oversight

HUD Information Technology (IT) Modernization Report

Published by the Department of Housing and Urban Development, Office of Inspector General on 2015-09-30.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

        C O N T R O L L E D B Y U . S . D E P A R T M E N T O F H O U S I N G A N D U R B A N D E V E L O P M E N T,
                                          OFFICE OF INSPECTOR GENERAL




U.S. DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT
OFFICE OF INSPECTOR GENERAL
OFFICE OF EVALUATION
INFORMATION TECHNOLOGY EVALUATIONS DIVISION
WASHINGTON, DC




   HUD IT Modernization Report (2015-OE-0002)
                                         HUD OIG Evaluation 2015-OE-0002



                                                   HUD OIG Office of Evaluation
                                             T: 202-603-8410; E: OE@hudoig.gov
HUD IT Modernization Report (2015-OE-0002) | 2
                                           Executive Summary:
                                2015 Evaluation of the HUD’s IT Modernization Programs
                                                                                                  HUD IT Modernization Report (2015-OE-0002) | 3


                Purpose
                                   What HUD OIG Found
The U.S. Department of Housing and
Urban Development (HUD) relies
                                           HUD is preparing to undergo a significant IT contract transition, has had key
heavily on information technology (IT)
                                           personnel turnovers over the years, and needs to address program office IT legacy
to deliver and manage services. IT
management and senior leadership
                                           systems. Therefore, it is important for HUD OCIO to develop, improve upon, and
support is key to successful IT            implement crucial and strategic IT programs and policies, which were reviewed in
modernization, enterprise architecture     this evaluation.
(EA), and IT capital planning and          HUD had established initial elements of key IT programs and policies as a basis for
investment programs.                       effective IT capital planning, EA, and modernization. In our review, we identified
Our objective for this evaluation was to   several strategic deficiencies within HUD:
review the implementation and maturity            A HUD system development life cycle program had not been fully
of HUD’s capital planning and              established: OCIO maintains many IT systems for
investment control (CPIC) process and
                                           each program office; however, many mission
EA program, focusing on how they                                                                           85
                                           systems are out of life cycle and require upgrades to
support HUD’s strategic plan and IT                                                                                              74
modernization roadmap. To accomplish
                                           both software and hardware. Based on data in the
our objective, we analyzed HUD’s           HUD high-level systems report,1 74 of 85 critical
processes and policies, operational        systems, which are operated by one or more
                                           components, are at the end of service or support                                                 11
practices, and program IT budget and
project data.                              from the vendor (figure 1).                                                As of
                                                                                                     TOTAL SYSTEMS REVIEWED
                                                                                                                            Feb 2014
                                                                                                                                  END OF LIFE SYSTEMS
                                                  An enterprise risk management office had
     Recommendations                       not been established: While some program offices
                                                                                                     SYSTEMS W/IN LIFE
                                                                                                        Figure 1, Status of major HUD systems
                
                                           implement and maintain a risk management program, an OCIO-level or department-
 IMPLEMENT A MISSION-                     wide enterprise risk management office had not been established. An independent
   CRITICAL SYSTEM
   DEVELOPMENT LIFE CYCLE                  risk management program at the department level can integrate risk management into
   PROGRAM                                 the strategic and decision-making processes that cut across the organizational layers
 DEVELOP A COORDINATED EFFORT TO           and reduce the practice of managing risks within functional silos or program offices.2
 IMPLEMENT AN IT LIFE CYCLE REPLACEMENT
 PROGRAM FOR MISSION-CRITICAL SYSTEMS      At a minimum, it is recommended that the OCIO form a risk management office to
                                           establish integration of IT systems across business segments.
 DEVELOP AN IT ENTERPRISE RISK                   IT projects and project scopes differed between OCIO and program
   MANAGEMENT OFFICE
 DEVELOP AND STAFF AN OFFICE OF THE
                                           offices: Project lists, scopes, and investments were not synchronized across OCIO
 CHIEF INFORMATION OFFICER (OCIO)-LEVEL    departments and program offices. We found a number of lists that were not
 RISK MANAGEMENT OFFICE
                                           synchronized, were difficult to cross-reference, and could not be used to determine
 STANDARDIZE                              active or non-active projects and investments. Also, not all projects had been
   COMMUNICATION                           assigned a project manager according to the lists provided. Finally, these lists did not
 FINALIZE AND APPLY A STRATEGIC            reconcile with the input in the electronic Capital Planning and Investment Control
 COMMUNICATION PROGRAM OF IT POLICY
 ACROSS OCIO & BUSINESS SEGMENTS           system and IT dashboard.3
 APPROVE POLICY & PROCESSES                      IT policies and procedures were not consistently approved or properly
                                           communicated: Many of the HUD policies and procedures were recently updated
 APPROVE AT APPROPRIATE LEVELS,
 IMPLEMENT, AND DISSEMINATE POLICY &       but had not been approved and signed by the appropriate senior leadership and were
 PROCESSES AS INTENDED


