The audit was part of a larger audit that the Council of Inspectors General on Financial Oversight (CIGFO) initiated. (Read CIGFO report)
NCUA's IG decided to issue this separate report to help the agency in determining how to handle and control confidential non-public FSOC information and protect it from unauthorized disclosure.
The IG report identified specific areas where NCUA needs to improve or supplement its policies and procedures. The specific areas that need to be addressed are:
• Protecting oral communication of confidential non-public FSOC information;
• Inventorying or tracking FSOC information requests/responses;
• Controlling access to and authorizing release of confidential non-public information to FSOC, FSOC member agencies or other external parties (e.g., Congress);
• Placing appropriate markings on FSOC information to identify it as containing confidential information;
• A central person/group to coordinate all FSOC communications;
• Membership on FSOC committees, including authorized alternate representatives and corresponding duties and responsibilities of the NCUA representatives;
• Identifying, controlling and monitoring who within NCUA will have access to and who has accessed specific FSOC information and systems;
• Handling, controlling, and protecting FSOC information during teleconferences and telework sessions; and
• Consequences for the breach/unauthorized disclosure of FSOC information.
The IG recommended that NCUA should coordinate with FSOC and its member agencies to supplement or improve its policies, procedures, and practices regarding non-public FSOC information.
However, NCUA management believes its existing policies, procedures, and training are effective; but acknowledges that its policy and procedures could be more comprehensive.
Read the report.