Perform routine VPN stress tests as part of its contingency planning and testing processes to regularly identify and remediate network performance issues and ensure that network capabilities are sufficient for teleworking.

Research, evaluate, and implement technical solutions to resolve the user account management issues and the underlying issue in the technical environment.

Assess its help desk system against other technical solutions and ensure that the help desk solution used captures complete data on technical support requests. This measure includes but is not limited to ensuring that sequence gaps are properly documented or do not occur, valid transactions are accepted by the help desk system, rejected transactions are identified, and the history of each transaction is retained.

Establish change management and periodic reviews of control activities to ensure regulatory changes, such as Fiscal Service updates to the USSGL, are identified, analyzed, and assessed for potential needed changes to FHA’s established processes.

Establish and ensure appropriate and effective communication protocols between OFAR, FHA, and HUD’s Office of Budget to ensure (1) funding type is clearly indicated within the SF 132 and clear communications are made in differentiating between definite and indefinite borrowing authority, (2) legislative changes in FHA’s borrowing authority are vetted with OMB to ensure appropriate treatment, and (3) – draft SF-133s are reviewed and vetted with HUD and FHA’s budget officers prior to OFAR’s finalization with Treasury and OMB.

Establish internal control procedures around the borrowings process to include verifying sufficient borrowing authority exists within the SF 132, prior to executing the borrowing request. Such verification should also be included as part of the borrowing review and approval controls.

Receive a final opinion from HUD’s Office of the Chief Financial Officer’s Appropriation Law Division on whether FHA was in violation of the Antideficiency Act.

Implement procedures to enhance the review of all journal entries recorded in the general ledger by requiring a two-level review that includes the review of source documents for the journal entry (for example, the OMB approved SF 132).

Strengthen controls over the preparation of the SF 132 to the SF 133 reconciliation by preparing such reconciliations (1) first, with the unadjusted trial balance and later, with the adjusted trial balance and (2) at the fund level, with detailed documentation of differences, and with sufficient detailed explanations that describe the general ledger impact of the differences.

Perform a thorough review of the SF 132 to SF 133 reconciliations and work with Financial Analysis and Controls Division and other divisions and groups to resolve material reconciling items timely.

Coordinate with the Deputy Assistant Secretary for Single Family Housing and HUD’s Office of the Chief Procurement Office (OCPO) in developing effective communication channels between FHA’s NSC and OFAR, and in developing effective monitoring controls to ensure the timely identification and remediation of issues, such as unprocessed documentation and inaccurate records, which may impact the balances reported within FHA’s financial statements.

Develop effective detective controls to ensure HECM loan receivables are accurate and complete, exist, and FHA appropriately holds or controls the rights to any collateral property in connection with the receivable.

Develop and implement procedures to review the reasonableness of the amounts included in the Missing Documents Report before recording the reclassification entry. Include steps to be followed if the amounts in the report do not appear reasonable.

Coordinate with the NSC to take all the actions necessary required by HUD Handbook 4000.1 to ensure that FHA’s interests are protected with respect to the partial claims for which FHA has not received the original promissory note and recorded mortgage.

Coordinate with the NSC to conduct a detailed review of the HECM assigned notes portfolio to identify and record all default events that have occurred to date and initiate collection proceedings in accordance with the applicable HUD Handbooks.

Coordinate with the NSC and the OCPO to determine whether the information technology system could be enhanced to track the annual payment of state property taxes for the HECM portfolio.

HUD OCIO should implement procedures to ensure that information in cybersecurity risk registers is obtained accurately, consistently, and in a reproducible format and is used to a. quantify and aggregate security risks, b. normalize cybersecurity risk information across organizational units, and c. prioritize operational risk response (derived from metric 5).

HUD OCIO and the HUD Chief Risk Officer should coordinate to implement procedures to monitor the effectiveness of cybersecurity risk responses to ensure that risk tolerances are maintained at an appropriate level (derived from metric 5).

HUD OCIO and the Office of Administration should implement procedures to ensure proper validation of media sanitization in accordance with HUD Media Protection Procedures 2.0 (February 2022) and form HUD 1067A, Certification of Sanitization (derived from metric 36).

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.