            1
              HUD, HUD Enterprise Roadmap, FY2014 – Version 5.0; Exhibit K: HUD High-level Components and Technology report (February 2014)
            2
              IBM Center for the Business of Government, Managing Risk in Government: An Introduction to Enterprise Risk Management (2010)
            3
              HUD OIG Evaluation 2015-OE-0003, IT Dashboard Evaluation (January 2015)
                                                                      HUD IT Modernization Report (2015-OE-0002) | 4




  not fully implemented or understood across the entire user base. This condition is due in part to a lack of a
  dissemination process, training, and communication between the program offices and OCIO.
HUD had effectively developed processes to operate and maintain commodity IT services and systems,
including the network infrastructure and service desk functions. However, many mission-essential IT systems
are legacy and in need of modernization or replacement. Based on U.S. Government Accountability Office
reports, interviews, and documentation reviews during this evaluation, HUD mission IT systems were found
to be duplicative and inconsistently integrated among program offices and employed antiquated technologies
that required expensive maintenance. Specific program area recommendations have been made in each section
of this report, and a consolidated list of recommendations can be found in the appendix A.
                                                     HUD IT Modernization Report (2015-OE-0002) | 5




CONTENTS
Executive Summary:                                                                     3
Background                                                                             6
Methodology and Scope                                                                  6
OCIO Strengths and Weaknesses                                                          7
IT Modernization Roadmap                                                               8
 State of HUD’s Modernization Roadmap                                                  8
   Roadmap Status                                                                      8
   HUD IT Infrastructure Contract Status                                               9
 Program Office Review (TRACS and CHUMS)                                               9
   TRACS                                                                               9
   CHUMS                                                                              10
 Data Governance                                                                      10
 HUD IT Modernization Roadmap Recommendations                                         11
HUD Enterprise Architecture                                                          12
 HUD EA Project Status                                                                12
 EA Value Measurement                                                                 13
 HUD EA Recommendations                                                               14
HUD Capital Planning and Investment Control                                          15
 HUD IT Budget                                                                        15
 HUD CPIC Process Recommendations                                                     16
Appendix A: Summary of Recommendations                                               17
Appendix B: HUD OCIO Exit Conference Briefing Comments                               19
 HUD OIG Comments                                                                     22
Appendix C: HUD OCIO Draft Report Comments                                           23
 HUD OIG Comments                                                                     35
                                                                      HUD IT Modernization Report (2015-OE-0002) | 6




Background
Information technology (IT) plays a critical role in HUD’s ability to carry out its mission and objectives. We
reviewed the adequacy of key IT management and modernization controls within HUD, including strategic
planning and performance measurement, enterprise architecture (EA) development and use, and
modernization within program offices. These basic IT criteria are critical to creating a successful IT
environment in HUD and are mandated by Office of Management and Budget (OMB) memorandums and
applicable Federal law. Capital planning investments must be submitted annually to Congress via Exhibit 53
and Exhibit 300 reports. Further, EA plans and modernization roadmaps must be submitted to OMB, and
regular working capital fund department progress updates must be reported to congressional committees
annually. In addition, the Federal Chief Information Officer published an IT roadmap for the Federal
Government and respective chief information officers to develop, implement, and maintain agency and
department EA programs, the capital planning and investment control (CPIC) process, and modernization
strategic planning.4 This evaluation report reviews the status of these programs within HUD.

Methodology and Scope
We performed the IT modernization evaluation to determine the effectiveness of the HUD capital planning,
EA, and IT modernization processes and programs. To address our objective, we reviewed the following:

         Core HUD Office of the Chief Information Office (OCIO) functions and documentation, including
              o The CPIC process,
              o The EA program, and
              o The IT modernization roadmap.
         Applicable laws and regulations governing and directing the core functions being reviewed, such as
              o The Clinger Cohen Act,
              o The E-Government Act,
              o OMB memorandums and circulars, and
              o Other relevant Federal and department policies and guidance such as those of the U.S.
                  Department of Commerce.
         A modernization and investment review of the following sample systems:
              o The Computerized Homes Underwriting Management System (CHUMS) and
              o The Tenant Rental Assistance Certification System (TRACS).
         Interviews with OCIO personnel.
         Previous U.S. Government and Accountability Office (GAO) reports referencing HUD’s CPIC, EA,
          and IT modernization programs.
We completed our fieldwork at HUD headquarters in Washington, DC, and conducted the evaluation in
accordance with the Quality Standards for Inspections and Evaluation, issued by the Council of Inspectors

4
    OCIO; Federal CIO Roadmap
                                                                        HUD IT Modernization Report (2015-OE-0002) | 7




General on Integrity and Efficiency. OCIO was briefed on the draft outcome and recommendations on
February 26, 2015, and provided comments in appendix B.

