We audited the U.S. Department of Housing and Urban Development’s (HUD) oversight of its Home Equity Conversion Mortgage (HECM) program and found that contrary to program residency requirements, 37 borrowers did not live in the property associated with the loan and were renting the property to participants in HUD’s Section 8 Housing Choice Voucher program.   Renting the properties to Section 8 program participants violated program...

We audited the U.S. Department of Housing and Urban Development’s (HUD) oversight of its Home Equity Conversion Mortgage (HECM) program and found that 33 borrowers had more than 1 loan under the program.  Having multiple loans violated program requirements because HUD requires borrowers to reside in the mortgaged residence as their principal residence and borrowers may not have more than one principal residence at a time.  We referred...

We reviewed the general and application controls over the Federal Housing Administration’s (FHA) Single Family Insurance System (SFIS) and Single Family Insurance Claims Subsystem (Claims) as part of the internal control assessments required for the fiscal year 2015 financial statement audit under the Chief Financial Officer’s Act of 1990. Our objective was to assess the general and application controls over SFIS and Claims for compliance with...

The Digital Accountability and Transparency Act of 2014 (DATA Act), and implementing guidance provided in the Office of Management and Budget Memorandum M-15-12, is a mandate that Federal agencies must follow to report their financial, budgetary and programmatic information to the USASpending.gov web site.  We have reviewed the U.S. Department of Housing and Urban Development’s (HUD) compliance efforts as of July 15, 2016.  To...

Historically, HUD program managers have not wanted to enforce program requirements. That reluctance increases the risk that program funds will not provide maximum benefits to recipients and allows serious noncompliances to go unchecked. When it was created, the Departmental Enforcement Center had independent enforcement authority, but it lost that authority when it moved from the Deputy Secretary’s office to the Office of General Counsel (OGC...

We reviewed the general and application controls over the Federal Housing Administration’s (FHA) Single Family Insurance System (SFIS) and Single Family Insurance Claims subsystem (Claims) as part of the internal control assessments required for the fiscal year 2015 financial statement audit under the Chief Financial Officer’s Act of 1990.  Our objective was to evaluate the general and application controls over SFIS and Claims for...

The Federal Information Security Modernization Act of 2014 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and...

We reviewed information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of the Office of Inspector General’s audit of HUD’s financial statements for fiscal year 2015 under the Chief Financial Officer’s Act of 1990. The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its...

Office of Evaluation, IT Evaluation Division (iTED) conducted an evaluation of HUD’s IT Modernization program, which included reviews on the implementation and maturity of HUD’s capital planning and investment control (CIPIC) process and Enterprise Architecture (EA) program. With the corroboration of HUD’s Office of Chief Information Officer (OCIO), the report focuses on three major IT programs and policies within the CPIC and EA programs: IT...

The Office of Evaluation performed preliminary research of the HUD Office of the Chief Information Officer’s (OCIO) management of the agency’s reporting of financial and project information on the Federal IT Dashboard (Dashboard).  The objective of the evaluation was to determine if OCIO processes ensured accurate IT investment information was reported on the Dashboard.  We found that project managers did not consistently follow...

We reviewed information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of the Office of Inspector General’s audit of HUD’s financial statements for fiscal year 2014 under the Chief Financial Officer’s Act of 1990. The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its...

The Federal Information Security Management Act of 2002 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and...

Federal organizations have a fundamental responsibility to protect the privacy of individuals and their personally identifiable information (PII) that is collected, used, maintained, shared, and disposed of by agency programs and information systems. The management of U.S. Department of Housing and Urban Development (HUD) programs demands the availability and use of extensive amounts of financial, demographic, and personal information. HUD is...

The Federal Information Security Management Act of 2002 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and...

We have completed a review to determine whether HUD followed proper policies and procedures in responding to a breach of personally identifiable information which occurred on September 21, 2012. Specifically, for this incident, we identified what actions were taken and any deficiencies within HUD policies, plans, or current practices. We determined that HUD responded to the incident properly, following United States Computer Emergency...

We audited the U.S. Department of Housing and Urban Development’s (HUD) management procedures, practices, and controls related to the Recovery Act Management and Reporting System (RAMPS). Our objective was to assess its capability to record and provide data required by the American Recovery and Reinvestment Act of 2009 on which HUD is required to report. Overall, RAMPS had the capability to record Recovery Act data and produce the reports...

We audited the underwriting of a $45.6 million mortgage loan that was acquired by Deutsche Bank Berkshire Mortgage, Inc. (the Lender) to rehabilitate Wingate Towers and Garden Apartments. The audit was performed based on a request from the U.S. Department of Housing and Urban Development’s (HUD) Office of Multifamily Development. The Lender acquired and became responsible for the loan origination activities, personnel, books and records...

We have completed an audit of the U.S. Department of Housing and Urban Development’s (HUD) information security program. We evaluated whether HUD’s Office of the Chief Information Officer (OCIO) had developed security policies, implemented procedures, and continuously monitored its entitywide information system security program. We performed this audit because it is a required component of our fiscal year 2010 consolidated financial statements...

HUD OIG conducted an evaluation of HUD's Departmental Enforcement Center (DEC), specifically, the Compliance Division. We wanted to know whether DEC processed suspension and debarment referrals in a timely manner. We also wanted to identify ways to improve case management for suspensions and debarments. Between October 1, 2006, and December 9, 2009, the Compliance Division received a total of 978 suspension and/or debarment referrals (cases)...