The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

This memorandum report summarizes survey and interview results on the impact mandatory telework is having on U.S. Housing and Urban Development’s (HUD) operations. The HUD Office of Inspector General (OIG) conducted surveys and interviews to evaluate HUD’s use of agency-wide telework in response to the novel coronavirus disease of 2019 (COVID-19) pandemic. The study was designed to provide insights into the types of obstacles that impeded HUD…

This report presents the results of our audit of Ginnie Mae’s fiscal year 2019 financial statements, including our report on Ginnie Mae’s internal control and test of compliance with selected provisions of laws, regulations, and contracts applicable to Ginnie Mae. In fiscal year 2019, we were unable to obtain sufficient, appropriate evidence to express an opinion on the fairness of Ginnie Mae’s financial statements.  Specifically, our…

This topic brief summarized the current status of all information technology (IT) and privacy program recommendations issued to the U.S. Department of Housing and Urban Development (HUD) by the Office of Inspector General’s Office of Evaluation, Information Technology Evaluations Division (iTED) from Fiscal Year (FY) 2014 through 2019.  The report breaks down numbers of recommendations by functional areas and analyzes the progress…

We audited information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of our audit of HUD’s financial statements for fiscal year 2018 under the Chief Financial Officers Act of 1990.  Our objective was to assess general controls over HUD’s computing environment for compliance with HUD information technology policies and Federal information…

We audited the general controls over the Integrated Pool Management System (IPMS) as part of the internal control assessments required for the fiscal year 2018 financial statements audit under the Chief Financial Officer’s Act of 1990.  Our objective was to evaluate and assess internal controls over the safeguarding of data, security, and continued operations in the event of unexpected interruptions.  Specifically, we examined the…

This report presents the results of our audit of Ginnie Mae’s fiscal years 2018 and 2017 financial statements, including our report on Ginnie Mae’s internal control and test of compliance with selected provisions of laws and regulations applicable to Ginnie Mae. In fiscal year 2018, for the fifth consecutive year, we were unable to obtain sufficient, appropriate evidence to express an opinion on the fairness of the $3 billion (net of allowance…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

We audited information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of our audit of HUD’s financial statements for fiscal year 2017 under the Chief Financial Officer’s Act of 1990.  Our objective was to assess general controls over HUD’s computing environment for compliance with HUD information technology policies and Federal information…

This briefing paper highlights challenges the Department of Housing and Urban Development (HUD) faces in managing and improving its Information Technology (IT) program.  This document analyzed past HUD OIG and GAO IT related reports and recommendations to highlight key management challenges in HUD’s IT program. We are highlighting these challenges so HUD leadership is aware of and can be better prepared to address them. The OIG has…

We audited general and application controls over the Ginnie Mae Financial Accounting System (GFAS) as part of the internal control assessments required for the fiscal year 2017 financial statements audit under the Chief Financial Officer’s Act of 1990.  Our objective was to review internal controls over the security, integrity, confidentiality, and availability of the data maintained in GFAS. We also reviewed the functionality and…

This report presents the results of our audit of Ginnie Mae’s fiscal years 2017 and 2016 (restated) financial statements, including our report on Ginnie Mae’s internal control and test of compliance with selected provisions of laws and regulations applicable to Ginnie Mae.  In fiscal year 2017, for the fourth consecutive year, we were unable to obtain sufficient, appropriate evidence to express an opinion on the fairness of the $3.6…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

The U.S. Department of Housing and Urban Development, Office of Inspector General audited Ginnie Mae’s oversight of nonbanks due to the growth of nonbank issuers in the mortgage servicing industry.  Our objective was to determine whether Ginnie Mae responded adequately to changes in its issuer base. We found that Ginnie Mae did not adequately respond to changes in its issuer base.  Specifically, it did not implement policies and…

Enforce the requirement for all HUD web applications and services to be approved and authorized by OCIO. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. Corrective Action Taken In January 2023, HUD's Office of the Chief Information Officer developed and released a Web Applications Directive to all HUD program…

This briefing paper highlights challenges the Government National Mortgage Association (Ginnie Mae) faces in monitoring nonbanks and outlines our past, current, and future efforts to help it address those challenges. We are highlighting these challenges so HUD leadership is aware of and can be better prepared to address them.  OIG is focusing on Ginnie Mae’s capacity to monitor nonbanks with an ongoing audit.

In accordance with the Chief Financial Officers Act of 1990, as amended, we are required to annually audit the consolidated financial statements of the U.S. Department of Housing and Urban Development (HUD). HUD reissued its fiscal year 2016 and 2015 (Restated) consolidated financial statements due to pervasive material errors that were identified by us. Our objective was to express an opinion on the fairness of HUD’s consolidated…

This page previously contained our independent auditor’s report on HUD’s fiscal year 2016 and 2015 (Restated) consolidated financial statements  (OIG Audit Report 2017-FO-0004), issued November 15, 2016.  In the report, one basis for our disclaimer of opinion was that HUD was unable to provide final consolidated financial statements and accompanying notes in a timeframe that would allow us to obtain sufficient, appropriate evidence to…

This report presents the results of our audit of Ginnie Mae’s fiscal years 2016 and 2015 (restated) financial statements, including our report on Ginnie Mae’s internal control and test of compliance with selected provisions of laws and regulations applicable to Ginnie Mae.  For the third consecutive year, in fiscal year 2016, we were unable to obtain sufficient, appropriate evidence to express an opinion on the fairness of the $ 4.2…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…