Ongoing Work
The following list summarizes our ongoing audits, evaluations, and other reviews. We focus on those programs and operations in which potential deficiencies pose the highest risk to the Board and the CFPB in achieving their strategic goals, objectives, and priorities; meeting budgetary and financial commitments; and complying with applicable laws, regulations, and guidance. We may also be required to perform unanticipated work or reassess ongoing work based on congressional or agency requests, sector- or industry-specific events, OIG Hotline complaints, new statutory mandates, or other inputs. Such work, as well as resource constraints, may result in our deferring, canceling, or modifying projects.
Board
We are assessing the effectiveness of the Board's contract solicitation, selection, and award processes, including the Board's compliance with applicable laws, regulations, and internal policies and procedures.
We contracted with an independent public accounting firm to audit the financial statements of the Board. We plan to oversee the activities of the independent public accounting firm to ensure compliance with generally accepted government auditing standards and Public Company Accounting Oversight Board auditing standards related to internal controls over financial reporting.
We are assessing whether the Board complies with relevant federal directives for employees with certain security clearances to report foreign travel plans, and alignment between the Board's foreign travel requirements and those of other leading agencies.
We are assessing the Board's internal controls for approving, maintaining, and reporting gifts and decorations, as well as nonfederally sponsored travel.
To meet FISMA requirements for 2025, we are assessing the effectiveness of the Board's (1) security controls and techniques for selected information systems and (2) information security policies, procedures, standards, and guidelines.
We are assessing whether the Board's offboarding process controls for records management, security debriefings, and the return and deactivation of personal identity verification cards mitigate reputational and security risks effectively.
We are assessing the effectiveness of the Board's processes for approving and monitoring the multicycle project budget for the Bureau of Engraving and Printing's expenses related to Federal Reserve note production. To assess the design effectiveness, we compared the Board's processes to leading budget practices and internal control standards. To determine operating effectiveness, we verified whether the Board followed those processes as described.
We are assessing the effectiveness of the Board's processes for managing its laptop and hard drive inventory. We will focus on whether the Board's day-to-day operational processes for tracking, securing, and removing hard drives from unassigned laptops and processes for securing and disposing of surplus hard drives and laptop shells align with internal procedures and leading practices.
The Board performs the accounting function for the FFIEC, and we contracted with an independent public accounting firm to audit the financial statements of the FFIEC. We will oversee the activities of the independent public accounting firm to ensure compliance with generally accepted government auditing standards.
We are assessing the Board and the Federal Reserve Banks' multistep approach to processing certain applications from banking organizations, including processing times, delegation and escalation practices, and other factors that could influence process efficiency.
We are assessing the effectiveness of the Board's and the Federal Reserve Banks' practices for following up on supervisory findings that address safety and soundness issues in the large and foreign banking organization portfolio.
We are assessing the Board's processes for ensuring that IT investments support business objectives, including through capital planning and investment control.
We are assessing the insider risk management activities of the Board, focusing on the design and effectiveness of the Board's approach to deter, detect, and mitigate insider risks.
We are assessing the Board's oversight of its Marriner S. Eccles Building and 1951 Constitution Avenue Building Renovation Project, including the associated costs. Our scope will include a focus on the key factors contributing to the cost estimate increases, including assessing whether discretionary design features contributed materially to those increases.
We are assessing the Board's practices and controls for safeguarding confidential supervisory information in OASIS, a technology platform that Board and Reserve Bank staff use to document their financial institution supervisory activities.
We are assessing the design and implementation of the Board's processes for appointing, approving, and consulting on the selection of certain Reserve Bank leaders, including processes related to the identification and resolution of potential conflicts of interest.
We are assessing the Protective Services Unit's (1) planning and preparedness for transitioning protection to a new chair and (2) protective intelligence process, including its collection and evaluation of information pertaining to the chair's safety and security and its compliance with applicable procedures.
We are conducting a forensic evaluation to determine the efficiency and effectiveness of software inventory and license management practices in the Board's Division of Information Technology.
As part of our 2025 FISMA audit of the Board's information security program, we are testing selected security controls for the Banknote Inventory System. The system is used to track banknotes and other items related to currency development, performance, and production.
As part of our 2025 FISMA audit of the Board's information security program, we are testing selected security controls for the OASIS system. OASIS is a cloud-based solution that facilitates the process for assessing, monitoring, and rating firms supervised by the Federal Reserve System.
As part of our 2025 FISMA audit of the Board's information security program, we are testing selected security controls for the Research and Statistics Recruiting system. The system is used to identify, track, screen, and select individuals for economist and research assistant positions at the Board.
CFPB
To meet FISMA requirements for 2025, we are conducting an audit of the CFPB's information security program. Our objectives are to evaluate the effectiveness of the CFPB's (1) security controls and techniques for selected information systems and (2) information security policies, procedures, standards, and guidelines.
We are assessing the CFPB's internal controls for receiving, inventorying, and disposing of IT assets. We defined the term IT assets to include laptops, tablets, and smartphones.
We are assessing whether the CFPB, under former Director Rohit Chopra, adhered to relevant processes and procedures in its decisions to broaden its definition of "unfair, deceptive, or abusive acts or practices" and its definition of "credit" under the Truth in Lending Act. We will also inquire whether the CFPB has available information that will enable us to assess the time and costs associated with the enforcement actions issued during then Director Chopra's tenure in comparison to those issued during the tenure of prior directors.
We are reviewing the CFPB's workforce and contracting actions to determine their high-level effects on mission-related activities and support functions. We are not assessing whether these actions complied with applicable laws, regulations, policies, or procedures because they are the subject of ongoing litigation.
We are assessing the CFPB's processes for ensuring that IT investments support business objectives, including through capital planning and investment control.
We are analyzing the risks of illegal, improper, or erroneous purchases and payments associated with the CFPB's travel card program to determine an overall risk level for the program.
As part of our 2025 FISMA audit of the CFPB's information security program, we are testing selected security controls for consumerfinance.gov, the agency's public-facing website. The website provides information and resources for consumers and intakes consumer complaints about financial products and services.
As part of our 2025 FISMA audit of the CFPB's information security program, we are testing selected security controls for the Consumer Response System. The system aids in data collecting, as well as in handling and responding to consumer complaints regarding certain financial products and services.
As part of our 2025 FISMA audit of the CFPB's information security program, we are testing selected security controls for the Relativity EMS used by the CFPB. This system is used to track and manage activity regarding potential, pending, and closed enforcement matters, such as investigations and litigations.