We audited the U.S. Department of Housing and Urban Development’s (HUD) plans and procedures for data conversion and system interfaces for the implementation of the HUD Integrated Core Financial System (ICFS). We conducted this audit as a component of the testing of general and technical controls for information systems in connection with the annual audit of HUD’s consolidated financial statements. HUD’s effort to modernize its financial management system is called the HUD Integrated Financial Management Improvement Project (HIFMIP).

We audited the U.S. Department of Housing and Urban Development’s (HUD)’s plans and procedures for data conversion of the HUD Integrated Core Financial System (ICFS). Our audit objective was to review HUD’s readiness to fully implement ICFS and determine whether HUD had properly managed the payments related to data conversion activities. We determined that OCFO incorrectly paid the Integrated Financial Management Improvement Project contractor for tasks that were not completed.

We have completed a review to determine whether HUD followed proper policies and procedures in responding to a breach of personally identifiable information which occurred on September 21, 2012. Specifically, for this incident, we identified what actions were taken and any deficiencies within HUD policies, plans, or current practices. We determined that HUD responded to the incident properly, following United States Computer Emergency Readiness Team (US-CERT), National Institute of Standards and Technology, and HUD policy and other Federal requirements.

We reviewed general and application controls for selected information systems to assess management controls over the U.S. Department of Housing and Urban Development's (HUD) computing environments as part of the Office of Inspector General's (OIG) audit of HUD's financial statements for fiscal year 2007 under the Chief Financial Officer's Act of 1990.

In this report, we provide additional details to supplement our Report on the U.S. Department of Housing and Urban Development's (HUD) Fiscal Years 20010 and 2009 Financial Statements, which is included in HUD's Fiscal Year 2010 Agency Financial Report.

We have completed an audit of the U.S. Department of Housing and Urban Development’s (HUD) information security program. We evaluated whether HUD’s Office of the Chief Information Officer (OCIO) had developed security policies, implemented procedures, and continuously monitored its entitywide information system security program.

We conducted an annual limited scope review of the U.S. Department of Housing and Urban Development's (HUD) compliance with Presidential Executive Order (EO) 13520, Reducing Improper Payments. HUD was in general compliance with EO 13520 annual reporting requirements. We concluded that HUD's ongoing efforts in mitigating the risks of improper payments in the rental housing assistance programs were progressing in a positive direction. However, we noted some areas in which HUD could make enhancements related to disclosure and procedural issues.

This report presents the results Clifton Gunderson's (CG) audit of the fiscal year 2010 and 2009 financial statements of the Federal Housing Administration (FHA). The report on FHA's financial statements, dated November 3, 2010 includes an unqualified opinion on FHA's financial statements. The report contains two significant deficiencies in FHA's internal controls and one reportable instance of noncompliance with laws and regulations. The report contains eight new recommendations.

We audited the U.S. Department of Housing and Urban Development's ability to comply with the requirements of Office of Management and Budget (OMB) Circular A-127, which was revised in January 2009 and became effective on October 1, 2009. We conducted the audit as a component of the audit of HUD's consolidated financial statements for fiscal year 2010 under the Chief Financial Officer's Act of 1990. We found that HUD did not fully comply with the requirements of OMB Circular A-127.