The Office of Evaluation began preliminary research related to the Program Management Improvement Accountability Act (PMIAA) of 2016.  The objective was to determine how HUD has implemented and complied with the requirements of PMIAA.  After completing informational interviews with HUD officials and reviewing related documentation, we have determined that a full evaluation is premature at this time because HUD is still implementing…

We audited the Office of Community Planning and Development’s (CPD) monitoring and oversight of the Community Development Block Grant - Disaster Recovery (CDBG-DR) program.  The objective of the audit was to determine whether CPD had effectively and efficiently designed its CDBG-DR program requirements and monitoring to ensure that the grantees meet statutory and other Federal low- and moderate-income (LMI) requirements.  Generally,…

We conducted this evaluation to assess the maturity of HUD’s Robotic process automation (RPA) activities and determine whether HUD had implemented related controls to address technology and program management risks.  RPA is a software technology used to emulate human actions on a computer.  RPA software programs, referred to as “bots,” can complete repetitive tasks quickly and consistently, freeing up employees to work on other,…

We audited the U.S. Department of Housing and Urban Development’s (HUD) information technology (IT) infrastructure to support mandatory telework. During mandatory telework, more employees simultaneously needed remote access to HUD’s network and agency resources for an extended period, which presented unique risks and security requirements. While HUD is no longer operating under mandatory telework, understanding the challenges it faced is key to…

The Federal Information Security Modernization Act of 2014 (FISMA) requires all Federal agencies to conduct independent penetration tests and vulnerability assessments on a sampling of information systems annually.  In conjunction with our fiscal year 2022 FISMA evaluation (2022-OE-0001), we conducted a targeted penetration test and vulnerability assessment of sample systems that resulted in a Topic Brief.  The objective of this…

We contracted with the independent public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the financial statements of HUD as of and for the fiscal years ended September 30, 2022 and 2021, and to provide reports on HUD’s 1) internal control over financial reporting; and 2) compliance with laws, regulations, contracts, and grant agreements and other matters, including whether financial management systems complied substantially with the…

We contracted with the independent public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the financial statements of FHA as of and for the fiscal years ended September 30, 2022 and 2021, and to provide reports on FHA’s 1) internal control over financial reporting; and 2) compliance with laws, regulations, contracts, and grant agreements and other matters.  Our contract with CLA required that the audit be performed in accordance…

We contracted with the independent public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the financial statements of Ginnie Mae as of and for the fiscal years ended September 30, 2022 and 2021, and to provide reports on Ginnie Mae’s 1) internal control over financial reporting; and 2) compliance with laws, regulations, contracts, and grant agreements and other matters. Our contract with CLA required that the audit be performed in…

As part of a Council of the Inspectors General on Integrity and Efficiency (CIGIE) Disaster Assistance Working Group cross-cutting initiative, we summarized the conclusions, findings, and recommendations of 28 reports related to the Federal Government’s natural disaster preparedness and response issued by 7 Offices of Inspector General (OIGs).  The seven participating OIGs included U.S. Departments of Defense, Health and Human…

We audited the U.S. Department of Housing and Urban Development’s (HUD) efforts to meet the Geospatial Data Act of 2018 (the Act).Our audit objective was to determine whether HUD met the 13 responsibilities stated in the Act with regard to its collection, production, acquisition, maintenance, distribution, use, and preservation of geospatial data.  The Act also generally requires covered agencies provide access to geospatial data and…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…