OIG-26-05 Audit of the NCUA's Enterprise Risk Management Risk Profiles

View Report

Date Issued

Wednesday, May 20, 2026

Submitting OIG

National Credit Union Administration OIG

Agencies Reviewed/Investigated

National Credit Union Administration

Report Number

OIG-26-05

Report Description

The National Credit Union Administration (NCUA) Office of Inspector General (OIG) conducted this self-initiated audit to assess the NCUA’s Enterprise Risk Management Risk Profiles. The objective of our audit was to determine if the NCUA adequately established, maintained, and used risk profiles to address enterprise-level risks.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

External Link

https://ncua.gov/files/audit-reports/oig-26-05-ncua-erm-risk-profiles-report.pdf

Open Recommendations

This report has 2 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1.OIG-26-05	No	$0	$0
Implement a regular assessment and briefing of all enterprise-level risks, such as through discussion of risk profiles at ERM Council meetings, on a frequency commensurate with risk exposure to monitor that each risk is managed within risk appetite.
2.OIG-26-05	No	$0	$0
Clarify how the ERM Council should communicate risk results to agency officials who implement decisions.