Develop written procedures on how to review PR 29 report submissions and monitor resubmissions, late submissions, and nonsubmissions.
2024-FO-0004 | February 09, 2024
Financial Information Collected from CDBG Grantees Needs Improvement
Community Planning and Development
- Status2024-FO-0004-001-EOpenClosed
- Status2024-FO-0004-001-DOpenClosed
Update the CPD Monitoring Handbook to incorporate the review of the PR 29 report when performing financial monitoring reviews.
- Status2024-FO-0004-001-BOpenClosedClosed on February 09, 2024
Determine whether the funds that were drawn in error need to be repaid to HUD and whether other remediation actions are appropriate.
- Status2024-FO-0004-001-AOpenClosed
Develop comprehensive guidance and training for grantees on how to prepare the PR 29 report to ensure that the information collected is reliable, accurate, timely, and in compliance with the Uniform Administrative Guidance for Grants and Cooperative Agreements, specifically 2 CFR 200.302(a)(b) and 2 CFR 200.303
- Status2024-FO-0004-001-FOpenClosed
Evaluate and update IDIS to ensure that resubmissions of PR 29 reports are tracked and prior submissions are preserved and correct the system’s misclassification of unsubmitted and uncertified draft PR 29 reports as submitted.
- Status2024-FO-0004-002-COpenClosed
Work with OCFO to ensure that CPD collects and reports to OCFO all of the information needed to properly account for all CPD activities in HUD’s financial statements in accordance with Federal financial reporting requirements and accounting standards.
- Status2024-FO-0004-002-DOpenClosed
Update Line 4 - Cash (grant funds) disbursed during the reporting period in the PR 29 report to allow grantees to report all CDBG grant funds disbursed, including funds that have not yet been drawn down from HUD for reimbursement.
- Status2024-FO-0004-002-BOpenClosed
Develop guidance that encourages grantees to draw down funds for reimbursement on a regular schedule, not less than quarterly.
- Status2024-FO-0004-002-AOpenClosed
Determine how often grantees’ requests for reimbursement contain cost outside the quarter and in coordination with OCFO, evaluate CPD’s grant accrual methodology and assumptions to ensure that it adequately considers the impact of these late cost reimbursements.
- Status2024-FO-0004-003-AOpenClosed
Obtain the required approvals under PRA for the PR 29 report.
2023-OE-0001 | January 29, 2024
HUD FY 2023 Federal Information Security Modernization Act (FISMA) Evaluation Report
Office of Administration
- Status2023-OE-0001-20OpenClosed
HUD’s Office of Administration, in coordination with OCIO, should update and communicate its PII minimization plan. The plan should include detailed procedures to regularly review and remove unnecessary PII collections in accordance with OMB Circular A-130 (IG FISMA metric 35).
Chief Financial Officer
- Status2023-OE-0001-08OpenClosed
HUD’s Office of the Chief Financial Officer (OCFO), in coordination with other appropriate program offices, should define and implement a risk-based process to assess and document IT risk management personnel resourcing needs and that those personnel are allocated effectively to support HUD’s risk management program (IG FISMA metric 7).
- Status2023-OE-0001-09OpenClosed
HUD OCFO, in coordination with other appropriate program offices, should define and implement a process to document and allocate non-personnel risk management resources in a risk-based manner, to include but not limited to funding, processes, and technology (IG FISMA metric 7).
Chief Information Officer
- Status2023-OE-0001-01OpenClosed
HUD OCIO should implement a process to consistently update and maintain its inventory of hardware assets and ensure that the inventory is consistent with the automated discovery scans used to perform vulnerability, configurations, and continuous diagnostics and mitigation scans and use this inventory to consistently remove unauthorized hardware assets from the HUD network (IG FISMA metrics 2, 20, and 21).
- Status2023-OE-0001-02OpenClosedClosed on August 26, 2024
HUD OCIO should report at least 80 percent of its government-furnished equipment through the DHS CDM program (IG FISMA metric 2).
- Status2023-OE-0001-03OpenClosed
HUD OCIO should implement a process to consistently update and maintain its inventory of software assets and ensure that the inventory is consistent with the automated discovery scans used to perform vulnerability, configurations, and continuous diagnostics and mitigation scans and use this inventory to consistently remove unauthorized software assets from the HUD network (IG FISMA metrics 2, 20, and 21).
- Status2023-OE-0001-04OpenClosed
HUD OCIO should update its software inventory policies and procedures to account for critical software as defined by EO 14028 (IG FISMA metrics 3 and 21).
- Status2023-OE-0001-05OpenClosed
HUD OCIO should implement policies and procedures to maintain inventories of critical software and software licenses, critical software platforms, and all software installed on critical software platforms (both critical software and noncritical software) and use the inventory of critical software platforms and all software installed on them to ensure that only supported versions of software are used on those critical software platforms (IG FISMA metrics 3 and 21).
- Status2023-OE-0001-06OpenClosed
HUD OCIO should in coordination with the Chief Risk Officer (CRO), document cybersecurity risk management roles and responsibilities in a consolidated list and; define procedures to hold personnel accountable to their assigned roles in the consolidated list (IG FISMA metric 7)
- Status2023-OE-0001-07OpenClosed
HUD OCIO should consistently implement personnel accountability procedures to ensure that assigned cybersecurity risk management roles are being performed in an effective manner (IG FISMA metric 7).