The U.S. Department of Housing Urban Development (HUD), Office of Inspector General audited the Government National Mortgage Association’s (Ginnie Mae) process for identifying and removing uninsured single-family Federal Housing Administration loans from mortgage-backed securities (MBS) pools.  Our audit objective was to determine whether loans remained in Ginnie Mae MBS pools for 1 year or longer without the required mortgage insurance.…

The Federal Information Security Modernization Act of 2014 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and…

This report presents the results of our audit of Ginnie Mae’s fiscal years 2015 and 2014 (restated) financial statements, including our report on Ginnie Mae’s internal control and test of compliance with selected provisions of laws and regulations applicable to Ginnie Mae.  For the second consecutive year, in fiscal year 2015, we were unable to obtain sufficient appropriate evidence to express an opinion on the fairness of the $ 5.4…

We reviewed information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of the Office of Inspector General’s audit of HUD’s financial statements for fiscal year 2015 under the Chief Financial Officer’s Act of 1990. The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its…

This report presents the results of our fiscal year 2014 audit of Ginnie Mae’s financial statements, including our report on Ginnie Mae’s internal control and test of compliance with selected provisions of laws and regulations applicable to Ginnie Mae.  We contracted with the independent certified public accounting firm of CliftonLarsonAllen LLP to audit Ginnie Mae’s fiscal year 2013 financial statements.  CliftonLarsonAllen was…

Office of Evaluation, IT Evaluation Division (iTED) conducted an evaluation of HUD’s IT Modernization program, which included reviews on the implementation and maturity of HUD’s capital planning and investment control (CIPIC) process and Enterprise Architecture (EA) program. With the corroboration of HUD’s Office of Chief Information Officer (OCIO), the report focuses on three major IT programs and policies within the CPIC and EA programs: IT…

The Office of Evaluation performed preliminary research of the HUD Office of the Chief Information Officer’s (OCIO) management of the agency’s reporting of financial and project information on the Federal IT Dashboard (Dashboard).  The objective of the evaluation was to determine if OCIO processes ensured accurate IT investment information was reported on the Dashboard.  We found that project managers did not consistently follow…

We reviewed information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of the Office of Inspector General’s audit of HUD’s financial statements for fiscal year 2014 under the Chief Financial Officer’s Act of 1990. The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its…

The Federal Information Security Management Act of 2002 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and…

We reviewed the information security controls over the U.S. Department of Housing and Urban Development’s (HUD) Ginnie Mae Financial Accounting System (GFAS) as part of the internal control assessments required for the fiscal year 2014 financial statement audit under the Chief Financial Officer’s Act of 1990.  Our audit objective was to determine the effectiveness of general and application controls over GFAS for compliance with HUD…

Federal organizations have a fundamental responsibility to protect the privacy of individuals and their personally identifiable information (PII) that is collected, used, maintained, shared, and disposed of by agency programs and information systems. The management of U.S. Department of Housing and Urban Development (HUD) programs demands the availability and use of extensive amounts of financial, demographic, and personal information. HUD is…

In accordance with the Government Corporation Control Act as amended (31 U.S.C. 9105), the Office of Inspector General engaged the independent certified public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the fiscal years 2013 and 2012 financial statements of the Federal Housing Administration (FHA). The contract required that the audit be performed according to Generally Accepted Government Auditing Standards (GAGAS). CLA is…

In accordance with the Government Corporation Control Act as amended (31 U.S.C. 9105), the Office of Inspector General engaged the independent certified public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the fiscal years 2013 and 2012 financial statements of the Government National Mortgage Association (Ginnie Mae). The contract required that the audit be performed according to Generally Accepted Government Auditing Standards (…

The Federal Information Security Management Act of 2002 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and…

In response to a hotline complaint, we conducted an evaluation of the Government National Mortgage Association’s (Ginnie Mae) managed data center sole-source requisition. Specifically, the hotline complaint alleged that Ginnie Mae (1) intended to circumvent the normal competitive process and did not publicize the full details of the scope of the contract, (2) intended to issue a sole-source contract and then enlarge the scope post-award without…

We have completed a review to determine whether HUD followed proper policies and procedures in responding to a breach of personally identifiable information which occurred on September 21, 2012. Specifically, for this incident, we identified what actions were taken and any deficiencies within HUD policies, plans, or current practices. We determined that HUD responded to the incident properly, following United States Computer Emergency…

In accordance with the Government Corporation Control Act as amended (31 U.S.C. 9105), the Office of Inspector General engaged the independent certified public accounting firm of Clifton Gunderson LLP (CG) to audit the fiscal years 2011 financial statements of the Government National Mortgage Association (Ginnie Mae). The contract required that the audit be performed according to Generally Accepted Government Auditing Standards (GAGAS). Ginnie…

We audited the U.S. Department of Housing and Urban Development’s (HUD) management procedures, practices, and controls related to the Recovery Act Management and Reporting System (RAMPS). Our objective was to assess its capability to record and provide data required by the American Recovery and Reinvestment Act of 2009 on which HUD is required to report. Overall, RAMPS had the capability to record Recovery Act data and produce the reports…

We have completed an audit of the U.S. Department of Housing and Urban Development’s (HUD) information security program. We evaluated whether HUD’s Office of the Chief Information Officer (OCIO) had developed security policies, implemented procedures, and continuously monitored its entitywide information system security program. We performed this audit because it is a required component of our fiscal year 2010 consolidated financial…

This report presents the results of Carmichael, Brasher, Tuvell and Company's (CBTC) audit of the Government National Mortgage Association's (Ginnie Mae) financial statements for the fiscal years ended September 30, 2010 and 2009. In CBTC's opinion, the financial statements present fairly, in all material respects, Ginnie Mae's financial position as of September 30, 2010 and September 30, 2009 and the results of its operations and its cash…