C O N T R O L L E D B Y U . S . D E P A R T M E N T O F H O U S I N G A N D U R B A N D E V E L O P M E N T,
OFFICE OF INSPECTOR GENERAL
U.S. DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT
OFFICE OF INSPECTOR GENERAL
OFFICE OF EVALUATION
INFORMATION TECHNOLOGY EVALUATIONS DIVISION
WASHINGTON, DC
HUD IT Modernization Report (2015-OE-0002)
HUD OIG Evaluation 2015-OE-0002
HUD OIG Office of Evaluation
T: 202-603-8410; E: OE@hudoig.gov
HUD IT Modernization Report (2015-OE-0002) | 2
Executive Summary:
2015 Evaluation of the HUD’s IT Modernization Programs
HUD IT Modernization Report (2015-OE-0002) | 3
Purpose
What HUD OIG Found
The U.S. Department of Housing and
Urban Development (HUD) relies
HUD is preparing to undergo a significant IT contract transition, has had key
heavily on information technology (IT)
personnel turnovers over the years, and needs to address program office IT legacy
to deliver and manage services. IT
management and senior leadership
systems. Therefore, it is important for HUD OCIO to develop, improve upon, and
support is key to successful IT implement crucial and strategic IT programs and policies, which were reviewed in
modernization, enterprise architecture this evaluation.
(EA), and IT capital planning and HUD had established initial elements of key IT programs and policies as a basis for
investment programs. effective IT capital planning, EA, and modernization. In our review, we identified
Our objective for this evaluation was to several strategic deficiencies within HUD:
review the implementation and maturity A HUD system development life cycle program had not been fully
of HUD’s capital planning and established: OCIO maintains many IT systems for
investment control (CPIC) process and
each program office; however, many mission
EA program, focusing on how they 85
systems are out of life cycle and require upgrades to
support HUD’s strategic plan and IT 74
modernization roadmap. To accomplish
both software and hardware. Based on data in the
our objective, we analyzed HUD’s HUD high-level systems report,1 74 of 85 critical
processes and policies, operational systems, which are operated by one or more
components, are at the end of service or support 11
practices, and program IT budget and
project data. from the vendor (figure 1). As of
TOTAL SYSTEMS REVIEWED
Feb 2014
END OF LIFE SYSTEMS
An enterprise risk management office had
Recommendations not been established: While some program offices
SYSTEMS W/IN LIFE
Figure 1, Status of major HUD systems
implement and maintain a risk management program, an OCIO-level or department-
IMPLEMENT A MISSION- wide enterprise risk management office had not been established. An independent
CRITICAL SYSTEM
DEVELOPMENT LIFE CYCLE risk management program at the department level can integrate risk management into
PROGRAM the strategic and decision-making processes that cut across the organizational layers
DEVELOP A COORDINATED EFFORT TO and reduce the practice of managing risks within functional silos or program offices.2
IMPLEMENT AN IT LIFE CYCLE REPLACEMENT
PROGRAM FOR MISSION-CRITICAL SYSTEMS At a minimum, it is recommended that the OCIO form a risk management office to
establish integration of IT systems across business segments.
DEVELOP AN IT ENTERPRISE RISK IT projects and project scopes differed between OCIO and program
MANAGEMENT OFFICE
DEVELOP AND STAFF AN OFFICE OF THE
offices: Project lists, scopes, and investments were not synchronized across OCIO
CHIEF INFORMATION OFFICER (OCIO)-LEVEL departments and program offices. We found a number of lists that were not
RISK MANAGEMENT OFFICE
synchronized, were difficult to cross-reference, and could not be used to determine
STANDARDIZE active or non-active projects and investments. Also, not all projects had been
COMMUNICATION assigned a project manager according to the lists provided. Finally, these lists did not
FINALIZE AND APPLY A STRATEGIC reconcile with the input in the electronic Capital Planning and Investment Control
COMMUNICATION PROGRAM OF IT POLICY
ACROSS OCIO & BUSINESS SEGMENTS system and IT dashboard.3
APPROVE POLICY & PROCESSES IT policies and procedures were not consistently approved or properly
communicated: Many of the HUD policies and procedures were recently updated
APPROVE AT APPROPRIATE LEVELS,
IMPLEMENT, AND DISSEMINATE POLICY & but had not been approved and signed by the appropriate senior leadership and were
PROCESSES AS INTENDED
1
HUD, HUD Enterprise Roadmap, FY2014 – Version 5.0; Exhibit K: HUD High-level Components and Technology report (February 2014)
2
IBM Center for the Business of Government, Managing Risk in Government: An Introduction to Enterprise Risk Management (2010)
3
HUD OIG Evaluation 2015-OE-0003, IT Dashboard Evaluation (January 2015)
HUD IT Modernization Report (2015-OE-0002) | 4
not fully implemented or understood across the entire user base. This condition is due in part to a lack of a
dissemination process, training, and communication between the program offices and OCIO.
