The Federal Information Security Modernization Act of 2014 (FISMA) requires all Federal agencies to conduct independent penetration tests and vulnerability assessments on a sampling of information systems annually.  In conjunction with our fiscal year 2022 FISMA evaluation (2022-OE-0001), we conducted a targeted penetration test and vulnerability assessment of sample systems that resulted in a Topic Brief.  The objective of this…

We contracted with the independent public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the financial statements of HUD as of and for the fiscal years ended September 30, 2022 and 2021, and to provide reports on HUD’s 1) internal control over financial reporting; and 2) compliance with laws, regulations, contracts, and grant agreements and other matters, including whether financial management systems complied substantially with the…

We contracted with the independent public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the financial statements of FHA as of and for the fiscal years ended September 30, 2022 and 2021, and to provide reports on FHA’s 1) internal control over financial reporting; and 2) compliance with laws, regulations, contracts, and grant agreements and other matters.  Our contract with CLA required that the audit be performed in accordance…

We contracted with the independent public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the financial statements of Ginnie Mae as of and for the fiscal years ended September 30, 2022 and 2021, and to provide reports on Ginnie Mae’s 1) internal control over financial reporting; and 2) compliance with laws, regulations, contracts, and grant agreements and other matters. Our contract with CLA required that the audit be performed in…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

We audited the U.S. Department of Housing and Urban Development’s (HUD) efforts to meet the Geospatial Data Act of 2018 (the Act).Our audit objective was to determine whether HUD met the 13 responsibilities stated in the Act with regard to its collection, production, acquisition, maintenance, distribution, use, and preservation of geospatial data.  The Act also generally requires covered agencies provide access to geospatial data and…

In coordination with the Pandemic Response Accountability Committee, we conducted an audit to identify potential fraud schemes that could affect HUD’s pandemic funds.  We reviewed the funds appropriated by the Coronavirus Aid, Relief, and Economic Security (CARES) Act and the American Rescue Plan (ARP) Act for the Tenant-Based Rental Assistance (TBRA), Project-Based Rental Assistance (PBRA), HOME Investment Partnerships, and Public Housing…

We audited the U.S. Department of Housing and Urban Development’s (HUD) Community Development Block Grant Coronavirus Aid, Relief, and Economic Security (CARES) Act program.Our audit objective was to determine what challenges grantees faced in using program funds for activities that prepare for, prevent, or respond to the coronavirus and its impact.  We used a survey questionnaire to gather feedback and insight directly from 1,047 program…

We completed a corrective action verification (CAV) of recommendations from prior Office of Inspector General (OIG) audit reports on the U.S. Department of Housing and Urban Development’s (HUD) government purchase cards and government travel cards, both issued January 31, 2020. During our CAV, we followed up on all 10 recommendations from OIG audit report 2020-KC-0001 and all 13 recommendations from OIG audit report 2020-KC-0002. Our CAV…

Develop a control to detect loans that did not maintain the required flood insurance to put $1.5 billion to better use by avoiding potential future costs to the FHA insurance fund from inadequately insured properties. Corrective Action Taken In November 2022, FHA published the Acceptance of Private Flood Insurance for FHA-Insured Mortgages final rule (Docket No. FR-6084-F-02) in the Federal Register and issued Mortgagee Letter 2022-18,…

We audited the U.S. Department of Housing and Urban Development’s (HUD) grant closeout processes and compliance with the Grants Oversight and New Efficiency (GONE) Act.  The GONE Act required that we conduct a risk assessment to determine whether an audit of HUD’s grant closeout process was warranted.  We initiated this review based on the results of our risk assessment conducted in fiscal year 2018, which found that an audit was…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

The Federal Information Security Modernization Act of 2014 (FISMA) requires all federal agencies to conduct independent security technical verification testing on a sampling of information systems annually.  In conjunction with our fiscal year 2021 FISMA evaluation (2021-OE-0001), we conducted a targeted security testing assessment of sample systems that resulted in a Topic Brief.  The objective of this application vulnerability…

We audited the U.S. Department of Housing and Urban Development’s (HUD) transitioning of offices from mandatory to maximum telework during the coronavirus disease 2019 (COVID-19) pandemic, based on a request from Representative Gerald Connolly, to review whether HUD was employing best practices and existing guidance when deciding whether or when to require Federal employees to return to their offices.  Transitioning an office to maximum…

We audited the U.S. Department of Housing and Urban Development’s (HUD) oversight of Federal Housing Administration (FHA) refunds based on a hotline complaint alleging that HUD was trying to make it difficult for claimants to obtain refunds or discourage them from pursuing the refunds, which are due to eligible homeowners from the unearned portion of the upfront mortgage insurance premium paid.  Our audit found the allegations from the…

The U.S. Department of Housing and Urban Development (HUD), Office of Inspector General (OIG), completed an audit to determine whether FHA-insured borrowers properly received the COVID-19-related forbearance.  The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), signed into law on March 27, 2020, provided a mortgage payment forbearance option for all borrowers who suffered a financial hardship due to the COVID-19 national…

The U.S. Department of Housing and Urban Development (HUD), Office of Inspector General (OIG), completed a corrective action verification (CAV) of recommendations from four prior home equity conversion mortgage (HECM) audit reports.  The CAV was initiated because protecting the Federal Housing Administration (FHA) mutual mortgage insurance fund is one of HUD’s top management challenges.  The prior audits determined that HUD lacked…

We contracted with the independent public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the financial statements of HUD as of and for the fiscal years ended September 30, 2021 and 2020,1 and to provide reports on HUD’s 1) internal control over financial reporting; and 2) compliance with laws, regulations, contracts, and grant agreements and other matters, including whether financial management systems complied substantially with the…

We contracted with the independent public accounting firm of CliftonLarsonAllen LLP (CLA) to audit the financial statements of FHA as of and for the fiscal years ended September 30, 2021 and 2020, and to provide reports on FHA’s 1) internal control over financial reporting; and 2) compliance with laws, regulations, contracts, and grant agreements in its financial reporting.  Our contract with CLA required that the audit be performed in…

We reviewed the U.S. Department of Housing and Urban Development’s (HUD) ability to effectively complete information technology (IT) acquisitions.  HUD’s IT systems and its modernization plans depend heavily on contractors, yet HUD has historically faced significant challenges with implementing effective acquisition processes. Therefore, HUD’s acquisition capacity represents a key potential risk within HUD’s IT environment. We found that a…