Instruct the State to conduct monitoring reviews of its CDBG-DR HIM activities and subrecipients that satisfy monitoring requirements.

Work with the State to develop and implement policies and procedures to ensure that monitoring is conducted remotely in the event that it cannot be conducted onsite.

Instruct the State to update and implement policies and procedures to ensure that the results of the CDBG-DR internal audits are shared by the State’s Commissioner with CDBG-DR program staff to allow for the resolution of any findings and required corrective actions.

Monitor the State’s CDBG-DR program to ensure that performance expectations are achieved.

Complete and update the system security plans for GMP and DRGR and issue an SSN justification memorandum.

Identify and provide additional role-based training, guidance, and instructions to CPD employees on how to appropriately handle and safeguard PII encountered during monitoring.

Reinforce the use and admissibility of photographs and videos for evidence collection while remote monitoring.

Identify strategic opportunities to use remote monitoring early in the FY to maximize its responsibility to oversee and monitor its grantees and then use remote monitoring when those opportunities arise.

We recommend that the Director of CPD’s Office of Disaster Recovery review the one grantee with a grant totaling $666,666 that did not meet the overall LMI requirement and address the noncompliance.

We recommend that the Director of CPD’s Office of Disaster Recovery update DRGR’s QPR to include information on the progress towards compliance with the overall LMI benefit based on the total amount of the grant.

We recommend that the Director of CPD’s Office of Disaster Recovery adopt LMI benchmarking to ensure that grantees budget adequate funds to LMI at significant milestones in the grant lifecycle.

We recommend that the Director of CPD’s Office of Disaster Recovery make changes to the action plan process so that the action plan calculates an overall LMI percentage.

Identify short- and long-term plans for the RPA program that align its capabilities, staffing needs, funding projections, and mission needs.

Implement procedures to capture and monitor centralized logs to maintain appropriate visibility into bot activities and provide for auditability of bot actions.

Implement procedures to periodically review RPA system access and remove access for users that are not authorized or no longer have a need to use the system.

Implement procedures to ensure that attended bots use the security rights and credentials of the attending user.

Research, evaluate, and implement technical or alternative solutions to deploy essential computer software updates using appropriate secure methods to ensure that computer security updates occur in a timely manner to minimize risk to HUD’s systems and operations

Research, evaluate, and implement technical solutions to provide additional improvements to VPN and related remote working capabilities of HUD system users.

Perform routine VPN stress tests as part of its contingency planning and testing processes to regularly identify and remediate network performance issues and ensure that network capabilities are sufficient for teleworking.

Research, evaluate, and implement technical solutions to resolve the user account management issues and the underlying issue in the technical environment.