Despite Prior Commitments, FHFA Has Not Implemented a Systematic Workforce Planning Process to Determine Whether Enough Qualified Examiners are Available to Assess the Safety and Soundness of Fannie Mae and Freddie Mac |
AUD-2020-004 |
2020-02-25 |
FHFA's 2019 Disaster Recovery Exercise of its General Support System Was Conducted as Planned, But its Disaster Recovery Procedures Were Missing Certain Required Elements and Included Outdated Information |
AUD-2020-005 |
2020-03-23 |
FHFA’s Procurement Awards during the Period January 2017 to September 2019 Followed Most of its Acquisition Policies and Procedures but Some Required Internal Peer Reviews Were Not Performed |
AUD-2020-006 |
2020-03-24 |
For Fiscal Year 2019, FHFA Did Not Always Follow its Policy for Employee Reimbursements and Stipends; FHFA’s Practice for Calculating Employee Travel Stipends Was Not Stated in its Policy Nor Consistently Followed |
AUD-2020-007 |
2020-03-26 |
FHFA Needs to Strengthen Controls Over its Records Management Program to Comply with OMB and NARA Requirements |
AUD-2020-008 |
2020-03-26 |
FHFA Cannot Assure that All Electronic Media Approved for Destruction in October 2018 Was Destroyed, and it Continues to Lack Adequate Controls over Electronic Media Targeted for Disposal |
AUD-2020-009 |
2020-03-30 |
DBR’s Examinations during the 2017 through 2019 Examination Cycles Generally Complied with its Guidelines, but Some Exceptions to those Guidelines Were Not Documented and/or Approved, and DBR’s Quality Control Branch Failed to Identify these Shortcomings |
AUD-2020-010 |
2020-09-03 |
FHFA Completed Most of its Planned Ongoing Monitoring Activities for Fannie Mae and CSS for 2019; However, FHFA Failed to Follow its Requirements When it Changed Examination Plans for Non-Risk-Based Reasons and Failed to Obtain Deputy Director Approval |
AUD-2020-011 |
2020-09-09 |
FHFA Completed All of its Planned Ongoing Monitoring Activities for Freddie Mac for 2019 |
AUD-2020-012 |
2020-09-09 |
FHFA Failed to Follow its Cloud-Based Computing Requirements when it Did Not Validate the Implementation of Minimum Security Requirements for Cloud-Based Tools and Did Not Include Required IT Security Provisions in Some of its Cloud Service Contracts |
AUD-2020-013 |
2020-09-17 |
Weaknesses in FHFA’s Monitoring of the Enterprises’ 97% LTV Mortgage Programs May Hinder FHFA’s Ability to Timely Identify, Analyze, and Respond to Risks Related to Achieving the Programs’ Objectives |
AUD-2020-014 |
2020-09-29 |
Audit of the Federal Housing Finance Agency’s Information Security Program (Fiscal Year 2020) |
AUD-2021-001 |
2020-10-20 |
Audit of the Federal Housing Finance Agency Office of the Inspector General’s Information Security Program (Fiscal Year 2020) |
AUD-2021-002 |
2020-10-20 |
Audit of FHFA’s Design of Procedures and Guidance to Prevent and Reduce Improper Payments |
AUD-2021-003 |
2021-03-11 |
FHFA Followed OMB Guidance in Implementing its Enterprise Risk Management Program But its 2020 Risk Profile Failed to Identify a Significant Action Underway to Address Acknowledged Supervision Risk |
AUD-2021-004 |
2021-03-17 |
FHFA’s Failure to Include the Financial Crimes and Model Components in its CSS Risk Assessment Is Inconsistent with a Risk-Based Approach to Supervision |
AUD-2021-005 |
2021-03-23 |
Audit of an FHFA Sensitive Employment-Related Case Tracking System: FHFA Followed its Access Control Standard, But its System Is Adversely Impacted by Two Security Control Weaknesses |
AUD-2021-006 |
2021-03-29 |
Despite FHFA’s Acknowledgement that Enterprise Reliance on Third-Parties Represents a Significant Operational Risk, No Targeted Examinations of Fannie Mae’s Third-Party Risk Management Program Were Completed Over a Seven-Year Period |
AUD-2021-007 |
2021-03-29 |
FHFA Did Not Always Follow its Policies for Monetary Awards, Recruitment Bonuses, and Retention Allowances during Fiscal Years 2019 and 2020; FHFA’s Excellence Awards Were Not Included in Agency Policy |
AUD-2021-008 |
2021-06-17 |
FHFA Did Not Record, Track, or Report All Security Incidents to US-CERT; 38% of Sampled FHFA Users Did Not Report a Suspicious Phone Call Made to Test User Awareness of its Rules of Behavior |
AUD-2021-009 |
2021-06-25 |
FHFA Lacked Documentation of its Validation of Data Used to Produce the Third Quarter 2020 Seasonally Adjusted, Expanded-Data FHFA HPI and Failed to Timely Review its Information Quality Guidelines |
AUD-2021-010 |
2021-07-22 |
Audit of the Federal Housing Finance Agency’s 2021 Privacy Program |
AUD-2021-011 |
2021-08-11 |
DBR Generally Followed its Guidance to Assess the Remediation of Adverse Examination Findings Issued to the FHLBanks and the Office of Finance |
AUD-2021-012 |
2021-09-02 |
FHFA’s Use of its Enterprise Examination Manual, in Practice, Does Not Align with its Goal of Promoting a Consistent Examination Approach or Meet Management’s Expectations |
AUD-2021-013 |
2021-09-28 |
FHFA’s Division of Enterprise Regulation Did Not Follow or Train to its Procedures for Information Sharing of Enterprise Counterparty Performance Issues |
AUD-2021-014 |
2021-09-28 |