OIG-20-07 Audit Of The NCUA's Examination And Oversight .

1y ago
2 Views
1 Downloads
1.10 MB
31 Pages
Last View : 15d ago
Last Download : 2m ago
Upload by : Maleah Dent
Transcription

AUDIT OFTHE NCUA’S EXAMINATION AND OVERSIGHT AUTHORITY OVERCREDIT UNION SERVICE ORGANIZATIONS AND VENDORSReport #OIG-20-07September 1, 2020

Office of Inspector GeneralSENT BY EMAILTO:Distribution ListFROM:Inspector General James W. HagenSUBJ:Audit of the NCUA’s Examination and Oversight Authority over Credit UnionService Organizations and VendorsDATE:September 1, 2020The National Credit Union Administration (NCUA) Office of Inspector General conducted thisself-initiated audit to assess the NCUA’s examination and oversight authority of credit unionservice organizations (CUSOs) and third party vendors. The objectives of our audit were todetermine whether: 1) the NCUA complied with applicable laws, regulations, policies, andprocedures for CUSO and other (non-CUSO) third-party vendor reviews; and 2) the NCUA’svendor review process effectively helps to assess the adequacy of credit union management’sdue diligence reviews, and identify and reduce the risks vendor relationships pose to creditunions.Results of our audit determined the NCUA complied with applicable laws, regulations, policies,and procedures for CUSO reviews. However, we determined that the NCUA needs authorityover CUSOs and vendors to effectively identify and reduce the risks vendor relationships pose tocredit unions in order to protect the National Credit Union Share Insurance Fund (ShareInsurance Fund). Our audit also determined that since 2004, the last four NCUA BoardChairmen have led an effort through Congressional committee testimony to amend the FederalCredit Union Act to provide the NCUA with the authority over CUSOs to hold them accountablefor unsafe and unsound practices. We are making one recommendation in our report related toamending the Federal Credit Union Act.We appreciate the cooperation and courtesies NCUA management and staff provided to usduring the audit. If you have any questions on the report and its recommendation, please contactme at 703-518-6350.1775 Duke Street – Alexandria, VA 22314-6113 – 703-518-6350

Page 2Distribution List:Board Chairman, Rodney E. HoodBoard Member J. Mark McWattersBoard Member Todd M. HarperExecutive Director Larry FazioActing General Counsel Frank KressmanDeputy Executive Director Rendell JonesE&I Acting Director Myra ToeppeSpecial Asst. to the ED Joy LeeDeputy Chief of Staff Gisele RogetOEAC Deputy Director Michael SinacoreAttachment

TABLE OF CONTENTSSectionPageEXECUTIVE SUMMARY .1BACKGROUND .2RESULTS IN DETAIL.13NCUA Needs Statutory Authorityover CUSOs and Vendors .13Examiners Substantially Complied withCUSO Policies and Procedures .21APPENDICES:A. Objective, Scope, and Methodology .24B. NCUA Management Response .26C. Acronyms and Abbreviations .27NCUA Office of Inspector GeneralPage i

OIG-20-07Audit of the NCUA’s Examination And Oversight Authority overCredit Union Service Organizations and VendorsEXECUTIVE SUMMARYThe National Credit Union Administration (NCUA) Office of Inspector General (OIG)conducted this self-initiated audit to assess the NCUA’s examination and oversight authority ofcredit union service organizations (CUSOs) and third party vendors. The objectives of our auditwere to determine whether: 1) the NCUA complied with applicable laws, regulations, policies,and procedures for CUSO and other (non-CUSO) third-party vendor reviews; and 2) theNCUA’s vendor review process effectively helps to assess the adequacy of credit unionmanagement’s due diligence reviews, and identify and reduce the risks vendor relationships poseto credit unions. The scope of our audit covered the period of January 1, 2013, throughDecember 31, 2019.Our audit determined the NCUA complied with applicable laws, regulations, policies, andprocedures for CUSO reviews. However, we determined that the NCUA needs authority overCUSOs and vendors to effectively identify and reduce the risks vendor relationships pose tocredit unions in order to protect the National Credit Union Share Insurance Fund (ShareInsurance Fund). Although the NCUA conducts CUSO reviews, there is currently nothing in theFederal Credit Union Act that provides the NCUA with the authority to supervise CUSOs andvendors to hold them accountable for unsafe and unsound practices that have direct and lastingimpact on the credit unions they serve. In addition, the lack of statutory vendor oversight andregulatory enforcement authority hinders the NCUA’s ability to conduct effective reviews ofvendors. As a result, the NCUA’s Share Insurance Fund is exposed to risk from CUSOs andvendors that can cause significant financial hardship, or even failure to the credit unions that usethem. We are making one recommendation in our report related to a statutory change to theFederal Credit Union Act.We appreciate the cooperation and courtesies NCUA management and staff provided to usduring this audit.NCUA Office of Inspector GeneralPage 1

