Skip to main content
Report File
Date Issued
Submitting OIG
National Credit Union Administration OIG
Other Participating OIGs
National Credit Union Administration OIG
Agencies Reviewed/Investigated
National Credit Union Administration
Report Number
OIG-24-08
Report Description

This report summarizes the results of Sikich’s independent evaluation and contains nine new recommendations that will assist the agency in improving the effectiveness of its information security and its privacy programs and practices. NCUA management concurred with and hasidentified corrective actions to address the recommendations.

Report Type
Audit
Agency Wide
Yes
Number of Recommendations
9
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 9 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1.OIG-24-08Recommendation No $0 $0

Conduct refresher training for the PCs regarding documenting and maintaining asset management system records in accordance with NCUA policy and procedures.

2.OIG-24-08Recommendation No $0 $0

Update the accountable property policy to implement a process for the PMO to complete a periodic review of the IT asset inventory to validate that the inventory is documented and maintained in accordance with NCUA policy and procedures.

3.OIG-24-08Recommendation No $0 $0

Complete the PRISM risk assessment review on an annual basis and document the results.

4.OIG-24-08Recommendation No $0 $0

Ensure that the annual risk assessment reviews for all third-party NCUA services are completed.

5.OIG-24-08Recommendation No $0 $0

Document and implement a process to track and complete supply chain risk assessments for all third-party systems and service providers.

6.OIG-24-08Recommendation No $0 $0

Implement improved processes for leveraging dashboards in order to monitor and manage patch compliance and remediation of vulnerabilities including the tracking of approved and unapproved software.

7.OIG-24-08Recommendation No $0 $0

Complete the 2024 backlog of overdue reinvestigations.

8.OIG-24-08Recommendation No $0 $0

Document and implement a process for notifying OHR to add the initial role-based security training requirement to the learning profile in the learning management system for new hires requiring the training

9.OIG-24-08Recommendation No $0 $0

Complete implementation of the new alternate processing and storage site to a fully operational state.

National Credit Union Administration OIG

United States