OCIO Strengths and Weaknesses
During the course of the evaluation, we found the following OCIO strengths and weaknesses in relation to the
evaluation topics.
Strengths                                               Weaknesses
•Documented modernization roadmap to improve EA         •Lack of modernization project measurements
 program                                                •Lack of policy and procedure approval and understanding
•Knowledgeable new EA leadership                         across program offices
•Strong, positive attitude to make necessary changes    •Deficient system development life cycle program
                                                        •Lack of a coordinated risk management office
•Program office interest in greater coordination with
                                                        •IT investment governance not operating according to policy
 OCIO
                                                        •Program offices' lack of knowledge and understanding of
•Instances of mature commodity & enterprise services     development, modernization, and enhancement planning
 delivery (for example, Enterprise Service Desk)        •Lack of appropriate funding plan to implement roadmap
                                                                                                  HUD IT Modernization Report (2015-OE-0002) | 8




IT Modernization Roadmap
An effective IT modernization roadmap provides the following:

           Improves the organization’s ability to effectively, efficiently, and economically leverage IT.
           Increases the organization’s capability to collect, process, and make available quality data and
            information to drive and support agency-wide mission and objectives.
           Identifies government and industry standards and best practices to produce modernized systems that
            support the agency’s mission, are transparent, and are in alignment with business models and
            segments.

We found that HUD had many legacy systems and inefficiencies throughout the IT mission-critical system
inventory. Further, in the fiscal year (FY) 2014 HUD Enterprise Roadmap, HUD OCIO recognized that the
IT environment had the following challenges:5
                                                 Current state of HUD IT architecture
                      1. Program centric,                   3. Lack of cohesiveness               5. Lack of IT standards
                     compliance-driven EA                       in IT governance                  for deploying systems

                    2. Disparate collection of                  4. Complex and                     6. Architecture not
                      data and information                       redundant IT                    integrated within IT life
                                                                  investments                             cycle

The future state environment, as outlined in the FY 2014 HUD Enterprise Roadmap, will result in mission-
driven and customer-focused IT architecture, reduction in duplication, increased efficiency, and alignment of
IT investments with business needs. To reach the stated efficiencies, HUD must gain senior leadership’s full
support and approval of the roadmap, communicate and implement the roadmap, synchronize efforts among
the business segments, and improve measurements of the roadmap’s implementation.

State of HUD’s Modernization Roadmap
Roadmap Status
HUD OCIO had conceptually developed an IT enterprise modernization roadmap and transition plan
to achieve an efficient IT target environment but must gain support of senior HUD leaders through
the IT governance structure and continue implementation. GAO developed and recommended using
the modernization roadmap process in the GAO-12-791 report.6 HUD should continue to leverage
this process to refine the roadmap and achieve modernization that supports business needs and
enhance efficiencies through reduction of duplicative and legacy systems.


5
    Exhibit N: HUD EA Self-Assessment, HUD FY 2014 Enterprise Roadmap, v 5.0. (March 28, 2014)
6
    GAO, GAO-12-791 Report, Organizational Transformation: Enterprise Architecture Value Needs to Be Measures and Reported, pg. 44-45 (September 2012)
                                                                                                  HUD IT Modernization Report (2015-OE-0002) | 9




Finally, we determined that HUD should develop a strategic approach to measure the overall
modernization effort. HUD had taken steps to define the scope and a strategy to implement
modernization projects in alignment with the HUD mission; however, HUD had not developed
comprehensive plans and measurements to determine the health and effectiveness of IT projects. For
example, the “HUD Integrated Sequencing Plan, Development, Modernization, and Enhancement
(DME) Funded Activities FY2010-2015” showed that the Affirmatively Furthering the Fair Housing
Data Mapping Tool project was to have been completed in FY 2013. However, this project appeared
in the “FY 2014 IT Expenditure Plan” as an ongoing project. Our findings for EA roadmap
implementation are consistent with the recommendations in the GAO-14-283 report.7

HUD IT Infrastructure Contract Status
The transition of HUD IT Services (HITS) to HUD Enterprise Architecture Transformation (HEAT) is
a large ongoing contract initiative within the HUD modernization roadmap. The goal of this effort is
to recompete the contract and obtain the greatest efficiencies by the service providers. The initial
target to begin the transition was FY 2012;8 however, delays have prevented the transition from
occurring as of this evaluation. The HITS contract expired in 2013, and HUD is in the second and last
year of a sole-source contract extension. The HUD FY 2013 EA policy and FY 2014 Modernization
Roadmap include a migration requirement for HITS to HEAT transition, yet HUD had not
documented a transition plan.