OIG-20-07Audit of the NCUA’s Examination And Oversight Authority overCredit Union Service Organizations and VendorsBACKGROUNDThe NCUA is the independent federal agency created by the U.S. Congress to regulate, charter,and supervise federally insured credit unions. The NCUA's mission is to provide, throughregulation and supervision, a safe and sound credit union system, which promotes confidence inthe national system of cooperative credit. The NCUA’s organizational structure consists of theCentral Office, the Asset Management and Assistance Center, and three regional offices—Eastern, Southern, and Western.The NCUA’s Office of Examination and Insurance (E&I) is responsible for providing leadershipand collaborating with other agency offices and regions on the establishment of sound policy,direction, and quality control over the examination, surveillance, and problem resolutionprograms. E&I’s responsibility extends to approximately 5,200 federally insured credit unionswith more than 120 million members and more than 1.57 trillion in assets across all states andU.S. territories to ensure effective management of risk to the Share Insurance Fund and a safeand sound federally insured credit union system.The NCUA’s National Supervision Policy Manual (NSPM) establishes policies, procedures, andguidelines intended to provide effective district management, 1 supervision of credit unions, andquality assurance. In addition, the NCUA Examiner’s Guide contains a framework intended formore consistent application of examiner judgment with respect to conclusions about a creditunion’s financial and operational condition and related CAMEL 2 and risk ratings. TheExaminer’s Guide also is intended to provide a consistent approach for evaluating the adequacyof a credit union’s relevant risk-management processes, such as those related to credit unionrelationships with CUSOs and vendors.A CUSO is an organization in which a federally insured credit union has an ownership interest or towhich a credit union has extended a loan, which is engaged primarily in providing products orservices to credit unions or credit union members, or, in the case of checking and currency services,to persons eligible for membership in a credit union having a loan, investment, or contract. A CUSOalso includes any organization in which the CUSO has an ownership interest if that organization isengaged primarily in providing products or services to credit unions or credit union members. Avendor is an outside service provider with which a credit union or a CUSO contracts, but doesnot have an ownership interest.Recognizing that thousands of banks, savings associations, and credit unions relied heavily onoutside service providers and anticipating significant computer-related problems in the yearDistrict management encompasses the objective of managing and maintaining continuous and detailed knowledgeof an assigned district of credit unions. This includes ongoing financial analysis, knowledge of local economiccondition, knowledge of current events affecting assigned credit unions, identification of emerging risks, and theroutine reporting to management on these issues. District management also includes scheduling, prioritizing, andthe administrative tasks associated with the examiner position.2The CAMEL rating system is based upon an evaluation of five elements of a credit union's operations: CapitalAdequacy, Asset Quality, Management, Earnings, and Liquidity/Asset-Liability Management.1NCUA Office of Inspector GeneralPage 2

