the internal control assessments for the fiscal year 2019 financial statement audit.  Our objective was to review the controls for compliance with Federal information system security and financial management requirements. The OIG has determined that the contents of this audit report would not be…

This memorandum report summarizes survey and interview results on the impact mandatory telework is having on U.S. Housing and Urban Development’s (HUD) operations. The HUD Office of Inspector General (OIG) conducted surveys and interviews to evaluate HUD’s use of agency-wide telework in response to the novel coronavirus disease of 2019 (COVID-19) pandemic. The study was designed to provide insights into the types of obstacles that…

This topic brief summarized the current status of all information technology (IT) and privacy program recommendations issued to the U.S. Department of Housing and Urban Development (HUD) by the Office of Inspector General’s Office of Evaluation, Information Technology Evaluations Division (iTED) from Fiscal Year (FY) 2014 through 2019.  The report breaks down numbers of recommendations by functional areas and analyzes the progress made…

We completed a risk assessment of the U.S. Department of Housing and Urban Development’s (HUD) grant closeout process as required by the Grants Oversight and New Efficiency (GONE) Act of 2016, Public Law 114-117.  Our objective was to determine whether an audit or review of HUD’s grant closeout process was warranted.  We found that a moderate risk was associated with HUD’s grant closeout process and recommend that a full audit be…

We audited information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of our audit of HUD’s financial statements for fiscal year 2017 under the Chief Financial Officer’s Act of 1990.  Our objective was to assess general controls over HUD’s computing environment for compliance with HUD information technology policies and Federal information…

We audited general and application controls over selected Federal Housing Administration (FHA) information systems and the credit reform estimation and reestimation process as part of the internal control assessments required for the fiscal year 2017 financial statement audit under the Chief Financial Officer’s Act of 1990.  Our objective was to review the controls for compliance with U.S. Department of Housing and Urban Development (…

This briefing paper highlights challenges the Department of Housing and Urban Development (HUD) faces in managing and improving its Information Technology (IT) program.  This document analyzed past HUD OIG and GAO IT related reports and recommendations to highlight key management challenges in HUD’s IT program. We are highlighting these challenges so HUD leadership is aware of and can be better prepared to address them. The OIG has…

HUD has a contract with Leidos Innovations Corporation for E-Discovery services using the E-Discovery Management System.  The process for collecting electronically stored information (ESI) and delivering it to customers has two major subprocesses: (1) an initial ESI collection and (2) a keyword search to refine the initial collection results.  OGC’s and Leidos’ collection of ESI does not meet customer demand because processing ESI…

In accordance with the statutory requirements of the Digital Accountability and Transparency Act of 2014 (DATA Act) and standards established by the Office of Management and Budget (OMB), we audited the U.S. Department of Housing and Urban Development’s (HUD) Office of the Chief Financial Officer’s (OCFO) compliance with the DATA Act for the second quarter of fiscal year 2017. In the DATA Act Compliance Audit of the U.S. Department of…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to…

Very low REAC scores are not prevalent across ORCF’s portfolio.  The majority of RCFs that received a REAC score scored at least 80 on their last inspection, and more than three quarters scored at least 60.  Despite the small percentage of RCFs that scored below 31, we noticed an overall decline in REAC inspection scores across ORCF’s portfolio from 2000 to 2016. REAC has adopted an inspection process that applies uniformly to all…

We reviewed the controls put into place by the U.S. Department of Housing and Urban Development (HUD) to secure its publicly accessible business applications and services.  The objectives were to evaluate HUD’s ability to identify, assess, and resolve security vulnerabilities in its publicly accessible web applications and review the effectiveness of key HUD processes to manage and secure its web applications.  The OIG has determined…

We received a referral from the Quality Assurance Division of the U.S. Department of Housing and Urban Development’s (HUD) Philadelphia Homeownership Center concerning a borrower who allegedly made false statements to obtain Federal Housing Administration (FHA) mortgage insurance.  The borrower provided false and conflicting employment and income information, which was used in originating and obtaining an FHA loan.  Further, the…

The Digital Accountability and Transparency Act of 2014 (DATA Act) and implementation guidance provided in the Office of Management and Budget Memorandum M-15-12 mandates that Federal agencies must report their financial, budgetary and programmatic information to the USASpending.gov web site by the statutory May 2017 deadline. In our second of two Data Act Readiness Reviews, OIG reviewed the U.S. Department of Housing and Urban…

We reviewed the general and application controls over the Federal Housing Administration’s (FHA) Single Family Premiums Collection Subsystem – Periodic (SFPCS-P) and Single Family Acquired Asset Management System (SAMS) as part of the internal control assessments required for the fiscal year 2016 financial statement audit under the Chief Financial Officer’s Act of 1990.  Our objective was to review the general and application controls…