Skip to Navigation
Skip to Main content
OIG Home
OIG Home


Skip SHARE THIS PAGE section Skip STAY CONNECTED section

CFPB Report: 2023-IT-C-008 May 31, 2023

Report on the Independent Audit of the CFPB's Agile Systems/Software Development Life Cycle Processes

available formats

  • Summary:

  • Full Report:


We contracted with Cotton & Company Assurance and Advisory, LLC, to conduct a performance audit of the CFPB's Agile systems/software development life cycle processes. We reviewed and monitored the work of the contractor to ensure compliance with the contract and generally accepted government auditing standards.

The contractor found that the CFPB's information security program effectively integrates cybersecurity requirements into its software development life cycle processes, and will be further strengthened once efforts to improve privileged user and software inventory management processes are completed.