Program Office Review (TRACS and CHUMS)
The Tenant Rental Assistance Certification System (TRACS) and Computerized Homes Underwriting
Management System (CHUMS) were reviewed, and we determined that both were legacy and
mission-critical IT systems. We determined that the program offices did not have a clear
understanding or vision of the OCIO EA program, the modernization roadmap, or a HUD risk
management process. Modernization of these programs had not been completed; therefore, program
offices had implemented their own risk management, modernization efforts, and organizational IT
components to manage IT system functions. The OCIO modernization roadmap and the program
office transformation initiatives need to align and be coordinated to ensure implementation and
operations of systems within business segments.
TRACS                                                                                                    TRACS legacy components

TRACS satisfies an important role in HUD’s multifamily                     Six of ten software platform
                                                                        components require modernization.
housing program. TRACS accounts for 78 percent of all of
HUD’s housing subsidy processing ($9.8 billion). Of that 78
percent, 50 percent represents voucher payments within the Office of Multifamily Housing Programs,
and the other 50 percent is for Section 8 programs. For nearly 7 years, the TRACS program office
had requested DME funding through the capital planning process to upgrade critical systems and

7
    GAO, GAO-14-283 Report, HUD’s Expenditure Plan Satisfied Statutory Conditions; Sustained Controls and Modernization Approach Needed (February 2014)
8
    HUD, Working Capital Fund, Fiscal Year 2012, retrieved at http://portal.hud.gov/hudportal/documents/huddoc?id=WorkingCapFund_2012.pdf
                                                                      HUD IT Modernization Report (2015-OE-0002) | 10




components. Specifically, a need for $3.5 million had been identified by the program office to
modernize critical components. TRACS had been requesting a system upgrade since fiscal year
2013. The program office for TRACS submitted an impact assessment, which stated, “TRACS has
no vendor support agreement, therefore, when the old system catastrophically fails, there is no means
to manage Housing’s rental assistance programs and/or pay subsidy payments of approximately $9.8
billion annually.” The TRACS program office was scheduled to receive the funding for DME
purposes; however, in 2013, the funding was redirected.
CHUMS                                                                       CHUMS legacy components

                                                                           One of two software platform
CHUMS, within the Office of Single-Family Housing, is an               components requires modernization.
integral business process in HUD as a loan endorsement system
for the Federal Housing Administration. The system is outdated, and security maintenance is
impacted by legacy platforms, putting 1.5 million personally identifiable information records at risk.
CHUMS modernization was not on the OCIO FY 2014 DME list; however, it is on the OCIO FY
2015 draft spending plan for funding with conditions. According to the FY 2015 draft spending plan,
CHUMS will be reviewed for contract and hardware consolidation with other systems. CHUMS does
not have an alternative operational solution in the event of an IT component failure. CHUMS
program officials fully understand the IT modernization need and estimate the cost to be $25 million.
Our detailed review of two mission-critical applications revealed material risks to HUD. A cursory
review of other mission-critical applications revealed similar risks that need to be addressed with
proper IT modernization planning, funding of approved modernization projects, and continual IT
governance.

Data Governance
Data governance was not directly within scope of this evaluation; however, it does relate to IT
modernization efforts and, therefore, was reviewed at a strategic level. Key observations and
considerations are discussed below. Data governance is the overall management of availability,
usability, integrity, and security of the data employed in an enterprise.9 Successful implementation of
major modernization initiatives such as New Core and HEAT, while maintaining a secure
environment, require a sound data governance program. Systemic data governance issues were
revealed during this evaluation. For example, TRACS data are susceptible to quality and integrity
issues due to the implementation of four different unsupported database platforms. Data governance
within HUD is necessary to achieve a seamless interface between TRACS and New Core, which is
HUD’s initiative to replace its aging financial systems.
According to HUD’s EA documentation, the HUD Data Stewards Advisory Group and the EA
program officials had conducted studies in 2012-2013 of HUD’s data management practices. The
studies identified a number of data governance deficiencies. HUD also recognized that OMB
Memorandum M-13-13, Open Data Policy – Managing Information as an Asset, required actions and
improvements to data management practices. Improvements in the program will be key to
modernization success. The following recommendations can improve the HUD data governance

9
    TechTarget definition of “data governance”
                                                                          HUD IT Modernization Report (2015-OE-0002) | 11




program:
          Support the Data Stewards Advisory Group: The Data Stewards Advisory Group should
           meet regularly with attendance from HUD and business segment leadership to develop a data
           management strategy.
          Review and fix data accuracy: OCFO should identify the system data owners and develop a
           plan to clean and consolidate data before migrations.
          Continue and finalize the master data management and enterprise data modeling projects:
           OCFO should devote personnel resources to these projects to define data redundancy, quality,
           and integrity issues before transition of modernization projects (for example, HEAT, TRACS)
           or other IT migrations.

