ALEXANDRIA, Va.–NCUA’s Office of Inspector General (OIG) reports it currently has a half-dozen general audits underway, in addition to a number of “significant” recommendations from past audit reports it said have yet to be implemented.
The update on the OIG’s work was first reported by Regulatory Report.
According to the OIG’s newest reports, the six audits in progress include:
- Bank Secrecy Act (BSA) enforcement
- Federal credit union chartering activities
- 2023 financial statements for the agency’s operating fund, NCUSIF, and Central Liquidity Facility [CLF])
- Cloud computing services
- Examiner-in-charge rotation limits
- Examination hours
- Whether the NCUA is ensuring proper regulatory safeguards remain in place to protect the credit union system, credit union members, and the Share Insurance Fund while responsibly managing the examination burden on credit unions
Recommendations Yet to be Implemented
Meanwhile, the OIG report lists the “significant” unimplemented recommendations – identified as those NCUA management has agreed to implement corrective action but yet to complete it – as of Sept. 30 include:
OIG-20-07 Audit of the NCUA’s Examination and Oversight Authority of Credit Union Service: Organizations and Vendors, issued Sept. 1, 2020
“Recommendation #1. Continue efforts to work with appropriate Congressional committees regarding amending the Federal Credit Union Act to grant the NCUA the authority to subject credit union service organizations and credit union vendors to examination and enforcement authority to the same extent as if they were an insured credit union,” the OIG said.
OIG-18-07 FY2018 Federal Information Security Modernization Act Compliance, issued Oct. 31, 2018
“Recommendation #8. The Office of the Chief Information Officer (OCIO) enforce the policy to remediate patch and configuration related vulnerabilities within agency defined timeframes,” the OIG stated.
OIG-22-06 Audit of the NCUA’s Minority Depository Institutions Preservation Program, issued Sept. 8, 2022
“Recommendation #2. Implement and document in appropriate policy and procedures a process to validate whether minority depository institutions continue to meet the minority depository institution definition,” the report says.
In addition, the report said there are several audits reports older than six months where certain recommendations have yet to be implemented.