We conducted this evaluation to assess the maturity of HUD’s Robotic process automation (RPA) activities and determine whether HUD had implemented related controls to address technology and program management risks.  RPA is a software technology used to emulate human actions on a computer.  RPA software programs, referred to as “bots,” can complete repetitive tasks quickly and consistently, freeing up employees to work on other, higher value…

We audited the U.S. Department of Housing and Urban Development’s (HUD) information technology (IT) infrastructure to support mandatory telework. During mandatory telework, more employees simultaneously needed remote access to HUD’s network and agency resources for an extended period, which presented unique risks and security requirements. While HUD is no longer operating under mandatory telework, understanding the challenges it faced is key to…

The Federal Information Security Modernization Act of 2014 (FISMA) requires all Federal agencies to conduct independent penetration tests and vulnerability assessments on a sampling of information systems annually.  In conjunction with our fiscal year 2022 FISMA evaluation (2022-OE-0001), we conducted a targeted penetration test and vulnerability assessment of sample systems that resulted in a Topic Brief.  The objective of this testing was to…

We contracted with the independent public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the financial statements of HUD as of and for the fiscal years ended September 30, 2022 and 2021, and to provide reports on HUD’s 1) internal control over financial reporting; and 2) compliance with laws, regulations, contracts, and grant agreements and other matters, including whether financial management systems complied substantially with the…

We contracted with the independent public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the financial statements of Ginnie Mae as of and for the fiscal years ended September 30, 2022 and 2021, and to provide reports on Ginnie Mae’s 1) internal control over financial reporting; and 2) compliance with laws, regulations, contracts, and grant agreements and other matters. Our contract with CLA required that the audit be performed in…

In coordination with the Pandemic Response Accountability Committee, we conducted an audit to identify potential fraud schemes that could affect HUD’s pandemic funds.  We reviewed the funds appropriated by the Coronavirus Aid, Relief, and Economic Security (CARES) Act and the American Rescue Plan (ARP) Act for the Tenant-Based Rental Assistance (TBRA), Project-Based Rental Assistance (PBRA), HOME Investment Partnerships, and Public Housing…

We completed a corrective action verification (CAV) of recommendations from prior Office of Inspector General (OIG) audit reports on the U.S. Department of Housing and Urban Development’s (HUD) government purchase cards and government travel cards, both issued January 31, 2020. During our CAV, we followed up on all 10 recommendations from OIG audit report 2020-KC-0001 and all 13 recommendations from OIG audit report 2020-KC-0002. Our CAV…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the…

The Federal Information Security Modernization Act of 2014 (FISMA) requires all federal agencies to conduct independent security technical verification testing on a sampling of information systems annually.  In conjunction with our fiscal year 2021 FISMA evaluation (2021-OE-0001), we conducted a targeted security testing assessment of sample systems that resulted in a Topic Brief.  The objective of this application vulnerability testing was to…

We reviewed the U.S. Department of Housing and Urban Development’s (HUD) ability to effectively complete information technology (IT) acquisitions.  HUD’s IT systems and its modernization plans depend heavily on contractors, yet HUD has historically faced significant challenges with implementing effective acquisition processes. Therefore, HUD’s acquisition capacity represents a key potential risk within HUD’s IT environment. We found that a lack…

While some of HUD’s efforts to improve its hiring and human capital functions and reduce its average time-to-hire have been successful, HUD’s hiring process overall was not efficient.  HUD’s Office of the Chief Human Capital Officer (OCHCO), which is responsible for developing and implementing policies and procedures associated with human capital management, set a goal to reduce the average time-to-hire but did not meet this goal.  OCHCO must…

We audited the U.S. Department of Housing and Urban Development’s (HUD) fiscal year 2020 compliance with the Payment Integrity Information Act of 2019 (PIIA) and other Office of Management and Budget guidance.  PIIA was enacted to prevent and reduce improper payments and requires each agency’s inspector general to perform an annual review of the agency’s compliance with PIIA.  Our audit objective was to determine whether HUD complied with PIIA…