HUD had effectively developed processes to operate and maintain commodity IT services and systems,
including the network infrastructure and service desk functions. However, many mission-essential IT systems
are legacy and in need of modernization or replacement. Based on U.S. Government Accountability Office
reports, interviews, and documentation reviews during this evaluation, HUD mission IT systems were found
to be duplicative and inconsistently integrated among program offices and employed antiquated technologies
that required expensive maintenance. Specific program area recommendations have been made in each section
of this report, and a consolidated list of recommendations can be found in the appendix A.
HUD IT Modernization Report (2015-OE-0002) | 5
CONTENTS
Executive Summary: 3
Background 6
Methodology and Scope 6
OCIO Strengths and Weaknesses 7
IT Modernization Roadmap 8
State of HUD’s Modernization Roadmap 8
Roadmap Status 8
HUD IT Infrastructure Contract Status 9
Program Office Review (TRACS and CHUMS) 9
TRACS 9
CHUMS 10
Data Governance 10
HUD IT Modernization Roadmap Recommendations 11
HUD Enterprise Architecture 12
HUD EA Project Status 12
EA Value Measurement 13
HUD EA Recommendations 14
HUD Capital Planning and Investment Control 15
HUD IT Budget 15
HUD CPIC Process Recommendations 16
Appendix A: Summary of Recommendations 17
Appendix B: HUD OCIO Exit Conference Briefing Comments 19
HUD OIG Comments 22
Appendix C: HUD OCIO Draft Report Comments 23
HUD OIG Comments 35
HUD IT Modernization Report (2015-OE-0002) | 6
Background
Information technology (IT) plays a critical role in HUD’s ability to carry out its mission and objectives. We
reviewed the adequacy of key IT management and modernization controls within HUD, including strategic
planning and performance measurement, enterprise architecture (EA) development and use, and
modernization within program offices. These basic IT criteria are critical to creating a successful IT
environment in HUD and are mandated by Office of Management and Budget (OMB) memorandums and
applicable Federal law. Capital planning investments must be submitted annually to Congress via Exhibit 53
and Exhibit 300 reports. Further, EA plans and modernization roadmaps must be submitted to OMB, and
regular working capital fund department progress updates must be reported to congressional committees
annually. In addition, the Federal Chief Information Officer published an IT roadmap for the Federal
Government and respective chief information officers to develop, implement, and maintain agency and
department EA programs, the capital planning and investment control (CPIC) process, and modernization
strategic planning.4 This evaluation report reviews the status of these programs within HUD.
Methodology and Scope
We performed the IT modernization evaluation to determine the effectiveness of the HUD capital planning,
EA, and IT modernization processes and programs. To address our objective, we reviewed the following:
Core HUD Office of the Chief Information Office (OCIO) functions and documentation, including
o The CPIC process,
o The EA program, and
o The IT modernization roadmap.
Applicable laws and regulations governing and directing the core functions being reviewed, such as
o The Clinger Cohen Act,
o The E-Government Act,
o OMB memorandums and circulars, and
o Other relevant Federal and department policies and guidance such as those of the U.S.
Department of Commerce.
A modernization and investment review of the following sample systems:
o The Computerized Homes Underwriting Management System (CHUMS) and
o The Tenant Rental Assistance Certification System (TRACS).
Interviews with OCIO personnel.
Previous U.S. Government and Accountability Office (GAO) reports referencing HUD’s CPIC, EA,
and IT modernization programs.
We completed our fieldwork at HUD headquarters in Washington, DC, and conducted the evaluation in
accordance with the Quality Standards for Inspections and Evaluation, issued by the Council of Inspectors
4
OCIO; Federal CIO Roadmap
HUD IT Modernization Report (2015-OE-0002) | 7
General on Integrity and Efficiency. OCIO was briefed on the draft outcome and recommendations on
February 26, 2015, and provided comments in appendix B.
OCIO Strengths and Weaknesses
During the course of the evaluation, we found the following OCIO strengths and weaknesses in relation to the
evaluation topics.
