GAO reviewed the effectiveness of the Department of Housing and Urban Development's (HUD) information resources management (IRM) program, focusing on whether: (1) IRM planning and data management are adequate to support HUD missions and strategic objectives; (2) HUD computer security programs adequately protect sensitive systems; and (3) efforts to integrate and strengthen financial management systems are effectively planned and managed.
Recommendations for Executive Action
|Department of Housing and Urban Development||1. In order to make the HUD IRM program more responsive to its missions, the Secretary of Housing and Urban Development should establish strategic business and IRM planning processes and develop and maintain up-to-date plans that are clearly linked to each other. The plans should articulate senior executives' vision of the Department's missions, objectives, and priorities, and define the strategies and program and IRM resources needed to properly support the missions and achieve the strategic objectives. The Secretary should consider using the existing IRM Planning Board to develop the Department's strategic plans. In any event, direct and substantive involvement of the Secretary, Deputy Secretary, and senior executives is essential to define the business vision and strategic objectives.|
|Department of Housing and Urban Development||2. In order to make the HUD IRM program more responsive to its missions, the Secretary of Housing and Urban Development should direct Information Policies Systems to develop a strategic information architecture that is based on the strategic business and IRM plans to govern the development, deployment, and use of IRM resources.|
|Department of Housing and Urban Development||3. In order to make the HUD IRM program more responsive to its missions, the Secretary of Housing and Urban Development should establish a data management program to support integrated and departmentwide systems, and ensure that the organization responsible for this program has sufficient authority to coordinate the development of standards for common data, establish a dictionary the provides definitions and locations of data, and ensure compliance with departmentwide data standards.|
|Department of Housing and Urban Development||4. In order to make the HUD IRM program more responsive to its missions, the Secretary of Housing and Urban Development should eliminate weaknesses in computer security controls over automated systems and installations that store, process, transmit, or use sensitive or privacy data. This will require establishing effective mechanisms to ensure that both HUD and contractor: (1) computer operations conform with federal and departmental requirements; (2) staffs receive background investigations that are commensurate with their access to sensitive systems; and (3) staffs receive sufficient training so they are aware of and can fulfill their computer security responsibilities.|
|Department of Housing and Urban Development||5. In order to make the HUD IRM program more responsive to its missions, the Secretary of Housing and Urban Development should develop and test contingency plans to provide for the backup, recovery, and continuity of operations of all systems and computer installations that support critical Department functions. Also, until these plans are fully developed and tested, report the lack of contingency plans as a material internal control weakness under the Federal Managers' Financial Integrity Act.|
|Department of Housing and Urban Development||6. In order to make the HUD IRM program more responsive to its missions, the Secretary of Housing and Urban Development should establish and maintain, as part of the implementation of HUD revised Financial Systems Integration Plan: (1) clear lines of authority over the entire effort and individual systems projects; (2) standards for the common data that will be used; (3) a data dictionary for the integrated financial systems; (4) a detailed plan to transition from existing systems to the integrated systems that will be developed; and (5) an effective monitoring mechanism to ensure that significant problems, with any project or the integration effort as a whole, are brought to the attention of senior managers and are corrected in a timely manner.|