HUD IT Modernization Roadmap Recommendations
       1. Formalize and fully implement segment governance: As noted in the EA documentation,
          segment governance had not been formally established.10 This condition limits the ability for
          senior departmental and segment leadership to make consistent decisions across segments to
          create financial, business, and IT efficiencies.
       2. Develop and finalize the IT infrastructure services contract migration plan: OCIO is
          working to finalize the HEAT migration plan but should include the program offices and
          segments in the development of the plan. In addition, the HUD EA document should be
          updated to align with the adopted HEAT plan.
       3. Implement project health assessments to measure the effectiveness of IT project planning
          and execution: HUD had developed project scope, implementation strategy, schedule, and
          related goals in the modernization roadmap and FY 2014 IT Expenditure Plan. However,
          measurements need to be developed to define the health and status of the modernization
          projects. This is consistent with recommendations from the GAO-14-283 report. This
          recommendation also applies to the CPIC process.




10
     HUD, HUD Enterprise Roadmap, FY2014 – Version 5.0 (March 28, 2014)
                                                                                         HUD IT Modernization Report (2015-OE-0002) | 12




HUD Enterprise Architecture
We found that the HUD EA program was                                          Enterprise architecture adds value to business
gradually progressing, and a critical lead EA                                  The value of employing an EA program and outcome
                                                                          measurements are realized cost savings through consolidation
position was filled in 2014. HUD had drafted both                         and reuse of shared services and elimination of antiquated and
an EA policy and EA roadmap as recommended by                             redundant mission operations, enhancing information sharing
GAO in 2012,11 and had made improvements in the                             through data standardization and system integration, and
                                                                         optimizing service delivery through streamlining and normalizing
EA program since GAO began citing issues                                            business processes and mission operations.
starting in 2009.


Based on the HUD EA Division’s self-assessment and our evaluation, we agree that the EA program, using
the GAO EA Maturity Model Framework, is at stage (level) 2 as shown in figure 2. Although HUD was
improving the overall EA program and
continuing to make progress, HUD OCIO
needs to continue implementing the EA
strategies and projects set forth in the
HUD EA roadmap.12 In addition, the
HUD FY 2013 target EA policy from
November 2012 requires an update and                     Figure 2. HUD EA Maturity Model Assessment Level

review, incorporating the latest OCIO goals and objectives, project updates, and formating corrections.
HUD EA Project Status
The HUD EA program tracks all DME of systems and major IT projects. To assist with managing IT projects
and IT modernization efforts, HUD OCIO employs an enterprise Project Management Office (ePMO). The
ePMO is in the process of implementing a project health assessment to identify underperforming projects in
the IT portfolio. However, at the time of this evaluation, neither initiative had been fully implemented or
documented, resulting in ad hoc project management across the program offices and hindering HUD’s ability
to identify underperforming projects. The following processes are required by HUD OCIO to fully implement
and mature the ePMO.13
                                                                           Define and institutionalize the right technical tools to perform
         Provide employee training                                         ePMO functions
         Develop, finalize, and communicate the ePMO processes            Define and fill ePMO positions
          & procedures (in coordination with the CPIC process,             Develop and execute a strategic communications plan to gain
          EA program & roadmap)                                             leadership and program office or segment buy-in


We found a number of active IT investment and project lists in HUD OCIO that were inconsistent or did not

11
   GAO, GAO-12-791 Report, Organizational Transformation: EA Value Needs to Be Measures and Reported, pg. 10 (September 2012)
12
   When properly managed, EA can help optimize the relationships among an organization’s business operations and the IT infrastructure and
applications supporting them.
13
   HUD OCIO, Executive Status Briefing Enterprise Program Management Division: ePMO (November 2014)
                                                                                         HUD IT Modernization Report (2015-OE-0002) | 13




reflect the data in the EA roadmap. Figure 3 shows a partial example of two lists with differing data for two
active investments. Two organizational components within OCIO (ePMO and the Information Technology
Investment Management office) maintain IT project lists for major IT investments; however, they did not
agree. We recommend that these lists be reconciled into one authoritative list and approved in accordance
with the HUD IT governance framework.14 We identified a third list, Exhibit E, HUD Project Information
Report, from the FY 2014 HUD Enterprise Roadmap as the most comprehensive project list. The Exhibit E
list assessed the compatibility for the project to follow the HUD enterprise roadmap and support the business
strategy. Adopting this list for all OCIO entities as the authoritative project list would ensure consistency and
be a beneficial step in coordinating projects across the agency.