Strengths Weaknesses
•Documented modernization roadmap to improve EA •Lack of modernization project measurements
program •Lack of policy and procedure approval and understanding
•Knowledgeable new EA leadership across program offices
•Strong, positive attitude to make necessary changes •Deficient system development life cycle program
•Lack of a coordinated risk management office
•Program office interest in greater coordination with
•IT investment governance not operating according to policy
OCIO
•Program offices' lack of knowledge and understanding of
•Instances of mature commodity & enterprise services development, modernization, and enhancement planning
delivery (for example, Enterprise Service Desk) •Lack of appropriate funding plan to implement roadmap
HUD IT Modernization Report (2015-OE-0002) | 8
IT Modernization Roadmap
An effective IT modernization roadmap provides the following:
Improves the organization’s ability to effectively, efficiently, and economically leverage IT.
Increases the organization’s capability to collect, process, and make available quality data and
information to drive and support agency-wide mission and objectives.
Identifies government and industry standards and best practices to produce modernized systems that
support the agency’s mission, are transparent, and are in alignment with business models and
segments.
We found that HUD had many legacy systems and inefficiencies throughout the IT mission-critical system
inventory. Further, in the fiscal year (FY) 2014 HUD Enterprise Roadmap, HUD OCIO recognized that the
IT environment had the following challenges:5
Current state of HUD IT architecture
1. Program centric, 3. Lack of cohesiveness 5. Lack of IT standards
compliance-driven EA in IT governance for deploying systems
2. Disparate collection of 4. Complex and 6. Architecture not
data and information redundant IT integrated within IT life
investments cycle
The future state environment, as outlined in the FY 2014 HUD Enterprise Roadmap, will result in mission-
driven and customer-focused IT architecture, reduction in duplication, increased efficiency, and alignment of
IT investments with business needs. To reach the stated efficiencies, HUD must gain senior leadership’s full
support and approval of the roadmap, communicate and implement the roadmap, synchronize efforts among
the business segments, and improve measurements of the roadmap’s implementation.
State of HUD’s Modernization Roadmap
Roadmap Status
HUD OCIO had conceptually developed an IT enterprise modernization roadmap and transition plan
to achieve an efficient IT target environment but must gain support of senior HUD leaders through
the IT governance structure and continue implementation. GAO developed and recommended using
the modernization roadmap process in the GAO-12-791 report.6 HUD should continue to leverage
this process to refine the roadmap and achieve modernization that supports business needs and
enhance efficiencies through reduction of duplicative and legacy systems.
5
Exhibit N: HUD EA Self-Assessment, HUD FY 2014 Enterprise Roadmap, v 5.0. (March 28, 2014)
6
GAO, GAO-12-791 Report, Organizational Transformation: Enterprise Architecture Value Needs to Be Measures and Reported, pg. 44-45 (September 2012)
HUD IT Modernization Report (2015-OE-0002) | 9
Finally, we determined that HUD should develop a strategic approach to measure the overall
modernization effort. HUD had taken steps to define the scope and a strategy to implement
modernization projects in alignment with the HUD mission; however, HUD had not developed
comprehensive plans and measurements to determine the health and effectiveness of IT projects. For
example, the “HUD Integrated Sequencing Plan, Development, Modernization, and Enhancement
(DME) Funded Activities FY2010-2015” showed that the Affirmatively Furthering the Fair Housing
Data Mapping Tool project was to have been completed in FY 2013. However, this project appeared
in the “FY 2014 IT Expenditure Plan” as an ongoing project. Our findings for EA roadmap
implementation are consistent with the recommendations in the GAO-14-283 report.7
HUD IT Infrastructure Contract Status
The transition of HUD IT Services (HITS) to HUD Enterprise Architecture Transformation (HEAT) is
a large ongoing contract initiative within the HUD modernization roadmap. The goal of this effort is
to recompete the contract and obtain the greatest efficiencies by the service providers. The initial
target to begin the transition was FY 2012;8 however, delays have prevented the transition from
occurring as of this evaluation. The HITS contract expired in 2013, and HUD is in the second and last
year of a sole-source contract extension. The HUD FY 2013 EA policy and FY 2014 Modernization
Roadmap include a migration requirement for HITS to HEAT transition, yet HUD had not
documented a transition plan.
