Audits and Evaluations

2021

Audit of the Federal Housing Finance Agency Office of Inspector General's Information Security Program, Fiscal Year 2021 (AUD-2022-002) - 10/15/2021

Audit of the Federal Housing Finance Agency's Information Security Program, Fiscal Year 2021 (AUD-2022-001) - 10/15/2021

FHFA Did Not Follow its Interim Directive on a Requirement to Use a FAR Clause Intended to Protect Whistleblower Rights of Contractor Employees, But Has Since Taken Corrective Action (AUD-2021-015) - 09/30/2021

FHFA’s Division of Enterprise Regulation Did Not Follow or Train to its Procedures for Information Sharing of Enterprise Counterparty Performance Issues (AUD-2021-014) - 09/28/2021

FHFA’s Use of its Enterprise Examination Manual, in Practice, Does Not Align with its Goal of Promoting a Consistent Examination Approach or Meet Management’s Expectations (AUD-2021-013) - 09/28/2021

DBR Generally Followed its Guidance to Assess the Remediation of Adverse Examination Findings Issued to the FHLBanks and the Office of Finance (AUD-2021-012) - 09/02/2021

Audit of the Federal Housing Finance Agency’s 2021 Privacy Program (AUD-2021-011) - 08/11/2021

FHFA Lacked Documentation of its Validation of Data Used to Produce the Third Quarter 2020 Seasonally Adjusted, Expanded-Data FHFA HPI and Failed to Timely Review its Information Quality Guidelines (AUD-2021-010) - 07/22/2021

FHFA Did Not Record, Track, or Report All Security Incidents to US-CERT; 38% of Sampled FHFA Users Did Not Report a Suspicious Phone Call Made to Test User Awareness of its Rules of Behavior (AUD-2021-009) - 06/25/2021

FHFA Did Not Always Follow its Policies for Monetary Awards, Recruitment Bonuses, and Retention Allowances during Fiscal Years 2019 and 2020; FHFA’s Excellence Awards Were Not Included in Agency Policy (AUD-2021-008) - 06/17/2021

FHFA’s Failure to Define and Clearly Communicate “Supervisory Concerns” Hinders the Enterprise Boards’ Ability to Execute Their Oversight Obligations Under FHFA’s Corporate Governance Regulation and Renders the Regulation Ineffective as a Supervisory Tool (EVL-2021-003) - 03/30/2021

Despite FHFA’s Acknowledgement that Enterprise Reliance on Third-Parties Represents a Significant Operational Risk, No Targeted Examinations of Fannie Mae’s Third-Party Risk Management Program Were Completed Over a Seven-Year Period (AUD-2021-007) - 03/29/2021

Audit of an FHFA Sensitive Employment-Related Case Tracking System: FHFA Followed its Access Control Standard, But its System Is Adversely Impacted by Two Security Control Weaknesses (AUD-2021-006) - 03/29/2021

FHFA’s Failure to Include the Financial Crimes and Model Components in its CSS Risk Assessment Is Inconsistent with a Risk-Based Approach to Supervision (AUD-2021-005) - 03/23/2021

For Nine Years, FHFA Has Failed to Take Timely and Decisive Supervisory Action to Bring Fannie Mae into Compliance with its Prudential Standard to Ensure Business Resiliency (EVL-2021-002) - 03/22/2021

FHFA Followed OMB Guidance in Implementing its Enterprise Risk Management Program But its 2020 Risk Profile Failed to Identify a Significant Action Underway to Address Acknowledged Supervision Risk (AUD-2021-004) - 03/17/2021

Corporate Governance: Fannie Mae Senior Executive Officers and Ethics Officials Again Failed to Follow Requirements for Disclosure and Resolution of Conflicts of Interest, Prompting the Need for FHFA Direction (EVL-2021-001) - 03/15/2021

Audit of FHFA’s Design of Procedures and Guidance to Prevent and Reduce Improper Payments (AUD-2021-003) - 03/11/2021

2020

Audit of the Federal Housing Finance Agency’s Information Security Program (Fiscal Year 2020) (AUD-2021-001) - 10/20/2020

Audit of the Federal Housing Finance Agency Office of the Inspector General’s Information Security Program (Fiscal Year 2020) (AUD-2021-002) - 10/20/2020