                                                Figure 3. Example HUD Investment Lists




EA Value Measurement
OMB provides guidance through the Federal Enterprise Architecture program for developing EA value
measurement programs. Agencies are required to measure enterprise architecture strategic mission value
(outcomes and benefits) by means of an EA value measurement plan. This plan is intended to establish
enterprise outcomes and a documented method of metrics that are measureable, meaningful, repeatable,
actionable, and aligned with HUD’s enterprise architecture strategic goals. In addition, the measurements
should periodically measure and report the enterprise architecture and roadmap outcomes and benefits.
According to GAO, HUD had completed this report for FY 2011 but had not established goals for reducing
redundancy or updating legacy systems.15 HUD submitted to OMB an FY 2013 EA value measurement
report, but we found that a number of measurements were incomplete, reducing HUD’s ability to make
strategic decisions and implement the IT target environment. The agency is required to establish and
determine a way to measure the agency EA program through self-assessments and EA value measurement
reports.




14
  Found in HUD OCIO, Information Technology Management Framework and Governance Concept of Operations, v 2.0. (June 2011)
15
  GAO, GAO-12-791 Report, Organizational Transformation: Enterprise Architecture Value Needs to Be Measured and Reported, pg. 44-45
(September 2012)
                                                                                  HUD IT Modernization Report (2015-OE-0002) | 14




HUD EA Recommendations
     1. Validate the accuracy of IT investment lists by segment and the associated projects and ensure
        alignment with EA strategy: Leveraging the IT governance structure,16 OCIO should develop a
        consolidated project list by IT investment that is aligned to the EA and enterprise roadmap strategy.

     2. Define and assess measurements in a yearly EA value measurement report in accordance with
        OMB EA framework guidance:17 These measures provide input to senior leadership on the status of
        efficiencies that EA has created for the agency. Value measurement reports should be part of the
        yearly agency enterprise roadmap submission to OMB. The HUD EA value measurement report
        should include targets for the following measurements:


Category        Inventory-outcome            Area of measurement                            Measurement indicator
                                                    Completeness          % of IT investments going through the investment review board
Spending        System inventories
                                                                          that have been reviewed by the EA team
                                                      Accuracy            % of IT investments approved by the investment review board
Spending        System inventories
                                                                          aligned to the target architecture
Spending        Outcomes                       Cost savings-avoidance     # of duplicative or overlapping investments
Systems         Outcomes                       Cost savings-avoidance     # of dollars saved or how the EA program contributes in cost
                                                                          savings through system consolidation
Services        System inventories                    Accuracy            % of agency services that are up to date and accurate
Services        Outcomes                       Reduction of duplication   # of duplicate services EA helped identify
Security        Outcome                        Reduction of duplication   # of duplicate security implementations EA helped identify




16
   The HUD IT governance structure is a structure that “empowers business areas to influence IT strategic priorities and ensure
that all portfolio & project activities align with mission area needs.” It can be found in the FY 2013 EA document and the
Information Technology Management Framework and Governance Concept of Operations.
17
   Value measurement reports should be included as part of yearly enterprise roadmap submissions to OMB according to OMB
memorandum, Increasing Shared Approaches to Information Technology Services, dated May 2, 2012; the OMB Common
Approach to Federal Enterprise Architecture; and GAO report GAO-12-791.
                                                                                             HUD IT Modernization Report (2015-OE-0002) | 15




HUD Capital Planning and Investment Control
We found that HUD had a documented CPIC process that generally included elements of an effective IT
investment management process. However, HUD lacked measurements and automated methods for tracking
the IT portfolio (IT investments and projects). HUD was unable to identify underperforming projects or
whether the investments had created cost-saving or operational efficiencies. HUD is in the process of
implementing Project Health Assessments (PHA) through the enterprise project management office to address
the identification of underperforming projects. However, as of this report, OIG has not seen evidence of the
PHA implementation. In the 2015 appropriations bill, the committee requested that HUD provide “details
regarding HUD’s portfolio of IT investments and the status of the Department’s efforts in applying IT
management controls.”18 The bill also “strongly urges HUD establish a true working capital fund” with a cost-
accounting structure to appropriately allocate charges to offices for services consumed. Our findings were
consistent with the issues identified in the GAO report, GAO-15-56.19

The following adjustments would improve HUD’s CPIC processes:

        Establish a process to assess IT projects and identify underperformance;
        Establish criteria for determining large and small IT investments;
        Conduct meetings in accordance with the IT governance policy, such as the Executive Investment
         Board;
        Align investment decisions with business segments and a departmental strategy; and
        Transition to HUDPlus from manual spreadsheets for tracking IT projects.