Program Office Review (TRACS and CHUMS)
The Tenant Rental Assistance Certification System (TRACS) and Computerized Homes Underwriting
Management System (CHUMS) were reviewed, and we determined that both were legacy and
mission-critical IT systems. We determined that the program offices did not have a clear
understanding or vision of the OCIO EA program, the modernization roadmap, or a HUD risk
management process. Modernization of these programs had not been completed; therefore, program
offices had implemented their own risk management, modernization efforts, and organizational IT
components to manage IT system functions. The OCIO modernization roadmap and the program
office transformation initiatives need to align and be coordinated to ensure implementation and
operations of systems within business segments.
TRACS TRACS legacy components
TRACS satisfies an important role in HUD’s multifamily Six of ten software platform
components require modernization.
housing program. TRACS accounts for 78 percent of all of
HUD’s housing subsidy processing ($9.8 billion). Of that 78
percent, 50 percent represents voucher payments within the Office of Multifamily Housing Programs,
and the other 50 percent is for Section 8 programs. For nearly 7 years, the TRACS program office
had requested DME funding through the capital planning process to upgrade critical systems and
7
GAO, GAO-14-283 Report, HUD’s Expenditure Plan Satisfied Statutory Conditions; Sustained Controls and Modernization Approach Needed (February 2014)
8
HUD, Working Capital Fund, Fiscal Year 2012, retrieved at http://portal.hud.gov/hudportal/documents/huddoc?id=WorkingCapFund_2012.pdf
HUD IT Modernization Report (2015-OE-0002) | 10
components. Specifically, a need for $3.5 million had been identified by the program office to
modernize critical components. TRACS had been requesting a system upgrade since fiscal year
2013. The program office for TRACS submitted an impact assessment, which stated, “TRACS has
no vendor support agreement, therefore, when the old system catastrophically fails, there is no means
to manage Housing’s rental assistance programs and/or pay subsidy payments of approximately $9.8
billion annually.” The TRACS program office was scheduled to receive the funding for DME
purposes; however, in 2013, the funding was redirected.
CHUMS CHUMS legacy components
One of two software platform
CHUMS, within the Office of Single-Family Housing, is an components requires modernization.
integral business process in HUD as a loan endorsement system
for the Federal Housing Administration. The system is outdated, and security maintenance is
impacted by legacy platforms, putting 1.5 million personally identifiable information records at risk.
CHUMS modernization was not on the OCIO FY 2014 DME list; however, it is on the OCIO FY
2015 draft spending plan for funding with conditions. According to the FY 2015 draft spending plan,
CHUMS will be reviewed for contract and hardware consolidation with other systems. CHUMS does
not have an alternative operational solution in the event of an IT component failure. CHUMS
program officials fully understand the IT modernization need and estimate the cost to be $25 million.
Our detailed review of two mission-critical applications revealed material risks to HUD. A cursory
review of other mission-critical applications revealed similar risks that need to be addressed with
proper IT modernization planning, funding of approved modernization projects, and continual IT
governance.
Data Governance
Data governance was not directly within scope of this evaluation; however, it does relate to IT
modernization efforts and, therefore, was reviewed at a strategic level. Key observations and
considerations are discussed below. Data governance is the overall management of availability,
usability, integrity, and security of the data employed in an enterprise.9 Successful implementation of
major modernization initiatives such as New Core and HEAT, while maintaining a secure
environment, require a sound data governance program. Systemic data governance issues were
revealed during this evaluation. For example, TRACS data are susceptible to quality and integrity
issues due to the implementation of four different unsupported database platforms. Data governance
within HUD is necessary to achieve a seamless interface between TRACS and New Core, which is
HUD’s initiative to replace its aging financial systems.
According to HUD’s EA documentation, the HUD Data Stewards Advisory Group and the EA
program officials had conducted studies in 2012-2013 of HUD’s data management practices. The
studies identified a number of data governance deficiencies. HUD also recognized that OMB
Memorandum M-13-13, Open Data Policy – Managing Information as an Asset, required actions and
improvements to data management practices. Improvements in the program will be key to
modernization success. The following recommendations can improve the HUD data governance
9
TechTarget definition of “data governance”
HUD IT Modernization Report (2015-OE-0002) | 11
program:
Support the Data Stewards Advisory Group: The Data Stewards Advisory Group should
meet regularly with attendance from HUD and business segment leadership to develop a data
management strategy.
Review and fix data accuracy: OCFO should identify the system data owners and develop a
plan to clean and consolidate data before migrations.
Continue and finalize the master data management and enterprise data modeling projects:
OCFO should devote personnel resources to these projects to define data redundancy, quality,
and integrity issues before transition of modernization projects (for example, HEAT, TRACS)
or other IT migrations.
