We audited the U.S. Department of Housing and Urban Development’s (HUD) computing environment as part of the internal control assessments required for the fiscal year 2016 financial statement audit under the Chief Financial Officer’s Act of 1990. Our objective was to assess the effectiveness of the controls over the New Core Interface Solution (NCIS) and PRISM™ and the impact of the implementation of release 3 of phase 1 of the New Core Project on the preparation of HUD’s financial statements. This audit is the fourth in a series of audits on the New Core Project implementation.
We found that since 2003, HUD had spent more than $131 million on two projects to replace its core financial system. The latest project, the New Core Project, provided for a transition to a Federal shared service provider. HUD ended the project and its transition to the Federal shared service provider before completion in April 2016 after spending $96.3 million. Although the service provider maintained the system of record for HUD fiscal year 2016 funds, the transition did not significantly improve the handling of HUD’s financial management transactions. Weaknesses identified with the controls over NCIS and PRISM™ contributed to this issue. This condition occurred because of funding shortfalls as well as HUD’s decisions to (1) separate phase 1 of the project into smaller releases, (2) move forward with the implementation despite having unresolved issues, and (3) terminate the project before its completion. The resulting system issues and limitations inhibited HUD’s ability to produce reliable, useful, and timely financial information. A year after the transition, HUD had inaccurate data resulting from the conversions and continued to execute 97 percent of programmatic transactions in its legacy applications. In addition, HUD did not decommission all of the applications it wanted to, including its core financial system, nor did it achieve the planned cost savings.
We recommend that HUD complete the actions necessary to address the procurement data conversion errors, classify NCIS as mission critical, and include it in HUD’s disaster recovery exercises. In addition, we recommend that the New Core staff from the Office of the Chief Financial Officer work with the Office of the Chief Information Officer on the projects HUD created to address functionality that was not completed in the New Core implementation.
Recommendations
Chief Financial Officer
- Status2017-DP-0001-001-AOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
Closed on Junio 24, 2020The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2017-DP-0001-001-BOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
Closed on Junio 24, 2020The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2017-DP-0001-001-COpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
Closed on Marzo 23, 2018The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2017-DP-0001-001-DOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
Closed on Febrero 08, 2018The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2017-DP-0001-001-EOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
Closed on Marzo 23, 2018The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2017-DP-0001-001-FOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
Closed on Junio 02, 2017The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2017-DP-0001-001-GOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
Closed on Julio 11, 2017The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
Chief Information Officer
- Status2017-DP-0001-001-HOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
Closed on Diciembre 08, 2017The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2017-DP-0001-001-IOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
Closed on Noviembre 29, 2017The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2017-DP-0001-001-JOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
Closed on Diciembre 08, 2017The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2017-DP-0001-001-KOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
Closed on Diciembre 08, 2017The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2017-DP-0001-001-LOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
Closed on Junio 10, 2021The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
Chief Procurement Officer
- Status2017-DP-0001-001-MOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
Closed on Septiembre 21, 2017The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.