OIG-20-07Audit of the NCUA’s Examination And Oversight Authority overCredit Union Service Organizations and Vendors2000, in March 1998, Congress enacted the Examination Parity and Year 2000 Readiness forFinancial Institutions Act (Examination Parity Act). The Examination Parity Act gave theNCUA Board temporary examination and regulatory authority over CUSOs and service vendors.However, this authority expired on December 31, 2001. 3 The NCUA has not had direct statutoryauthority over CUSOs or vendors since then. In contrast, federal banking agencies 4 have directstatutory authority over bank service providers and bank vendors. NCUA Chairman RodneyHood and three Board Chairs before him have testified before Congress about the need forNCUA authority over CUSOs and vendors because credit unions’ reliance on CUSOs andvendors increased systemic risks 5 across the financial services landscape.VendorsCredit unions use many of the same vendors. For example, approximately 5 core processorvendors serve multiple credit unions and control approximately 85 percent of credit union data.In addition, 5 technology service provider vendors serve over 52 percent of all credit unions thathold 75 percent of total credit union assets. Many vendors subcontract with others to provideservices such as security services (including physical, data, network, and privacy securityservices) and application code development (including outsourcing to companies outside of theUnited States), and often these vendor relationships are unknown to the vendor’s client creditunions.From a credit union examination standpoint, in October 2007, the NCUA issued a SupervisoryLetter (Letter), Evaluating Third Party Relationships, to examiners providing guidance onevaluating credit unions’ relationships with vendors. 6 The Letter noted that credit unions hadincreasingly contracted with vendors to meet strategic objectives and enhance member services,but that credit unions outsourcing functions without exercising an appropriate level of duediligence 7 and oversight could take on undue risk.The Letter stated that outsourcing complete control over one or more business functions to avendor amplified the risks inherent in those functions, including credit, interest rate, liquidity,transaction, compliance, strategic, and reputation risks. Accordingly, the Letter stated thatexaminers should ensure credit unions addressed the following concepts in a mannercommensurate with their size, complexity, and risk profile: risk assessment and planning; duediligence; and risk measurement, monitoring, and control.Pub. L. No. 105-164 (March 20, 1998).The federal banking agencies are the Board of Governors of the Federal Reserve System, the Federal DepositInsurance Corporation, and the Office of the Comptroller of the Currency.5Systemic risk is the threat that a disruption at a firm, in a market, or from another source, will cause difficulties atother firms, in other markets, or in the financial system as a whole.6Supervisory Letter No. 07-01.7Due diligence is the systematic, on-going process of analyzing and evaluating new strategies, programs, products,or operations to prepare for and mitigate unnecessary risks.34NCUA Office of Inspector GeneralPage 3

OIG-20-07Audit of the NCUA’s Examination And Oversight Authority overCredit Union Service Organizations and VendorsThe NCUA conducted direct reviews of vendors on a voluntary basis after its statutory authorityexpired in 2001, and continued to conduct them through 2008, when the review program stalledfor a number of reasons: Federal banking regulators’ reluctance to include the NCUA in their reviews of bankvendors, even though those vendors also served credit unions, because of the NCUA’slack of statutory examination and regulatory authority; Leadership and direction of the vendor program was split between E&I and the Office ofNational Examinations and Supervision, with neither directorate pursuing reviews; and Most vendors declined reviews.We determined that the NCUA conducted its last vendor review in 2013 and does not have aformal vendor review program in place or any policies, procedures, or instructions forperforming such reviews. However, we learned that the NCUA plans to ask the top 20 creditunion vendors to participate on a voluntary basis in the agency’s review process. In themeantime, the NCUA continues to evaluate credit unions’ use of vendors as part of itsexamination program.CUSOsIn recent years, an increasing number of credit unions have shifted many of their services toCUSOs to leverage economies of scale and to benefit from CUSOs’ specialized expertise. Forexample, CUSOs often provide lending services and loan underwriting, including mortgageloans, student loans, and commercial loans. CUSOs manage the loans but the loans are ownedby credit unions.A CUSO is legally separate from a credit union and its incentives may not always align with thecredit unions it serves. CUSOs are not directly subject to NCUA regulation or examination andare not chartered or insured by the NCUA. Nevertheless, the NCUA has an interest in creditunions’ relationships with CUSOs because if not properly managed, they can pose risks to anindividual credit union’s financial or operational condition and potential systemic risks to thecredit union industry.NCUA Office of Inspector GeneralPage 4