HUD IT Modernization Roadmap Recommendations
1. Formalize and fully implement segment governance: As noted in the EA documentation,
segment governance had not been formally established.10 This condition limits the ability for
senior departmental and segment leadership to make consistent decisions across segments to
create financial, business, and IT efficiencies.
2. Develop and finalize the IT infrastructure services contract migration plan: OCIO is
working to finalize the HEAT migration plan but should include the program offices and
segments in the development of the plan. In addition, the HUD EA document should be
updated to align with the adopted HEAT plan.
3. Implement project health assessments to measure the effectiveness of IT project planning
and execution: HUD had developed project scope, implementation strategy, schedule, and
related goals in the modernization roadmap and FY 2014 IT Expenditure Plan. However,
measurements need to be developed to define the health and status of the modernization
projects. This is consistent with recommendations from the GAO-14-283 report. This
recommendation also applies to the CPIC process.
10
HUD, HUD Enterprise Roadmap, FY2014 – Version 5.0 (March 28, 2014)
HUD IT Modernization Report (2015-OE-0002) | 12
HUD Enterprise Architecture
We found that the HUD EA program was Enterprise architecture adds value to business
gradually progressing, and a critical lead EA The value of employing an EA program and outcome
measurements are realized cost savings through consolidation
position was filled in 2014. HUD had drafted both and reuse of shared services and elimination of antiquated and
an EA policy and EA roadmap as recommended by redundant mission operations, enhancing information sharing
GAO in 2012,11 and had made improvements in the through data standardization and system integration, and
optimizing service delivery through streamlining and normalizing
EA program since GAO began citing issues business processes and mission operations.
starting in 2009.
Based on the HUD EA Division’s self-assessment and our evaluation, we agree that the EA program, using
the GAO EA Maturity Model Framework, is at stage (level) 2 as shown in figure 2. Although HUD was
improving the overall EA program and
continuing to make progress, HUD OCIO
needs to continue implementing the EA
strategies and projects set forth in the
HUD EA roadmap.12 In addition, the
HUD FY 2013 target EA policy from
November 2012 requires an update and Figure 2. HUD EA Maturity Model Assessment Level
review, incorporating the latest OCIO goals and objectives, project updates, and formating corrections.
HUD EA Project Status
The HUD EA program tracks all DME of systems and major IT projects. To assist with managing IT projects
and IT modernization efforts, HUD OCIO employs an enterprise Project Management Office (ePMO). The
ePMO is in the process of implementing a project health assessment to identify underperforming projects in
the IT portfolio. However, at the time of this evaluation, neither initiative had been fully implemented or
documented, resulting in ad hoc project management across the program offices and hindering HUD’s ability
to identify underperforming projects. The following processes are required by HUD OCIO to fully implement
and mature the ePMO.13
Define and institutionalize the right technical tools to perform
Provide employee training ePMO functions
Develop, finalize, and communicate the ePMO processes Define and fill ePMO positions
& procedures (in coordination with the CPIC process, Develop and execute a strategic communications plan to gain
EA program & roadmap) leadership and program office or segment buy-in
We found a number of active IT investment and project lists in HUD OCIO that were inconsistent or did not
11
GAO, GAO-12-791 Report, Organizational Transformation: EA Value Needs to Be Measures and Reported, pg. 10 (September 2012)
12
When properly managed, EA can help optimize the relationships among an organization’s business operations and the IT infrastructure and
applications supporting them.
13
HUD OCIO, Executive Status Briefing Enterprise Program Management Division: ePMO (November 2014)
HUD IT Modernization Report (2015-OE-0002) | 13
reflect the data in the EA roadmap. Figure 3 shows a partial example of two lists with differing data for two
active investments. Two organizational components within OCIO (ePMO and the Information Technology
Investment Management office) maintain IT project lists for major IT investments; however, they did not
agree. We recommend that these lists be reconciled into one authoritative list and approved in accordance
with the HUD IT governance framework.14 We identified a third list, Exhibit E, HUD Project Information
Report, from the FY 2014 HUD Enterprise Roadmap as the most comprehensive project list. The Exhibit E
list assessed the compatibility for the project to follow the HUD enterprise roadmap and support the business
strategy. Adopting this list for all OCIO entities as the authoritative project list would ensure consistency and
be a beneficial step in coordinating projects across the agency.
