All OIG Reports

REPORT TITLE REPORT ID Sort descending REPORT DATE
Despite Prior Commitments, FHFA Has Not Implemented a Systematic Workforce Planning Process to Determine Whether Enough Qualified Examiners are Available to Assess the Safety and Soundness of Fannie Mae and Freddie Mac AUD-2020-004 2020-02-25
FHFA's 2019 Disaster Recovery Exercise of its General Support System Was Conducted as Planned, But its Disaster Recovery Procedures Were Missing Certain Required Elements and Included Outdated Information AUD-2020-005 2020-03-23
FHFA’s Procurement Awards during the Period January 2017 to September 2019 Followed Most of its Acquisition Policies and Procedures but Some Required Internal Peer Reviews Were Not Performed AUD-2020-006 2020-03-24
For Fiscal Year 2019, FHFA Did Not Always Follow its Policy for Employee Reimbursements and Stipends; FHFA’s Practice for Calculating Employee Travel Stipends Was Not Stated in its Policy Nor Consistently Followed AUD-2020-007 2020-03-26
FHFA Needs to Strengthen Controls Over its Records Management Program to Comply with OMB and NARA Requirements AUD-2020-008 2020-03-26
FHFA Cannot Assure that All Electronic Media Approved for Destruction in October 2018 Was Destroyed, and it Continues to Lack Adequate Controls over Electronic Media Targeted for Disposal AUD-2020-009 2020-03-30
DBR’s Examinations during the 2017 through 2019 Examination Cycles Generally Complied with its Guidelines, but Some Exceptions to those Guidelines Were Not Documented and/or Approved, and DBR’s Quality Control Branch Failed to Identify these Shortcomings AUD-2020-010 2020-09-03
FHFA Completed Most of its Planned Ongoing Monitoring Activities for Fannie Mae and CSS for 2019; However, FHFA Failed to Follow its Requirements When it Changed Examination Plans for Non-Risk-Based Reasons and Failed to Obtain Deputy Director Approval AUD-2020-011 2020-09-09
FHFA Completed All of its Planned Ongoing Monitoring Activities for Freddie Mac for 2019 AUD-2020-012 2020-09-09
FHFA Failed to Follow its Cloud-Based Computing Requirements when it Did Not Validate the Implementation of Minimum Security Requirements for Cloud-Based Tools and Did Not Include Required IT Security Provisions in Some of its Cloud Service Contracts AUD-2020-013 2020-09-17
Weaknesses in FHFA’s Monitoring of the Enterprises’ 97% LTV Mortgage Programs May Hinder FHFA’s Ability to Timely Identify, Analyze, and Respond to Risks Related to Achieving the Programs’ Objectives AUD-2020-014 2020-09-29
Audit of the Federal Housing Finance Agency’s Information Security Program (Fiscal Year 2020) AUD-2021-001 2020-10-20
Audit of the Federal Housing Finance Agency Office of the Inspector General’s Information Security Program (Fiscal Year 2020) AUD-2021-002 2020-10-20
Audit of FHFA’s Design of Procedures and Guidance to Prevent and Reduce Improper Payments AUD-2021-003 2021-03-11
FHFA Followed OMB Guidance in Implementing its Enterprise Risk Management Program But its 2020 Risk Profile Failed to Identify a Significant Action Underway to Address Acknowledged Supervision Risk AUD-2021-004 2021-03-17
FHFA’s Failure to Include the Financial Crimes and Model Components in its CSS Risk Assessment Is Inconsistent with a Risk-Based Approach to Supervision AUD-2021-005 2021-03-23
Audit of an FHFA Sensitive Employment-Related Case Tracking System: FHFA Followed its Access Control Standard, But its System Is Adversely Impacted by Two Security Control Weaknesses AUD-2021-006 2021-03-29
Despite FHFA’s Acknowledgement that Enterprise Reliance on Third-Parties Represents a Significant Operational Risk, No Targeted Examinations of Fannie Mae’s Third-Party Risk Management Program Were Completed Over a Seven-Year Period AUD-2021-007 2021-03-29
FHFA Did Not Always Follow its Policies for Monetary Awards, Recruitment Bonuses, and Retention Allowances during Fiscal Years 2019 and 2020; FHFA’s Excellence Awards Were Not Included in Agency Policy AUD-2021-008 2021-06-17
FHFA Did Not Record, Track, or Report All Security Incidents to US-CERT; 38% of Sampled FHFA Users Did Not Report a Suspicious Phone Call Made to Test User Awareness of its Rules of Behavior AUD-2021-009 2021-06-25
FHFA Lacked Documentation of its Validation of Data Used to Produce the Third Quarter 2020 Seasonally Adjusted, Expanded-Data FHFA HPI and Failed to Timely Review its Information Quality Guidelines AUD-2021-010 2021-07-22
Audit of the Federal Housing Finance Agency’s 2021 Privacy Program AUD-2021-011 2021-08-11
DBR Generally Followed its Guidance to Assess the Remediation of Adverse Examination Findings Issued to the FHLBanks and the Office of Finance AUD-2021-012 2021-09-02
FHFA’s Use of its Enterprise Examination Manual, in Practice, Does Not Align with its Goal of Promoting a Consistent Examination Approach or Meet Management’s Expectations AUD-2021-013 2021-09-28
FHFA’s Division of Enterprise Regulation Did Not Follow or Train to its Procedures for Information Sharing of Enterprise Counterparty Performance Issues AUD-2021-014 2021-09-28