OFFICE OF INSPECTOR GENERAL 2006 ANNUAL PERFORMANCE PLAN



Similar documents
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

POSTAL REGULATORY COMMISSION

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development

Anti-Money Laundering Policy Manual Table of Contents [Sample Client] Table of Contents

Privacy Impact Assessment of Automated Loan Examination Review Tool

APPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

SPRING 2005 Volume 7.2 STATE CORPORATION COMMISSION BUREAU OF FINANCIAL INSTITUTIONS. Lending Draws Regulatory Attention

The Department of the Treasury established the Financial Crimes

BSA/AML & OFAC. Volunteer Compliance Training. Agenda

Overview of External Peer Reviews in the IG Community

Using Continuous Monitoring Information Technology to Meet Regulatory Compliance. Presenter: Lily Shue Director, Sunera Consulting, LLC

Department of Defense DIRECTIVE

Approved by the Assistant Secretary for Administration and Management (ASAM) on 2/28/2003 and 68 FR 1

chieving organizational and management excellence

OFFICE OF THE INSPECTOR GENERAL

Work Plan ongoing and planned audit and evaluation projects. Current as of June 5, 2015

Bank Secrecy Act Anti-Money Laundering Examination Manual

EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C

National Credit Union Administration Strategic Plan 2014 through 2017

The FDIC s Response to Bank Secrecy Act and Anti-Money Laundering Concerns Identified at FDIC-Supervised Institutions

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015

H.R Digital Accountability and Transparency Act of 2013

EPA s Computer Security Self-Assessment Process Needs Improvement

How To Audit The Mint'S Information Technology

Five-Year Strategic Plan

Office of Inspector General Evaluation of the Consumer Financial Protection Bureau s Consumer Response Unit

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

Table of Contents Message from the NCUA Board... Who We Are... Mission... Major Programs... Strategic Management Process...

Summary. Background and Justification

Federal Communications Commission Office of Inspector General

OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION

Office of Inspector General

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

a GAO GAO INFORMATION SECURITY Department of Homeland Security Needs to Fully Implement Its Security Program

EPA Needs to Strengthen Its Privacy Program Management Controls

Public Law th Congress An Act

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

AUDIT OF THE MACOMB COUNTY SHERIFF S OFFICE EQUITABLE SHARING PROGRAM ACTIVITIES MOUNT CLEMENS, MICHIGAN EXECUTIVE SUMMARY*

NUMBER OF MATERIAL WEAKNESSES

Audit of the Department of State Information Security Program

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL. September 22, 20 14

Small Business Lending Fund President s Budget

CORE Security and GLBA

OFFICE OF INSPECTOR GENERAL

Bank Secrecy Act, Anti-Money Laundering, and Office of Foreign Assets Control

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

Financial Crimes Enforcement Network

December 2006 Report No FDIC s Supervision of Financial Institutions OFAC Compliance Programs AUDIT REPORT

Federal Bureau of Investigation s Integrity and Compliance Program

Bank Secrecy Act for Directors. Barb Boyd Content Manager CU Solutions Group

DCU BULLETIN Division of Credit Unions Washington State Department of Financial Institutions

UNITED STATES DEPARTMENT OF THE INTERIOR BUREAU OF LAND MANAGEMENT MANUAL TRANSMITTAL SHEET

Background. FIN-2010-G001 Issued: March 5, 2010 Subject: Guidance on Obtaining and Retaining Beneficial Ownership Information

Privacy Impact Assessment. For. Non-GFE for Remote Access. Date: May 26, Point of Contact and Author: Michael Gray

Executive Office of the President. Office of Management and Budget. Fiscal Year 2015 Budget

GAO FEDERAL STUDENT LOAN PROGRAMS. Opportunities Exist to Improve Audit Requirements and Oversight Procedures. Report to Congressional Committees

Fiscal Year 2007 Federal Information Security Management Act Report

INFORMATION SECURITY. Additional Oversight Needed to Improve Programs at Small Agencies

Accountant (GS-510) Competency Model

Supporting Effective Compliance Programs

Fiscal Year 2014 Work Plan

NASA OFFICE OF INSPECTOR GENERAL

Information Security Guide For Government Executives. Pauline Bowen Elizabeth Chew Joan Hash

GAO NATIONAL CREDIT UNION ADMINISTRATION. Earlier Actions Are Needed to Better Address Troubled Credit Unions. Report to Congressional Committees

Information Security Series: Security Practices. Integrated Contract Management System

HIGH-RISK COUNTRIES IN AML MONITORING

Financial Crimes Enforcement Network

FACTA Identity Theft Red Flags Program.