Figure 3. Example HUD Investment Lists
EA Value Measurement
OMB provides guidance through the Federal Enterprise Architecture program for developing EA value
measurement programs. Agencies are required to measure enterprise architecture strategic mission value
(outcomes and benefits) by means of an EA value measurement plan. This plan is intended to establish
enterprise outcomes and a documented method of metrics that are measureable, meaningful, repeatable,
actionable, and aligned with HUD’s enterprise architecture strategic goals. In addition, the measurements
should periodically measure and report the enterprise architecture and roadmap outcomes and benefits.
According to GAO, HUD had completed this report for FY 2011 but had not established goals for reducing
redundancy or updating legacy systems.15 HUD submitted to OMB an FY 2013 EA value measurement
report, but we found that a number of measurements were incomplete, reducing HUD’s ability to make
strategic decisions and implement the IT target environment. The agency is required to establish and
determine a way to measure the agency EA program through self-assessments and EA value measurement
reports.
14
Found in HUD OCIO, Information Technology Management Framework and Governance Concept of Operations, v 2.0. (June 2011)
15
GAO, GAO-12-791 Report, Organizational Transformation: Enterprise Architecture Value Needs to Be Measured and Reported, pg. 44-45
(September 2012)
HUD IT Modernization Report (2015-OE-0002) | 14
HUD EA Recommendations
1. Validate the accuracy of IT investment lists by segment and the associated projects and ensure
alignment with EA strategy: Leveraging the IT governance structure,16 OCIO should develop a
consolidated project list by IT investment that is aligned to the EA and enterprise roadmap strategy.
2. Define and assess measurements in a yearly EA value measurement report in accordance with
OMB EA framework guidance:17 These measures provide input to senior leadership on the status of
efficiencies that EA has created for the agency. Value measurement reports should be part of the
yearly agency enterprise roadmap submission to OMB. The HUD EA value measurement report
should include targets for the following measurements:
Category Inventory-outcome Area of measurement Measurement indicator
Completeness % of IT investments going through the investment review board
Spending System inventories
that have been reviewed by the EA team
Accuracy % of IT investments approved by the investment review board
Spending System inventories
aligned to the target architecture
Spending Outcomes Cost savings-avoidance # of duplicative or overlapping investments
Systems Outcomes Cost savings-avoidance # of dollars saved or how the EA program contributes in cost
savings through system consolidation
Services System inventories Accuracy % of agency services that are up to date and accurate
Services Outcomes Reduction of duplication # of duplicate services EA helped identify
Security Outcome Reduction of duplication # of duplicate security implementations EA helped identify
16
The HUD IT governance structure is a structure that “empowers business areas to influence IT strategic priorities and ensure
that all portfolio & project activities align with mission area needs.” It can be found in the FY 2013 EA document and the
Information Technology Management Framework and Governance Concept of Operations.
17
Value measurement reports should be included as part of yearly enterprise roadmap submissions to OMB according to OMB
memorandum, Increasing Shared Approaches to Information Technology Services, dated May 2, 2012; the OMB Common
Approach to Federal Enterprise Architecture; and GAO report GAO-12-791.
HUD IT Modernization Report (2015-OE-0002) | 15
HUD Capital Planning and Investment Control
We found that HUD had a documented CPIC process that generally included elements of an effective IT
investment management process. However, HUD lacked measurements and automated methods for tracking
the IT portfolio (IT investments and projects). HUD was unable to identify underperforming projects or
whether the investments had created cost-saving or operational efficiencies. HUD is in the process of
implementing Project Health Assessments (PHA) through the enterprise project management office to address
the identification of underperforming projects. However, as of this report, OIG has not seen evidence of the
PHA implementation. In the 2015 appropriations bill, the committee requested that HUD provide “details
regarding HUD’s portfolio of IT investments and the status of the Department’s efforts in applying IT
management controls.”18 The bill also “strongly urges HUD establish a true working capital fund” with a cost-
accounting structure to appropriately allocate charges to offices for services consumed. Our findings were
consistent with the issues identified in the GAO report, GAO-15-56.19
The following adjustments would improve HUD’s CPIC processes:
Establish a process to assess IT projects and identify underperformance;
Establish criteria for determining large and small IT investments;
Conduct meetings in accordance with the IT governance policy, such as the Executive Investment
Board;
Align investment decisions with business segments and a departmental strategy; and
Transition to HUDPlus from manual spreadsheets for tracking IT projects.
