Federal Deposit Insurance Corporation
Office of Inspector General
Federal Deposit Insurance Corporation - Office of Inspector General

FDIC Office of Inspector General Ongoing Work

(Information as of November 14, 2017)

Office of Program Audits and Evaluations (PAE)

  • The Minority Depository Institution (MDI) Program at the FDIC

The evaluation objective is to examine the FDIC's actions to preserve and promote MDIs and assess whether the program is achieving its goals. Our evaluation will focus on FDIC-supervised MDIs.

  • The FDIC's Loan Sampling Methodology 

The objective is to evaluate (1) the FDIC's loan sample selection methodology, including compliance with Division of Risk Management Supervision guidance and (2) whether the FDIC is generating loan samples that are representative of financial institutions' loan risk exposures.

  • Evaluation of the FDIC's Consumer Response Center  

The objective is to assess how efficiently and effectively the FDIC processes consumer complaints. Specifically, we will evaluate how the Division of Depositor and Consumer Protection (1) receives, investigates, and responds to consumer complaints involving FDIC-supervised institutions and (2) analyzes complaint data, identifies emerging issues and trends, and responds to those issues and trends.

  • Consumer Protection Rules Regarding Ability to Repay Mortgages

The objective is to assess the FDIC’s implementation of selected consumer protection rules.  Our evaluation is focusing on two rules that placed new requirements on the banking industry by (1) directing lenders to determine if a consumer has a reasonable ability to repay a mortgage loan and (2) limiting loan originator compensation and subjecting loan originators to new requirements.

  • Claims Administration System (CAS) Functionality

The objective is to determine to what extent CAS has achieved the Division of Resolutions and Receiverships’ performance expectations for accuracy, timeliness, and capacity in making insurance determinations.

  • Implementing Forward-looking Supervision for High Growth-High Concentration Institutions

The objective is to determine whether the intended outcomes of the Forward-looking Supervision Program have been achieved—the Division of Risk Management Supervision has taken appropriate supervisory action as risks are identified, and the financial institutions have undertaken corrective measures.

  • Physical Security Risk Management Process

The objective is to determine the extent to which the FDIC's physical security risk management process meets federal standards and guidelines.


Office of Information Technology Audits and Cyber (ITC)

  • Controls over System Interconnections with Outside Organizations

The audit objective is to assess the FDIC's controls for managing system interconnections with outside organizations. The audit will focus on the FDIC's controls for planning, establishing, maintaining, and terminating systems interconnections.

  • Controls for Preventing and Detecting Cyber Threats 

The objective is to assess the effectiveness of the FDIC's network firewalls and security information and event management (SIEM) tool in preventing and detecting cyber threats.

  • Governance of Information Technology Initiatives 

The objective is to identify key challenges and risks that the FDIC faces with respect to the governance of IT initiatives.  The audit is focusing on the FDIC’s IT governance structure, Enterprise Architecture, and strategic plans in relation to selected IT initiatives, including the planned migration of email operations to the cloud, the deployment of laptop computers to employees and contractor personnel, and the potential adoption of a managed services solution for mobile IT devices.

  • Security Configuration Changes and Software Updates to FDIC's Windows Servers

The objective is to determine whether the FDIC has established and implemented controls for managing changes to its Microsoft Windows Server operating system that are consistent with federal requirements and guidelines.  Specifically, we plan to assess FDIC's controls for managing changes to the approved baseline configurations for the Windows server operating system and addressing software updates from the Microsoft Corporation.

 

Print Print
Close