Chairman Davis, Ranking Member Waxman, and distinguished Members of the Committee, thank you for the opportunity to appear today to discuss the effect of OMB 's Watch List on the Department of Housing and Development 's (HUD 's) operations.

In my first two months as the Chief Information Officer at HUD, I have observed a collective willingness and commitment to capitalize on the power of information technology (IT) to increase home ownership, support community development, and increase access to affordable housing free from discrimination. One of the primary ways I believe we can improve our effectiveness at fulfilling these goals is by leveraging technology to become more efficient in managing our operations. To do this, we must institute effective IT management controls throughout all programs within HUD.

I recognize that the OMB Watch List published in the first quarter of Fiscal Year (FY) 2005 accurately reflects the specific areas that HUD must improve to more effectively manage its IT investments. The projects on the list include those supporting the improvement of internal administrative functions, home ownership initiatives, and rental assistance.

The OMB Watch List has provided an effective, independent validation of the specific areas for improvement that HUD has also identified and is already taking aggressive and agency-wide actions to correct. The OMB Watch List currently reflects that 31 of HUD 's 32 major investment projects have weaknesses in three primary areas: IT Security, Enterprise Architecture, and Performance-Based Management. We are rapidly implementing a plan to improve these specific areas, and prioritizing the execution of these improvements in the specific projects identified on OMB 's Watch List.

The majority of our projects on the OMB Watch List are there because security certification and accreditation has not been completed, a key OMB and legislative requirement. Consequently, we are focusing first and foremost on instituting an effective information technology security program. Over the past two months, HUD has developed a comprehensive, updated security policy; has drafted standard guidelines and an associated methodology for inventory management, certification/accreditation, and the plan of action and milestone (POA&M) process; has established and begun executing a schedule to complete certification and accreditation on the majority of HUD systems by the end of the year; has prepared and scheduled specialized security training to be conducted in May; and is establishing a comprehensive contingency plan for our modernized infrastructure. HUD is also in the process of implementing a formalized cyber security incident response and vulnerability testing center. Most importantly, HUD is capitalizing on independent reviews from, and close coordination with, our Inspector General to both identify and correct other potential risks to the integrity, availability, and confidentiality of our systems.

In addition to these critical activities, we have also implemented a target enterprise architecture and associated modernization strategy that has been approved by HUD 's Technology Investment Review Board Executive Committee (TIBEC). This strategy will be reflected in updated project business cases submitted to OMB in conjunction with the FY2007 budget process.

In terms of improving performance-based management, we now require monthly reporting of cost and schedule actuals and earned value through an update of the project plan for all major IT initiatives. Cost and schedule variances are calculated for each project each month, and projects that have significant variances are required to submit a corrective action plan. The HUD TIBEC is now also scheduled to meet quarterly to review projects that exceed acceptable cost or schedule goals.

Our strategy for moving forward is to include standard earned value management reporting language in new contracts supporting all major IT development projects.

In sum, HUD is capitalizing on the OMB Watch List to identify opportunities for process improvements in the way we manage our critical IT investments. We are committed to institutionalizing these improvements and anticipate that many programs will be removed from the OMB Watch List over the next year.