Coordinate with HUD’s Office of Lead Hazard Control and Healthy Homes to obtain training for the Authority’s employees responsible for managing lead-based paint on the management of lead-based paint, including the requirements for visual assessments, risk assessments, reevaluations, and hazard reduction.

Provide evidence to support that the owners corrected the 46 deficiencies for the 20 units with outstanding deficiencies. If the owners fail to provide evidence that they made the required corrections, HUD should require the Authority to implement its HAP enforcement procedures and provide supporting documentation to HUD evidencing that it did so.

Improve its quality control process for monitoring its inspectors to enhance the effectiveness of its unit inspections and ensure that all units meet HUD’s and its own requirements to prevent more than $34 million in Program funds from being spent on units that do not meet HQS over the next year. This process should include but not be limited to procedures (1) requiring its staff to use the quality control inspection results to evaluate and…

Pursue collection from the applicable owners or reimburse its HCV Program from non-Federal funds $106,477 ($180,309 - $73,832) in inappropriate HAP

Provide evidence to HUD that it has improved its controls and procedures for its stop payment process to ensure that (1) payments to owners comply with its HCV Program administrative plan and HUD requirements and (2) it maintains documentation to support stop payments and resumption of those payments for each unit as applicable.

Provide documentation to support that HAP was appropriately paid to the owners for the 66 units that had more than one stop payment. If additional HAP was inappropriately paid, the Authority should pursue collection from the applicable owners or reimburse its HCV Program from non-Federal funds.

Review its records to confirm whether it had cases of children with EBLLs during our audit period and work with the owner(s) of the HCV Program units to provide required documentation to HUD.

Update publications and educational materials to owners to ensure that they understand their reporting responsibilities to HUD regarding confirmed cases of children with EBLLs.

Develop and implement procedures and controls for coordinating with public health departments and managing cases of children with EBLLs, including monitoring owners for compliance with the requirements of the LSHR.

Work with HUD’s OLHCHH to provide technical assistance to the Authority’s staff to develop and implement procedures and controls for monitoring owners for compliance with HUD’s EBLL requirements and attempting to collaborate with local health departments to identify cases of EBLL in children under 6 years of age under its HCV Program.

Take corrective action for the subrecipient monitoring and agreement issues cited for eight of the ESG-CV grantees reviewed, and provide additional guidance and technical assistance as needed to ensure that they understand requirements.

Develop and implement additional subrecipient monitoring training and guidance for all ESG grantees.

We recommend that HUD’s Deputy Assistant Secretary for Fair Housing and Equal Opportunity update protocols to promote consistent expectations for timely supervisory, legal, and headquarters reviews of complex cases.

We recommend that HUD’s Deputy Assistant Secretary for Fair Housing and Equal Opportunity review and update the MOUs with OGC for each region to identify and remove inefficiencies that can lead to longer FHEO investigation times and OGC review times and identify best practices that can be implemented across all regions.

We recommend that HUD’s Deputy Assistant Secretary for Fair Housing and Equal Opportunity review and update investigative processes followed by each regional office to identify best practices that can be implemented across all regions and identify and remove inefficiencies that can lead to longer investigation times.

HUD OCIO should a) resolve the conflicts between its Inventory of Automated Systems (IAS) policy and web applications policy to clarify if web applications will be inventories in IAS, the web application Sharepoint site, or both; and b) implement the chosen resolution to this conflict to develop a consistent inventory of web applications (IG FISMA metric 1).

HUD OCIO should implement an automated governance, risk, and compliance tool to manage risk from all sources across the three tiers of the organization in a timely manner. This recommendation updates FY 2021 FISMA recommendation number 5 (IG FISMA metrics 5, 9, and 10).

HUD OCIO should employ automation to maintain a timely and accurate view of security configuration information for all systems connected to its network (IG FISMA metric 20).

HUD OCIO should demonstrate that it can implement its defined security responses if a baseline configuration is changed without authorization. This can be shown by either a response to a real incident if one happens or through a testing exercise if there are no applicable incidents (IG FISMA metric 23).

HUD OCIO should review its security training program and determine whether it should provide general cybersecurity awareness training to external users of its systems and data (IG FISMA metric 44).