IG faults HUD for stimulus law reporting problems

HUD lapsed on data security; agency blames "aggressive schedule"

The Housing and Urban Development Department is months behind schedule and falls short on privacy and security as it tracks its spending under the economic stimulus law, according to a new report from HUD's Office of the Inspector General.

HUD signed a contract in May to develop and manage its $13.6 billion spending provided by the law to fulfill the Obama administration’s transparency goals.

However, HUD did not follow federal policies in developing a risk management strategy and system security plans for the new computer system, Hanh Do, director of the information system audit division for the IG's office, wrote in the Sept. 30 audit report.

“HUD did not complete required security and privacy documents before or during the early phase of system development," Do wrote. “As a result, HUD officials could not ensure that all security controls were in place, implemented correctly, and operating as intended.”

The report recommends that HUD ensure that system's owners develop a system security plan, privacy impact assessment and risk assessment early in the development process.

The department agreed with most of the recommendations and said that an “aggressive schedule” for the stimulus reporting contributed to the problems, Lynn Allen, general deputy chief information officer for HUD, wrote in a letter attached to the report. She wrote that the reporting system was certified and accredited 30 days after it became operational, and he said a privacy impact assessment was performed at the recommendation of the inspector general.

In addition, the report finds fault with HUD’s late filing of required reports on compliance with environmental laws. Under the stimulus law, agencies were required to file reports of compliance with the National Environmental Policy Act in April, June and October.

HUD had problems meeting the first two deadlines and did not provide accurate and timely data to the public on $2.9 billion worth of projects, the report said.

HUD officials said they could not meet the reporting requirements for April because they did not have a departmentwide system in place to collect the data. The stimulus reporting system was created in May and became operational on June 30. Also, some of the data collection was from a wide variety of sources, complicating the project: for example, the Public Housing Capital Fund needs to collect environmental compliance data from more than 3,000 sources.

Also, HUD officials said there were delays in training employees to input environmental data into the reporting system. Training classes for the environmental reporting did not begin until late August, though the first reports were due in April.

HUD has previously been criticized for security problems.  In August, the Government Accountability Office issued a report criticizing HUD's IT management, saying it did not fully comply with federal guidelines and best practices. 

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.