ANTI-MONEY LAUNDERING FOR LENDERS

Audit Report. The Social Security Administration s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013

Privacy Impact Assessment of the Supervisory Enforcement Actions and Special Examinations Tracking System

July 6, Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263

CYBERSECURITY EXAMINATION SWEEP SUMMARY

GAO ELECTRONIC GOVERNMENT ACT. Agencies Have Implemented Most Provisions, but Key Areas of Attention Remain

SCAC Annual Conference. Cybersecurity Demystified

Audit Report. Natural Resources Conservation Service Water and Climate Information System Review of Application Controls Portland, Oregon

March 17, 2015 OIG-15-43

Treasury Department Proposes Anti-Money Laundering Regulations for Investment Advisers

THE FCA INSPECTOR GENERAL: A COMMITMENT TO PUBLIC SERVICE

2015 List of Major Management Challenges for the CFPB

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. CALIFORNIA DEPARTMENT OF FINANCIAL INSTITUTIONS SAN FRANCISCO, CALIFORNIA

Gramm Leach Bliley Act. GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 7/1/2007

EPA Could Improve Its Information Security by Strengthening Verification and Validation Processes

U.S. Department of Agriculture Office of Inspector General Financial and IT Operations Audit Report

United States General Accounting Office

SMITHSONIAN INSTITUTION

Payment Processor Relationships Revised Guidance

REVIEW OF MEDICARE CONTRACTOR INFORMATION SECURITY PROGRAM EVALUATIONS FOR FISCAL YEAR 2013

KANSAS HOUSE FINANCIAL INSTITUTIONS and INSURANCE COMMITTEE

Annual Plan. Fiscal Year Office of Inspector General Department of the Treasury OIG-CA

Compliance Risk Management IT Governance Assurance

Office of Inspector General

UNITED STATES COMMISSION ON CIVIL RIGHTS. Fiscal Year 2012 Federal Information Security Management Act Evaluation

Office of Inspector General Audit Report

Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education

CHAPTER 3 FINANCIAL MANAGEMENT SYSTEMS: POLICY, ROLES AND RESPONSIBILITIES FOR CONFORMANCE, EVALUATION, AND REPORTING

Transcription:

OFFICE OF INSPECTOR GENERAL 2006 ANNUAL PERFORMANCE PLAN

OVERVIEW The National Credit Union Administration (NCUA) Office of Inspector General (OIG) Annual Performance Plan for 2006 delineates those audits that would most benefit the NCUA. In formulating this Plan, we considered: The agency s strategic and annual performance plans; Pertinent legislation, including the Federal Credit Union Act, the Government Performance Results Act (GPRA), the Credit Union Membership Act, Federal Information Security Management Act (FISMA), the Sarbanes-Oxley Act, and the Inspector General Act; Congressional activity and testimony by NCUA officials as well as significant areas of interest to NCUA Board members and the Congress; Audits planned and performed by the General Accounting Office (GAO); Input obtained from the NCUA Board and Executive staff; and NCUA and the credit union industry s operating environment. How the Annual Plan was formulated The NCUA OIG plans its work to identify and respond to issues that are of greatest importance to NCUA. For purposes of the Annual Plan, we have identified prospective audit and investigative work that is responsive to NCUA s strategic goals (see table). 2005 Strategic Goals 1 Strategic Goal 1 A safe, sound and healthy credit union industry. Strategic Goal 2 Access to financial services for all people throughout the United States. Strategic Goal 3 A prudent, flexible and efficient regulatory environment for all federally insured credit unions. In preparing our 2006 Performance Plan, we identified several audits that address the agency s strategic goals. Due to our resource limitations, we considered each of these 1 Source: NCUA Draft Strategic Plan 2006-2011. 1

audits and determined which ones should form the basis of our work over the next year (See Appendix C). Criteria considered in the prioritization process included such factors as importance to the NCUA mission as well as NCUA Board and Congressional interest. Resources The OIG staff is currently composed of 8 positions (7.55 FTEs) including the Inspector General. In addition, we rely upon contractors to augment our resources. For example, we use independent contracting firms to assist with our financial statement audits and the annual independent evaluation as required by the Federal Information Security Management Act (FISMA). In addition to the financial statement audits and evaluation under FISMA, we use contracting dollars for short term, non-recurring projects. In 2006, our contracting budget is approximately $450,000. Audits that cannot be accomplished in 2006 will be deferred to 2007. The following appendices are included in our 2006 plan: Appendix A: 2006 Planned Audits and Surveys Appendix B: 2006 Legal Projects and Investigative Work Appendix C: Summary of Audits/Surveys planned for 2006 2

