Audit of the NCUA's Information Technology Asset Sanitization Process

Title Full

The National Credit Union Administration (NCUA) Office of Inspector General (OIG) conducted this self-initiated audit to assess the NCUA’s information technology (IT) asset sanitization process. The objective of our audit was to determine whether the NCUA adequately managed and sanitized its IT assets before disposal or reuse.

Date Issued

Wednesday, December 17, 2025

Submitting OIG

National Credit Union Administration OIG

Agencies Reviewed/Investigated

National Credit Union Administration

Report Number

OIG-25-10

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

External Link

https://ncua.gov/files/audit-reports/oig-audit-ncuas-it-asset-sanitization-proc…

Open Recommendations

This report has 3 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1.OIG-25-10	No	$0	$0
Update and implement the Accountable Property Handbook to address returning IT assets that requires a secure chain of custody process, including IT assets subject to litigation holds.
2.OIG-25-10	No	$0	$0
Update the offboarding procedures to include instructions to employees to ensure exiting employees return their IT assets in accordance with the updated Accountable Property Handbook.
3.OIG-25-10	No	$0	$0
Improve the IT asset accountability process going forward to include historical IT asset tracking by employee and by addressing and implementing data access procedures for returned cell phones on litigation holds.