HUD IT Budget
HUD’s primary IT funding consisted of direct appropriations HUD IT funding
for IT as well as program office sources. HUD had not
$461
established a working capital fund as recommended by the
appropriations committee in the 2015 appropriations bill. $350 HUD IT budget
In Millions
$353 $294
Since 2012, the majority of the IT budget had been dedicated $265
$270 $277 $256 HUD DME
to operations and maintenance and not committed to DME budget
and modernization. HUD’s IT budget had decreased over the $66.3
HUD O&M
budget
last 3 fiscal years, and the IT DME budget had decreased in $0.2 $24.2 $15.9
FY 2015 (figure 4). The overall IT budget across the Federal FY 2012 FY 2013 FY 2014 FY 2015
Government had decreased 0.23 percent (excluding the Figure 4, HUD IT & IT DME budget
18
House of Representatives, Report 113: Departments of Transportation, and Housing and Urban Development, and Related Agencies
Appropriations Bill, 2015
19
GAO, GAO-15-56 Report, HUD Can Take Additional Actions to Improve Its Governance (December 2014)
HUD IT Modernization Report (2015-OE-0002) | 16
Department of Defense),
HUD’s future IT budget will require ongoing operations and maintenance funding for IT
while HUD’s IT budget
systems, while likely needing an increase in budget to modernize the legacy systems in
the HUD infrastructure. had decreased 2.97
percent from FY 2014 to
FY 2015, according to the
20
FY 2015 IT Federal budget. However, 15 major Federal agencies saw an increase in their IT budgets for FY
2015. Furthermore, HUD’s IT budget decreased an overall 12.8 percent from FY 2012 to FY 2014 while
decreasing a staggering 36 percent from FY 2013 to FY 2014 alone. HUD’s future IT budget will require
ongoing operations and maintenance funding for IT systems, while likely needing an increased budget to
modernize a large number of legacy systems in the HUD infrastructure. For HUD to fully implement the
OCIO modernization roadmap and improve efficiencies and realize cost reductions, it must have a viable
enterprise strategic approach, be properly budgeted, develop attainable EA measurements, further develop
data governance, and disseminate CPIC process guidance to program offices.
HUD CPIC Process Recommendations
1. Fully develop, approve at appropriate levels, and disseminate current CPIC process policies and
procedures: CPIC process policies and procedures had not been approved or disseminated to program
offices.
2. Ensure that the Executive Investment Board meets in accordance with IT governance policy
(related to recommendation from GAO-15-56): OCIO should ensure that the Executive Investment
Board meets as outlined in its charter and the HUD IT governance policy and distributes its decisions
to appropriate stakeholders.
3. Implement HUDPlus: OCIO should finalize the implementation of HUDPlus to automate, track, and
analyze the IT investment submissions and requirements.
4. Provide CPIC training to all stakeholders to ensure program consistency and effectiveness across
all program offices: OCIO should conduct training for all intended users before and upon
implementation of the latest CPIC guidance.
20
OMB, President’s Fiscal Year 2015 IT Budget of the U.S. Government (2015)
HUD IT Modernization Report (2015-OE-0002) | 17
Appendix A: Summary of Recommendations
Report Number Recommendation Status
Overall IT modernization recommendations
IT Modernization 1. Develop a coordinated mission-critical system development life
2015-OE-0002 cycle replacement program for mission-critical systems.
IT Modernization 2. Develop and staff a risk management office at the OCIO level to
2015-OE-0002 manage department-wide information system risk management.
IT Modernization 3. Finalize, apply, and strategically communicate all standard IT
2015-OE-0002 policy across OCIO and the program offices to ensure that there is a
common understanding of the modernization, EA, and CPIC
policies.
IT Modernization 4. Approve at appropriate levels, Implement, and disseminate policy
2015-OE-0002 & processes as intended.
IT modernization roadmap recommendation
IT Modernization 5. Formalize and fully implement segment governance.
2015-OE-0002
IT Modernization 6. Develop and finalize the IT infrastructure services contract
2015-OE-0002 migration plan.
Related to GAO- 7. Implement project health assessments to measure the
14-283 Report effectiveness of IT project planning and execution.
Enterprise architecture recommendation
HUD IT Modernization Report (2015-OE-0002) | 18
IT Modernization 8. Validate the accuracy of IT investment lists by segment and the
2015-OE-0002 associated projects and ensure alignment with EA strategy.
IT Modernization 9. Define and assess measurements in a yearly EA value
2015-OE-0002 measurement report in accordance with OMB EA framework
guidance.
IT capital planning and investment control process recommendations
IT Modernization 10. Fully develop, approve at appropriate levels, and disseminate
2015-OE-0002 current CPIC process policies and procedures.
Related to GAO- 11. Ensure that the Executive Investment Board meets in accordance
15-56 Report with IT governance policy (related to recommendation from GAO-
15-56).
