We audited the U.S. Department of Housing and Urban Development’s (HUD) computing environment as part of the internal control assessments required for the fiscal year 2016 financial statement audit under the Chief Financial Officer’s Act of 1990.  Our objective was to assess the effectiveness of the controls over the New Core Interface Solution (NCIS) and PRISM™ and the impact of the implementation of release 3 of phase 1 of the New Core Project on the preparation of HUD’s financial statements.  This audit is the fourth in a series of audits on the New Core Project implementation.

We found that since 2003, HUD had spent more than $131 million on two projects to replace its core financial system.  The latest project, the New Core Project, provided for a transition to a Federal shared service provider.  HUD ended the project and its transition to the Federal shared service provider before completion in April 2016 after spending $96.3 million.  Although the service provider maintained the system of record for HUD fiscal year 2016 funds, the transition did not significantly improve the handling of HUD’s financial management transactions.  Weaknesses identified with the controls over NCIS and PRISM™ contributed to this issue.  This condition occurred because of funding shortfalls as well as HUD’s decisions to (1) separate phase 1 of the project into smaller releases, (2) move forward with the implementation despite having unresolved issues, and (3) terminate the project before its completion.  The resulting system issues and limitations inhibited HUD’s ability to produce reliable, useful, and timely financial information.  A year after the transition, HUD had inaccurate data resulting from the conversions and continued to execute 97 percent of programmatic transactions in its legacy applications.  In addition, HUD did not decommission all of the applications it wanted to, including its core financial system, nor did it achieve the planned cost savings.

We recommend that HUD complete the actions necessary to address the procurement data conversion errors, classify NCIS as mission critical, and include it in HUD’s disaster recovery exercises.  In addition, we recommend that the New Core staff from the Office of the Chief Financial Officer work with the Office of the Chief Information Officer on the projects HUD created to address functionality that was not completed in the New Core implementation.