We audited information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of our audit of HUD’s financial statements for fiscal year 2018 under the Chief Financial Officers Act of 1990.  Our objective was to assess general controls over HUD’s computing environment for compliance with HUD information technology policies and Federal information…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

We conducted an attestation review of the U.S. Department of Housing and Urban Development (HUD), Office of Special Needs Assistance Continuum of Care Program, regarding reporting of drug control accounting and associated management assertions for fiscal year 2017.  The objective of our attestation review was to and to provide negative assurance on HUD’s drug control accounting reporting to the Office of National Drug Control Policy (…

We audited information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of our audit of HUD’s financial statements for fiscal year 2017 under the Chief Financial Officer’s Act of 1990.  Our objective was to assess general controls over HUD’s computing environment for compliance with HUD information technology policies and Federal information…

This briefing paper highlights challenges the Department of Housing and Urban Development (HUD) faces in managing and improving its Information Technology (IT) program.  This document analyzed past HUD OIG and GAO IT related reports and recommendations to highlight key management challenges in HUD’s IT program. We are highlighting these challenges so HUD leadership is aware of and can be better prepared to address them. The OIG has…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

Enforce the requirement for all HUD web applications and services to be approved and authorized by OCIO. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. Corrective Action Taken In January 2023, HUD's Office of the Chief Information Officer developed and released a Web Applications Directive to all HUD program…

We conducted an attestation review of the U.S. Department of Housing and Urban Development (HUD), Office of Special Needs Assistance Continuum of Care Program, regarding drug control accounting and associated management assertions for fiscal year 2016.  The objective of our attestation review was to evaluate HUD’s financial reporting and assertions for drug control funds to determine if its reporting was in compliance with regulations and…

Twenty-two Promise Zones were selected through three rounds of national competition. The U.S. Department of Housing and Urban Development (HUD), oversees 14 urban Promise Zones, and the U.S. Department of Agriculture (USDA) oversees 8 rural and tribal Promise Zones. The Office of Management and Budget (OMB) tasked HUD and USDA to lead the Promise Zone initiative and play essential roles in gathering information about progress in Promise Zones…

This report is for informational purposes only and does not represent an OIG perspective or position. The Robert T. Stafford Disaster Relief and Emergency Assistance Act was designed to bring an orderly and systematic means of Federal disaster assistance for State and local governments to carry out their responsibilities to aid citizens.  Although, State and local governments may carry out their responsibilities in an orderly and…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

The Federal Information Security Modernization Act of 2014 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and…

We reviewed information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of the Office of Inspector General’s audit of HUD’s financial statements for fiscal year 2015 under the Chief Financial Officer’s Act of 1990. The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its…

Office of Evaluation, IT Evaluation Division (iTED) conducted an evaluation of HUD’s IT Modernization program, which included reviews on the implementation and maturity of HUD’s capital planning and investment control (CIPIC) process and Enterprise Architecture (EA) program. With the corroboration of HUD’s Office of Chief Information Officer (OCIO), the report focuses on three major IT programs and policies within the CPIC and EA programs: IT…

The Office of Evaluation performed preliminary research of the HUD Office of the Chief Information Officer’s (OCIO) management of the agency’s reporting of financial and project information on the Federal IT Dashboard (Dashboard).  The objective of the evaluation was to determine if OCIO processes ensured accurate IT investment information was reported on the Dashboard.  We found that project managers did not consistently follow…

We reviewed information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of the Office of Inspector General’s audit of HUD’s financial statements for fiscal year 2014 under the Chief Financial Officer’s Act of 1990. The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its…

The Federal Information Security Management Act of 2002 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and…

Federal organizations have a fundamental responsibility to protect the privacy of individuals and their personally identifiable information (PII) that is collected, used, maintained, shared, and disposed of by agency programs and information systems. The management of U.S. Department of Housing and Urban Development (HUD) programs demands the availability and use of extensive amounts of financial, demographic, and personal information. HUD is…

The Federal Information Security Management Act of 2002 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and…

We have completed a review to determine whether HUD followed proper policies and procedures in responding to a breach of personally identifiable information which occurred on September 21, 2012. Specifically, for this incident, we identified what actions were taken and any deficiencies within HUD policies, plans, or current practices. We determined that HUD responded to the incident properly, following United States Computer Emergency…