Federal Reports

Seek link below for the full report, report summary, multimedia or any agency follow-up.

Seek link below for the full report, report summary, multimedia or any agency follow-up.

We reviewed the U.S. Department of Housing and Urban Development’s (HUD) Continuum of Care Program (CoC) award review process based on an anonymous hotline complaint alleging problems with the CoC competitive award process. The objective of our review was to determine whether HUD performed its CoC competitive review and award process in accordance with NOFA program requirements, focusing on ranking and scoring CoC projects.SNAPS generally performed its reviews of CoC applications and project applications in accordance with the guidance in its 2017 and 2018 CoC competition NOFAs. In addition, SNAPS generally documented the decision results for unsuccessful applicants in e-snaps. We attempted to determine whether the complaint allegations had merit but found that they either did not appear to have a material impact on the review process, were incorrect, or could not be substantiated. The report contained no recommendations.

This evaluation issued 22 recommendations to address findings in the areas of leadership, collaboration, staffing, site management, Volunteer safety and security support, and Volunteer administrative support. We did not have any findings in the areas of programming, training, or Volunteer health support.

The Federal Information Security Modernization Act (FISMA) requires annual evaluations of the information security program at each federal agency. The Department of Homeland Security and the Office of Management and Budget review the results, which are used to develop a report to Congress on agencies’ compliance with FISMA. The OIG contracted with an independent public accounting firm to assess VA’s information security program for fiscal year (FY) 2019, in accordance with FISMA. CliftonLarsonAllen LLP evaluated 49 major applications and general support systems hosted at 24 VA facilities that support the Veterans Health Administration, Veterans Benefits Administration, and National Cemetery Administration. The firm concluded that VA continues to face significant challenges meeting FISMA requirements and made 25 recommendations. It noted that all recommendations were repeated or modified from previous reports on FISMA compliance. The firm recommended that VA address security related issues that contributed to the information technology weakness reported in the FY 2019 audit of VA’s consolidated financial statements. It also recommended improving deployment of security patches, system upgrades, and system configurations that would mitigate significant security vulnerabilities and enforce a consistent process across field offices. Another recommendation was to improve performance monitoring to ensure controls are operating as intended, and to communicate identified security deficiencies to appropriate personnel. VA successfully closed three previous recommendations for FISMA compliance in FY 2019. CliftonLarsonAllen LLP will follow up on the outstanding recommendations and evaluate VA’s corrective actions during its FISMA audit for FY 2020. If VA continues to delay corrective actions, a material weakness in informational technology security controls may be reported in the FY 2020 audit of VA’s consolidated financial statements.