HUD IT Budget
HUD’s primary IT funding consisted of direct appropriations                                                   HUD IT funding
for IT as well as program office sources. HUD had not
                                                                                                    $461
established a working capital fund as recommended by the
appropriations committee in the 2015 appropriations bill.                                           $350                              HUD IT budget
                                                                             In Millions




                                                                                            $353               $294
Since 2012, the majority of the IT budget had been dedicated                                                           $265
                                                                                            $270             $277     $256            HUD DME
to operations and maintenance and not committed to DME                                                                                budget
and modernization. HUD’s IT budget had decreased over the                                                    $66.3
                                                                                                                                      HUD O&M
                                                                                                                                      budget
last 3 fiscal years, and the IT DME budget had decreased in                                 $0.2   $24.2                $15.9
FY 2015 (figure 4). The overall IT budget across the Federal                               FY 2012 FY 2013 FY 2014 FY 2015
Government had decreased 0.23 percent (excluding the                                               Figure 4, HUD IT & IT DME budget




18
   House of Representatives, Report 113: Departments of Transportation, and Housing and Urban Development, and Related Agencies
Appropriations Bill, 2015
19
   GAO, GAO-15-56 Report, HUD Can Take Additional Actions to Improve Its Governance (December 2014)
                                                                                 HUD IT Modernization Report (2015-OE-0002) | 16




                                                                                  Department of Defense),
     HUD’s future IT budget will require ongoing operations and maintenance funding for IT
                                                                                  while HUD’s IT budget
     systems, while likely needing an increase in budget to modernize the legacy systems in
                                     the HUD infrastructure.                      had decreased 2.97
                                                                                  percent from FY 2014 to
                                                                                  FY 2015, according to the
                            20
FY 2015 IT Federal budget. However, 15 major Federal agencies saw an increase in their IT budgets for FY
2015. Furthermore, HUD’s IT budget decreased an overall 12.8 percent from FY 2012 to FY 2014 while
decreasing a staggering 36 percent from FY 2013 to FY 2014 alone. HUD’s future IT budget will require
ongoing operations and maintenance funding for IT systems, while likely needing an increased budget to
modernize a large number of legacy systems in the HUD infrastructure. For HUD to fully implement the
OCIO modernization roadmap and improve efficiencies and realize cost reductions, it must have a viable
enterprise strategic approach, be properly budgeted, develop attainable EA measurements, further develop
data governance, and disseminate CPIC process guidance to program offices.

HUD CPIC Process Recommendations
       1. Fully develop, approve at appropriate levels, and disseminate current CPIC process policies and
          procedures: CPIC process policies and procedures had not been approved or disseminated to program
          offices.
       2. Ensure that the Executive Investment Board meets in accordance with IT governance policy
          (related to recommendation from GAO-15-56): OCIO should ensure that the Executive Investment
          Board meets as outlined in its charter and the HUD IT governance policy and distributes its decisions
          to appropriate stakeholders.
       3. Implement HUDPlus: OCIO should finalize the implementation of HUDPlus to automate, track, and
          analyze the IT investment submissions and requirements.
       4. Provide CPIC training to all stakeholders to ensure program consistency and effectiveness across
          all program offices: OCIO should conduct training for all intended users before and upon
          implementation of the latest CPIC guidance.




20
     OMB, President’s Fiscal Year 2015 IT Budget of the U.S. Government (2015)
                                                                                HUD IT Modernization Report (2015-OE-0002) | 17




Appendix A: Summary of Recommendations


    Report         Number                          Recommendation                                           Status


                                   Overall IT modernization recommendations


IT Modernization     1.     Develop a coordinated mission-critical system development life
2015-OE-0002                cycle replacement program for mission-critical systems.


IT Modernization     2.     Develop and staff a risk management office at the OCIO level to
2015-OE-0002                manage department-wide information system risk management.


IT Modernization     3.     Finalize, apply, and strategically communicate all standard IT
2015-OE-0002                policy across OCIO and the program offices to ensure that there is a
                            common understanding of the modernization, EA, and CPIC
                            policies.


IT Modernization     4.     Approve at appropriate levels, Implement, and disseminate policy
2015-OE-0002                & processes as intended.



                                  IT modernization roadmap recommendation


IT Modernization     5.     Formalize and fully implement segment governance.
2015-OE-0002



IT Modernization     6.     Develop and finalize the IT infrastructure services contract
2015-OE-0002                migration plan.


Related to GAO-      7.     Implement project health assessments to measure the
14-283 Report               effectiveness of IT project planning and execution.



                                     Enterprise architecture recommendation
                                                                            HUD IT Modernization Report (2015-OE-0002) | 18




IT Modernization   8.     Validate the accuracy of IT investment lists by segment and the
2015-OE-0002              associated projects and ensure alignment with EA strategy.


IT Modernization   9.     Define and assess measurements in a yearly EA value
2015-OE-0002              measurement report in accordance with OMB EA framework
                          guidance.



