The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

The Federal Information Security Modernization Act of 2014 (FISMA) requires all federal agencies to conduct independent security technical verification testing on a sampling of information systems annually.  In conjunction with our fiscal year 2021 FISMA evaluation (2021-OE-0001), we conducted a targeted security testing assessment of sample systems that resulted in a Topic Brief.  The objective of this application vulnerability…

We audited the U.S. Department of Housing and Urban Development’s (HUD) oversight of its public housing agencies’ (PHA) reasonable accommodation policies and procedures.  We initiated this audit because we identified an increase in housing discrimination complaints based on a failure to provide a reasonable accommodation, even as the total number of all housing discrimination complaints was decreasing.  Our audit objective was to…

We audited the U.S. Department of Housing and Urban Development’s (HUD) oversight of Federal Housing Administration (FHA) refunds based on a hotline complaint alleging that HUD was trying to make it difficult for claimants to obtain refunds or discourage them from pursuing the refunds, which are due to eligible homeowners from the unearned portion of the upfront mortgage insurance premium paid.  Our audit found the allegations from the…

The U.S. Department of Housing and Urban Development (HUD), Office of Inspector General (OIG), completed a corrective action verification (CAV) of recommendations from four prior home equity conversion mortgage (HECM) audit reports.  The CAV was initiated because protecting the Federal Housing Administration (FHA) mutual mortgage insurance fund is one of HUD’s top management challenges.  The prior audits determined that HUD lacked…

We conducted this evaluation due to the growing homeless crisis and the U.S. Department of Housing and Urban Development’s (HUD) establishing a goal of ending homelessness.  Our objective was to evaluate the challenges that participating public housing agencies (PHA) face in meeting the goals and objectives of the HUD Veterans Affairs Supportive Housing (VASH) program. The results from our limited review may help HUD in addressing PHAs’…

We reviewed the U.S. Department of Housing and Urban Development’s (HUD) ability to effectively complete information technology (IT) acquisitions.  HUD’s IT systems and its modernization plans depend heavily on contractors, yet HUD has historically faced significant challenges with implementing effective acquisition processes. Therefore, HUD’s acquisition capacity represents a key potential risk within HUD’s IT environment. We found that a…

On March 27, 2020, the Coronavirus Aid, Relief, and Economic Security (CARES) Act made available $5 billion in supplemental CDBG funding for grants to prevent, prepare for, and respond to the coronavirus pandemic (CDBG-CV grants).  Because of similarities, we reviewed 132 CDBG-DR program audits and evaluations issued from May 2002 to March 2020 to summarize the common CDBG-DR program weaknesses and risks for CPD to consider to help its…

While some of HUD’s efforts to improve its hiring and human capital functions and reduce its average time-to-hire have been successful, HUD’s hiring process overall was not efficient.  HUD’s Office of the Chief Human Capital Officer (OCHCO), which is responsible for developing and implementing policies and procedures associated with human capital management, set a goal to reduce the average time-to-hire but did not meet this goal. …

We reviewed the U.S. Department of Housing and Urban Development’s (HUD) information technology (IT) modernization roadmap.  A significant number of HUD’s mission-essential applications have not been modernized, which presents multiple sources of risk.  These applications are hosted on legacy information systems and mainframe platforms, which are operationally inefficient, increasingly difficult to secure, and costly to maintain.…

We audited the U.S. Department of Housing and Urban Development’s (HUD) fiscal year 2020 compliance with the Payment Integrity Information Act of 2019 (PIIA) and other Office of Management and Budget guidance.  PIIA was enacted to prevent and reduce improper payments and requires each agency’s inspector general to perform an annual review of the agency’s compliance with PIIA.  Our audit objective was to determine whether HUD complied…

HUD does not have a departmentwide policy for dealing with radon contamination.  Instead, HUD relies on each program office to develop radon policies that align with HUD’s environmental regulations.  The three program offices reviewed do not have consistent radon policies.  Only Multifamily’s radon policy includes radon testing and mitigation requirements.  PIH’s policy strongly encourages but does not require public housing…

In June 2020, we received letters from members of Congress, including the chairpersons of the House Committee on Financial Services and Oversight and Investigation Subcommittee, expressing concern that the U.S. Department of Housing and Urban Development (HUD) imposed a new, nonpublic, and legally erroneous policy that prohibited issuing Federal Housing Administration (FHA)-insured loans to Deferred Action for Childhood Arrivals (DACA)…

We audited rent credits that the U.S. Department of Housing and Urban Development (HUD) received from the U.S. General Services Administration (GSA) during fiscal years 2015 through 2018 in exchange for financial contributions for building improvements.  We initiated this audit due to concerns we identified while completing a review of HUD’s use of funds approved by Congress for building improvements.[1]  Our objective was to…

We audited selected general and application controls over the Federal Housing Administration’s (FHA) Home Equity Reverse Mortgage Information Technology (HERMIT) system as part of the internal control assessments required for the fiscal year 2019 financial statement audit under the Chief Financial Officer’s Act of 1990.  Our objective was to review the selected controls over HERMIT for compliance with U.S. Department of Housing and Urban…

The West Calumet Housing Complex (WCHC), located in East Chicago, IN, was a public housing development that opened in 1972 on top of a former lead smelting plant.  HUD and other agencies missed multiple opportunities to identify site contamination at WCHC.  As a result, WCHC residents continued living in unsafe conditions for decades, and inadequate oversight led to the lead poisoning of children in WCHC.  Between 2005 and 2015,…

We conducted this limited review to determine the use of landlord incentives to increase landlord participation and retention and expand housing options for program participants outside areas of low-income or minority concentration. The majority (28 of 34) of responsive MTW PHAs used the program and funding flexibilities of the MTW program to offer landlord incentives.  These PHAs offered many types of landlord incentives as a tool to…

We audited information systems controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment as part of the internal control assessments for the fiscal year 2019 financial statements audit under the Chief Financial Officer’s Act of 1990. Our objective was to assess general controls over HUD’s computing environment for compliance with HUD information technology policies and Federal information system security…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

We conducted this limited review to identify the U.S. Department of Housing and Urban Development’s (HUD) Coronavirus Aid, Relief, and Economic Security Act (CARES Act) drawdown levels for the initial round of Emergency Solutions Grants (ESG) funding.  In addition, we researched information published by grantees on how they have used and will use their funds.  Our objective was to highlight the grantees’ (1) drawdown levels for…