Obtain training or technical assistance as needed on the implementation of fraud risk management practices.

Update relevant policies and procedures for appraiser roster management so that they align with each other and with regulations and reflect HUD practice. At a minimum, the policies and procedures should clearly cover appraiser roster status, license expiration, disciplinary actions, removals, data accuracy, and documentation.

Maintain historical data for each appraiser record, including history on expiration dates, when appraisers are moved on or off the appraiser roster and when they are and are not allowed to be assigned to conduct appraisals.

Improve quality assurance processes by adding steps to verify that the appraiser roster is accurate and reliable over time through testing of its logic-based system controls and data fields.

Require that the PLUS system for receiving, processing, and assigning applications tracks applications and captures application intake, screening, and status, including key dates; captures data on the type of underwriter used; includes a portal for receiving documents and communicating with lenders; and generates FHA loan numbers. This will allow HUD to identify, monitor, and address processing delays and issues on a continuous basis; evaluate…

Update policies and procedures to include methods that will be used when applications exceed underwriter capacity, align intake and screening processes, and explain when timeframes will be enforced, including in PLUS.

HUD OCIO should define a plan to meet the logging requirements at all event logging maturity levels (basic, intermediate, advanced) in accordance with OMB M-21-31. This plan should include logging sufficient to allow for reviewing privileged user activities (IG FISMA metrics 32 and 54).

HUD OCIO should develop and implement monitoring and enforcement procedures to ensure that non-GFE devices (for example, BYOD), such as those owned by contractors or HUD employees, are either: (a) prohibited from connecting to the HUD network; or (b) properly authorized and configured before connection to the HUD network (IG FISMA metrics 2, 21, and 33).

HUD OCIO should develop and implement procedures and contract terms to enforce forfeiture of non-GFE devices (for example, BYOD), to allow for analysis when security incidents occur (IG FISMA metrics 33 and 55).

HUD’s Office of Administration, in coordination with OCIO, should update and communicate its PII minimization plan. The plan should include detailed procedures to regularly review and remove unnecessary PII collections in accordance with OMB Circular A-130 (IG FISMA metric 35).

HUD OCIO should develop and implement processes to monitor and analyze qualitative and quantitative performance measures for the effectiveness of its ISCM program (IG FISMA metric 47).

HUD OCIO should define a process and assign responsibility to evaluate the effectiveness of its incident response technologies and adjust configurations and toolsets to improve the incident response program (IG FISMA metric 58).

HUD OCIO should update its enterprisewide business impact prioritization analysis procedures to include system dependencies and the characterization of system components (IG FISMA metric 61).

Develop guidance for the program offices to identify the causes behind high attrition rates in governmentwide high-risk MCOs and field offices in large cities.

Develop guidance for program offices to develop program office-specific action plans to address any causes found for high attrition rates in governmentwide high-risk MCOs and field offices in large cities.

Create a single, unified agency-specific MCO list updated to reflect current progress toward closing skills gaps.

Implement a transparent process for reviewing open-ended exit survey results and sharing those results with ODEEO, as appropriate, and program offices while still protecting former employees’ confidentiality.

Assess what departing employees mean when they indicate that organizational culture is a motivation for leaving HUD.

Determine how to measure the impact of recruitment efforts related to individuals who identiy as Hispanic or Latino.

Implement a process to measure the impact of recruitment efforts related to individuals who identify as Hispanic or Latino.