                   IT capital planning and investment control process recommendations


IT Modernization   10.    Fully develop, approve at appropriate levels, and disseminate
2015-OE-0002              current CPIC process policies and procedures.


Related to GAO-    11.    Ensure that the Executive Investment Board meets in accordance
15-56 Report              with IT governance policy (related to recommendation from GAO-
                          15-56).


IT Modernization   12.    Implement HUDPlus to automate, track, and analyze the IT
2015-OE-0002              investment submissions and requirements.


IT Modernization   13.    Provide CPIC training to all stakeholders to ensure program
2015-OE-0002              consistency and effectiveness across all program offices.
                                           HUD IT Modernization Report (2015-OE-0002) | 19




     Appendix B: HUD OCIO Exit Conference Briefing Comments
Note: HUD OIG
comments
supplementing HUD
OCIO’s responses appear
at the end of this
appendix.
                         HUD IT Modernization Report (2015-OE-0002) | 20




See HUD OIG comment 1.
                         HUD IT Modernization Report (2015-OE-0002) | 21




See HUD OIG comment 2.
                                                                   HUD IT Modernization Report (2015-OE-0002) | 22




HUD OIG Comments
The following are HUD OIG’s responses to HUD OCIO’s comments, dated March 27, 2015.
   1. We recognize that OCIO EA is improving and making progress in developing a consolidated and
      consistent IT modernization plan. In addition, OCIO recently filled a key EA vacancy with a qualified
      and experienced individual. Work will need to continue, specifically in developing a strategic plan to
      communicate OCIO initiatives across all business segments and to gain senior leadership support of
      the modernization plan and required funding to pay for a simplified and scalable architecture.

      Regarding HUD OCIO’s comment requesting more understanding of the measurement, stating “% of
      Agency services that are up to date and accurate,” we are looking for a measure that displays program
      office applications or services in need of modernization due to a lack of vender or contract support in
      hardware, software, or other technical deficiencies. As programs or services are modernized, this
      measure would show the benefits of a sufficiently funded EA modernization roadmap.

   2. We revised our report to reflect this comment. See the HUD EA Project Status section.
                                          HUD IT Modernization Report (2015-OE-0002) | 23




     Appendix C: HUD OCIO Draft Report Comments
Note: HUD OIG
comments
supplementing HUD
OCIO’s responses appear
at the end of this
appendix.




See HUD OIG comment 1.
                         HUD IT Modernization Report (2015-OE-0002) | 24




See HUD OIG comment 1.
                         HUD IT Modernization Report (2015-OE-0002) | 25




See HUD OIG comment 1.




See HUD OIG comment 1.




See HUD OIG comment 1.




See HUD OIG comment 1.
                         HUD IT Modernization Report (2015-OE-0002) | 26




See HUD OIG comment 1.
HUD IT Modernization Report (2015-OE-0002) | 27
                         HUD IT Modernization Report (2015-OE-0002) | 28




See HUD OIG comment 1.
                         HUD IT Modernization Report (2015-OE-0002) | 29




See HUD OIG comment 1.
HUD IT Modernization Report (2015-OE-0002) | 30
                         HUD IT Modernization Report (2015-OE-0002) | 31




See HUD OIG comment 1.




See HUD OIG comment 2.




See HUD OIG comment 1.
                         HUD IT Modernization Report (2015-OE-0002) | 32




See HUD OIG comment 1.
                         HUD IT Modernization Report (2015-OE-0002) | 33




See HUD OIG comment 3.
                         HUD IT Modernization Report (2015-OE-0002) | 34




See HUD OIG comment 1.
                                                                   HUD IT Modernization Report (2015-OE-0002) | 35




HUD OIG Comments
The following are HUD OIG’s responses to HUD OCIO’s comments, provided September 25, 2015.

   1. We recognize that OCIO is continually improving and developing plans for IT modernization
      initiatives. For example, OCIO developed a new HUD 2015 Enterprise Roadmap between this report
      and receiving OCIO comments in addition to the initiatives documented in these provided comments.
      Continued effort, senior leadership support, and resources will be essential to implement and maintain
      the initiatives laid out by the OCIO in the provided comments.

   2. Although this comment explains the practicing Executive Investment Board (EIB) process, it does not
      reflect the documented policy, which is the reason for the recommendation. The intended outcomes
      identified in the IT governance policy may be met but there was no evidence of those EIB outcomes
      such as meeting notes or minutes. Further, per the IT Governance policy, investment recommendations
      are submitted to the EIB from subcommittees, in particular the Customer Care Committee (CCC). It
      may be challenging to make collective strategic decisions on the IT investment portfolio if the EIB
      does not meet on a regular or on an as-needed basis.

   3. We revised our report to reflect this comment and provided artifact. See the HUD EA section.