Appendix A 2006 Planned Audits & Surveys Carryover Audits and Surveys from 2005 Risk Focused Exams Internal Control Review In July of 2001, the National Credit Union Administration (NCUA) implemented a risk focused examination (RFE) program that eliminated the requirement to perform annual examinations in low risk credit unions. Credit unions posing limited risk to the National Credit Union Share Insurance Fund (NCUSIF) could receive an examination twice every three years. The RFE approach focused NCUA resources on high-risk areas within a credit union. The RFE program quality control and monitoring efforts include but are not limited to examination report appraisals performed by the supervisory examiners and examination report quality control reviews performed by the regional office; and management reports. Objective: Does NCUA have a process in place to provide assurance that high risk areas are identified and addressed through the risk focused examination process? Indirect Lending As of December 31, 2004, 1,522 of 9,014 Federally Insured Credit Unions had indirect lending programs. The total indirect lending loans held by credit unions in these programs accounted for 12.43% of total loans. The NCUA has issued indirect lending information and examiner guidance in the form of Instructions, Letters to Credit Unions, Supervisory Letters and Risk Alerts as early as 2001 and as late as 2005. It is important to review areas to determine if they present potential risk to the National Credit Union Share Insurance Fund (NCUSIF). Objective: Obtain an understanding of indirect lending related to credit unions and determine what vulnerabilities exist in the management of indirect lending portfolios. Financial Statements Audits (4) for Year Ending December 31, 2005 As required, the OIG will conduct a review of the National Credit Union Administration reporting entities for the year ending December 31, 2005. This will include: National Credit Union Share Insurance Fund (NCUSIF) National Credit Union Administration Operating Fund (Operating Fund) Central Liquidity Facility (CLF), and Community Development Revolving Loan Fund (CDRLF) These audits are conducted under contract with an independent public accounting firm. 3

Objective: To determine if the four funds that the agency administers are in compliance with GAAP and if their statements present fairly their financial position, results of operations and changes in cash flows. New Starts - Mandatory Audits for 2006 Federal Information Security Management Act (FISMA) The President signed into law the E-Government Act (Public Law 107-347), which includes Title III, Information Security, on December 17, 2002. The Federal Information Security Management Act (FISMA) permanently reauthorized the framework laid out in the Government Information Security Reform Act of 2000 (GISRA), which expired in November 2002. FISMA includes a requirement that Inspectors General perform an annual evaluation. This evaluation includes testing the effectiveness of the agency s information security policies, procedures, and practices and an assessment of compliance with the requirements of FISMA. Annually, OMB issues reporting instructions for the Federal Information Security Management Act report. The reporting instructions provide clarification to agencies for implementing, meeting, and reporting FISMA requirements to OMB and Congress. Objective: To determine if NCUA is in compliance with the Federal Information Security Management Act. This annual independent evaluation is required by the Act. In addition, the OIG prepares an annual report to OMB characterizing NCUA s information security management program. Financial Statements Audits (4) for Year Ending December 31, 2006 As required, the OIG will conduct a review of the National Credit Union Administration reporting entities for the year ending December 31, 2006. This will include: National Credit Union Share Insurance Fund (NCUSIF) National Credit Union Administration Operating Fund (Operating Fund) Central Liquidity Facility (CLF), and Community Development Revolving Loan Fund (CDRLF) These audits are conducted under contract with an independent public accounting firm. New requirements for 2006 mandate the report must be issued within 45 days of closing or by February 15, 2007. Objective: To determine if the four funds that the agency administers are in compliance with GAAP and if their statements present fairly their financial position, results of operations and changes in cash flows. Material Loss Reviews (as necessary) The Federal Credit Union Act requires the NCUA Inspector General to review and report on any credit union material losses exceeding $10 million and an amount equal to 10% of the total assets of the credit union. 4

