This briefing paper highlights challenges the Department of Housing and Urban Development (HUD) faces in managing and improving its Information Technology (IT) program.  This document analyzed past HUD OIG and GAO IT related reports and recommendations to highlight key management challenges in HUD’s IT program. We are highlighting these challenges so HUD leadership is aware of and can be better prepared to address them. The OIG has…

HUD has a contract with Leidos Innovations Corporation for E-Discovery services using the E-Discovery Management System.  The process for collecting electronically stored information (ESI) and delivering it to customers has two major subprocesses: (1) an initial ESI collection and (2) a keyword search to refine the initial collection results.  OGC’s and Leidos’ collection of ESI does not meet customer demand because processing ESI…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

Very low REAC scores are not prevalent across ORCF’s portfolio.  The majority of RCFs that received a REAC score scored at least 80 on their last inspection, and more than three quarters scored at least 60.  Despite the small percentage of RCFs that scored below 31, we noticed an overall decline in REAC inspection scores across ORCF’s portfolio from 2000 to 2016. REAC has adopted an inspection process that applies uniformly to all…

Enforce the requirement for all HUD web applications and services to be approved and authorized by OCIO. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. Corrective Action Taken In January 2023, HUD's Office of the Chief Information Officer developed and released a Web Applications Directive to all HUD program…

The U.S. Department of Housing and Urban Development (HUD), Office of Inspector General (OIG), reviewed preforeclosure sales under the Federal Housing Administration (FHA) program in the St. Louis, MO, area.  We found that the purchaser of a property being sold in a preforeclosure sale entered into a consulting agreement with the realtor.  The agreement required that when the purchaser later sold the property, he would pay half of the…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

We reviewed the Malakoff Housing Authority, Malakoff, TX. The review was part of a joint initiative between the HUD Office of Inspector General’s Office of Audit and Office of Investigation. We completed the review and referred the former executive director’s improper use of Authority funds by hiring and contracting with family members to HUD’s Office of Program Enforcement for action under the Program Civil Fraud Remedies Act of 1986. On May…

Based on a request from the Assistant U.S. Attorney’s Office in Salt Lake City, UT, we provided information about single-family lenders with high default rates. We then reviewed the available case binders for 38 loans for which the Federal Housing Administration (FHA) had paid claims that were underwritten by City First Mortgage Services, LLC. We completed the review and referred alleged violations to the U.S. Department of Housing and Urban…

We audited the U.S. Department of Housing and Urban Development’s (HUD) oversight of its Home Equity Conversion Mortgage (HECM) program and found that 33 borrowers had more than 1 loan under the program.  Having multiple loans violated program requirements because HUD requires borrowers to reside in the mortgaged residence as their principal residence and borrowers may not have more than one principal residence at a time.  We referred…

We audited the U.S. Department of Housing and Urban Development’s (HUD) oversight of its Home Equity Conversion Mortgage (HECM) program and found that contrary to program residency requirements, 37 borrowers did not live in the property associated with the loan and were renting the property to participants in HUD’s Section 8 Housing Choice Voucher program.   Renting the properties to Section 8 program participants violated program…

The Federal Information Security Modernization Act of 2014 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and…

We reviewed information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of the Office of Inspector General’s audit of HUD’s financial statements for fiscal year 2015 under the Chief Financial Officer’s Act of 1990. The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its…

Office of Evaluation, IT Evaluation Division (iTED) conducted an evaluation of HUD’s IT Modernization program, which included reviews on the implementation and maturity of HUD’s capital planning and investment control (CIPIC) process and Enterprise Architecture (EA) program. With the corroboration of HUD’s Office of Chief Information Officer (OCIO), the report focuses on three major IT programs and policies within the CPIC and EA programs: IT…

The Office of Evaluation performed preliminary research of the HUD Office of the Chief Information Officer’s (OCIO) management of the agency’s reporting of financial and project information on the Federal IT Dashboard (Dashboard).  The objective of the evaluation was to determine if OCIO processes ensured accurate IT investment information was reported on the Dashboard.  We found that project managers did not consistently follow…

We reviewed information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of the Office of Inspector General’s audit of HUD’s financial statements for fiscal year 2014 under the Chief Financial Officer’s Act of 1990. The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its…

The Federal Information Security Management Act of 2002 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and…

Federal organizations have a fundamental responsibility to protect the privacy of individuals and their personally identifiable information (PII) that is collected, used, maintained, shared, and disposed of by agency programs and information systems. The management of U.S. Department of Housing and Urban Development (HUD) programs demands the availability and use of extensive amounts of financial, demographic, and personal information. HUD is…

The Federal Information Security Management Act of 2002 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and…

We have completed a review to determine whether HUD followed proper policies and procedures in responding to a breach of personally identifiable information which occurred on September 21, 2012. Specifically, for this incident, we identified what actions were taken and any deficiencies within HUD policies, plans, or current practices. We determined that HUD responded to the incident properly, following United States Computer Emergency…