IT Modernization 12. Implement HUDPlus to automate, track, and analyze the IT
2015-OE-0002 investment submissions and requirements.
IT Modernization 13. Provide CPIC training to all stakeholders to ensure program
2015-OE-0002 consistency and effectiveness across all program offices.
HUD IT Modernization Report (2015-OE-0002) | 19
Appendix B: HUD OCIO Exit Conference Briefing Comments
Note: HUD OIG
comments
supplementing HUD
OCIO’s responses appear
at the end of this
appendix.
HUD IT Modernization Report (2015-OE-0002) | 20
See HUD OIG comment 1.
HUD IT Modernization Report (2015-OE-0002) | 21
See HUD OIG comment 2.
HUD IT Modernization Report (2015-OE-0002) | 22
HUD OIG Comments
The following are HUD OIG’s responses to HUD OCIO’s comments, dated March 27, 2015.
1. We recognize that OCIO EA is improving and making progress in developing a consolidated and
consistent IT modernization plan. In addition, OCIO recently filled a key EA vacancy with a qualified
and experienced individual. Work will need to continue, specifically in developing a strategic plan to
communicate OCIO initiatives across all business segments and to gain senior leadership support of
the modernization plan and required funding to pay for a simplified and scalable architecture.
Regarding HUD OCIO’s comment requesting more understanding of the measurement, stating “% of
Agency services that are up to date and accurate,” we are looking for a measure that displays program
office applications or services in need of modernization due to a lack of vender or contract support in
hardware, software, or other technical deficiencies. As programs or services are modernized, this
measure would show the benefits of a sufficiently funded EA modernization roadmap.
2. We revised our report to reflect this comment. See the HUD EA Project Status section.
HUD IT Modernization Report (2015-OE-0002) | 23
Appendix C: HUD OCIO Draft Report Comments
Note: HUD OIG
comments
supplementing HUD
OCIO’s responses appear
at the end of this
appendix.
See HUD OIG comment 1.
HUD IT Modernization Report (2015-OE-0002) | 24
See HUD OIG comment 1.
HUD IT Modernization Report (2015-OE-0002) | 25
See HUD OIG comment 1.
See HUD OIG comment 1.
See HUD OIG comment 1.
See HUD OIG comment 1.
HUD IT Modernization Report (2015-OE-0002) | 26
See HUD OIG comment 1.
HUD IT Modernization Report (2015-OE-0002) | 27
HUD IT Modernization Report (2015-OE-0002) | 28
See HUD OIG comment 1.
HUD IT Modernization Report (2015-OE-0002) | 29
See HUD OIG comment 1.
HUD IT Modernization Report (2015-OE-0002) | 30
HUD IT Modernization Report (2015-OE-0002) | 31
See HUD OIG comment 1.
See HUD OIG comment 2.
See HUD OIG comment 1.
HUD IT Modernization Report (2015-OE-0002) | 32
See HUD OIG comment 1.
HUD IT Modernization Report (2015-OE-0002) | 33
See HUD OIG comment 3.
HUD IT Modernization Report (2015-OE-0002) | 34
See HUD OIG comment 1.
HUD IT Modernization Report (2015-OE-0002) | 35
HUD OIG Comments
The following are HUD OIG’s responses to HUD OCIO’s comments, provided September 25, 2015.
1. We recognize that OCIO is continually improving and developing plans for IT modernization
initiatives. For example, OCIO developed a new HUD 2015 Enterprise Roadmap between this report
and receiving OCIO comments in addition to the initiatives documented in these provided comments.
Continued effort, senior leadership support, and resources will be essential to implement and maintain
the initiatives laid out by the OCIO in the provided comments.
2. Although this comment explains the practicing Executive Investment Board (EIB) process, it does not
reflect the documented policy, which is the reason for the recommendation. The intended outcomes
identified in the IT governance policy may be met but there was no evidence of those EIB outcomes
such as meeting notes or minutes. Further, per the IT Governance policy, investment recommendations
are submitted to the EIB from subcommittees, in particular the Customer Care Committee (CCC). It
may be challenging to make collective strategic decisions on the IT investment portfolio if the EIB
does not meet on a regular or on an as-needed basis.
3. We revised our report to reflect this comment and provided artifact. See the HUD EA section.
HUD Information Technology (IT) Modernization Report
Published by the Department of Housing and Urban Development, Office of Inspector General on 2015-09-30.
Below is a raw (and likely hideous) rendition of the original report. (PDF)