Objective: Determine the underlying problem which resulted in the material loss to the insurance fund and make recommendations for preventing any such loss in the future. Congressional/NCUA Board Requests (as necessary) Objective: To be responsive to requests received from the Congress or the NCUA Board for OIG services. PEER Review of Maritime OIG Every three years it is mandatory that a PEER review be conducted of work performed by the Inspector General Office of Audit. The ECIE provides a rotation for reviews that the National Credit Union OIG is responsible for performing. In 2006, we are responsible for the PEER review of Maritime OIG. Objective: Conduct an external peer review of the Maritime OIG s audits and attestations to ensure compliance with industry best practices, rules and regulations. Governmentwide Financial Report System (GFRS) To meet the joint requirements of the Office of Management and Budget (OMB), Treasury s Financial Management Services (FMS) and the General Accountability Office (GAO), the OIG is required to review the National Credit Union Administration s closing package to support the September 30 year end government consolidated financial statements. Objective: Perform non-audit and agreed upon procedures for NCUA s submission for the government wide consolidated financial statements and input the information into the FMS GFRS. Request for Proposals for Federal Information Security Management Act (FISMA) and Financial Statement Audit (FSA) The Office of Inspector General is required to conduct mandatory reviews of FISMA and FSA on a yearly basis. Because of limited resources we contract with an independent consulting firm for this work. Objective: Develop a Request for Proposal (RFP) for contracting out the FISMA and FSA for 2006, with option years for 2007 and 2008. 5

New Starts for 2006 (Discretionary Audits) Risk Focused Exams Tracking Identified Deficiencies This audit is a follow on review to the Risk Focused Exams Internal Control Reviews. As of August 22, 2005, there were approximately 5,500 Federal Credit Unions. Low risk credit unions as identified by CAMEL ratings 1 and 2 represented ninety-five percent of the insured shares and seventy-seven percent of the number of credit unions. High risk credit unions as identified by CAMEL ratings 3, 4, and 5 represented five percent of the insured shares and twenty-three percent of the number of credit unions. Objective: Does NCUA have a process in place to track deficiencies identified during exams? In addition, what is the process for follow-up on the identified deficiencies and does follow-up take place in a timely manner? Bank Secrecy Act Suspicious Activity Reports All federal banking regulators, including NCUA, signed an agreement with the Financial Crimes Enforcement Network (FinCEN) to strengthen interagency communication and enhance the reporting system for significant BSA violations. The BSA requires financial institutions to file Suspicious Activity Reports (SARs) when suspected money laundering or BSA violations occur. FinCEN also provides automated systems to review reported SARs. Review of these SARs can be an important tool in protecting the integrity of Credit Unions. Objective: What process is in place to utilize/review SARs and is this process successful? Implementation of Gramm-Leach-Bliley Act (GLBA) Congress enacted several privacy provisions in the Gramm-Leach-Bliley Act (GLBA). Financial institutions have an obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers nonpublic personal information. GLBA requires the NCUA to prescribe regulations that establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards (1) to insure the security and confidentiality of customer records and information; (2) to protect against any anticipated threats or hazards to the security or integrity of such records; and (3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer. Objective: Determine whether NCUA has provided adequate credit union and examination guidance for implementing the data privacy and security provisions of the Gramm-Leach-Bliley Act. 6

Potential New Starts for 2007 Security of Credit Union Member Data Objective: Determine the extent to which examinations ensure that credit unions are adequately protecting member data. Real Estate Lending Objective: To determine the significance of real estate lending in the credit union industry and the risks that real estate lending poses to the share insurance fund. Bank Secrecy Act Documentation Objective: Are NCUA examiners documenting their reviews of BSA compliance? Examination Assessment of Electronic Financial Services Objective: Determine whether the NCUA examination procedures address the risks associated with electronic banking and the extent to which examiners are following the procedures. Blackberry Devices Configured to provide Secure Remote Access Objective: Determine if there is adequate security over blackberry devices? 7

Appendix B 2006 Legal Projects and Investigative Work General legal support Administrative/personnel legal work Investigative assistance & support Audit assistance & support Legislation/regulation review 2006 LEGAL ACTIVITIES Formal investigations Preliminary/informal investigations Proactive reviews and/or investigations 2006 INVESTIGATIONS 2006 TRAINING Regional staff & integrity awareness training New supervisor training Continued briefings on revised instruction, Guidelines and Responsibilities for Reporting Investigative Matters to the Inspector General, 01910.08 8

Appendix C Summary of Audits/Surveys Planned for 2006 2006 PROJECTS Audits/Surveys: Risk Focused Exams Internal Control Review (carry over from 2005) Indirect lending (carry over from 2005) 2005 Financial Statement Audits (carry over from 2005) Federal Information Security Management Act (FISMA) 2006 Financial Statement Audits Material Loss Reviews Congressional/NCUA Board Requests PEER Review of Maritime OIG Governmentwide Financial Report System RFP for FISMA & Financial Statement Audit Risk Focused Exams Tracking Identified Deficiencies Bank Secrecy Act Suspicious Activity Reports Implementation of Gramm-Leach-Bliley Act 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information