OIG-20-07Audit of the NCUA’s Examination And Oversight Authority overCredit Union Service Organizations and VendorsA credit union’s relationship with a CUSO can take the form of one or more of the following:A credit union may own all or a portion of the CUSO, constituting an equityInvestor orrelationship. The credit union may be a shareholder (corporation), memberowner(limited liability corporation), or partner (limited partnership) in the CUSO.A credit union may loan funds to the CUSO, constituting a debt relationship.LenderClientA credit union may be a user of a CUSO’s services or a purchaser of productsoffered by a CUSO, constituting a vendor-client relationship.Federal law and regulations limit the amount a federal credit union may invest in or loan to aCUSO and allow federal credit unions to establish relationships only with CUSOs that offer preapproved services. Restrictions for federally insured state credit unions (FISCU) are similar butmay vary according to state laws and regulations.Investment and Loan LimitsThe Federal Credit Union Act permits a federal credit union, with approval of the NCUA Board,to invest in CUSOs. Those investments must not exceed, in the aggregate, 1 percent of the totalpaid-in and unimpaired capital and surplus of the credit union as of its last calendar year-endfinancial report. 8 In addition, the Federal Credit Union Act permits a federal credit union, withapproval of the credit union’s board of directors, to lend up to 1 percent of the paid-in andunimpaired capital and surplus of the credit union to CUSOs. 9 The NCUA may at any time,based upon supervisory, legal, or safety and soundness reasons, limit any CUSO activities orservices or refuse to permit any CUSO activities or services. 10Maintaining Legal SeparationA CUSO has its own board of directors and management that operate separately from the creditunion’s board and management. However, members of the credit union board and managementteam may also serve on the board of directors of a CUSO or in a dual employee capacity; this isparticularly true for CUSOs that are wholly owned by a credit union. However, CUSOs must bestructured and operate in a way that demonstrates that the CUSO and its owner credit union(s)are separate and distinct businesses. 11 Failure to achieve this separation exposes a credit union toa legal risk referred to as “piercing the corporate veil,” in which the credit union would be heldliable for the CUSO’s actions or debts beyond the credit union’s investment or loan.12 U.S.C. § 1757(7)(I); see also 12 C.F.R. § 712.2(a).12 U.S.C. § 1757(5)(D).1012 C.F.R. § 712.5; see also 12 C.F.R. § 702.202(4)(b)(2) (as part of prompt corrective action for undercapitalizedcredit unions, the NCUA may restrict an undercapitalized credit union’s transactions with a CUSO or requirethe undercapitalized credit union to reduce or divest its ownership interest in a CUSO).1112 C.F.R. § 712.4.89NCUA Office of Inspector GeneralPage 5

OIG-20-07Audit of the NCUA’s Examination And Oversight Authority overCredit Union Service Organizations and VendorsCUSO ServicesFederal credit unions may invest in or provide loans to CUSOs that offer any of the followingpre-approved categories of activities: 12Complex/High-RiskActivities and Services*Basic Activities and Services Checking and currency servicesClerical, professional, andmanagement servicesCUSO investments in non-CUSOprovidersFinancial counseling servicesFixed asset servicesInsurance brokerage or agencyLeasingReal estate brokerage servicesSecurities brokerage servicesTravel agency services Business loan originationConsumer mortgage loan originationLoan support servicesStudent loan originationCredit card originationElectronic transaction servicesRecord retention, security, and disasterrecovery servicesPayroll processing servicesCustody, safekeeping, and investmentmanagement services for credit unions(including trust and trust related services)Shared credit union branch operations* CUSOs that provide complex or high-risk services (as defined by regulation) must report additional informationthrough the CUSO Registry.Federal credit unions may invest in CUSOs that engage in activities and services within thesepre-approved categories. However, CUSOs may offer additional services with the permission ofthe NCUA Board. A CUSO that intends to offer a service that is not pre-approved must firstseek an advisory opinion from the NCUA’s Office of General Counsel.CUSO RegistryAnnually, the NCUA requires credit unions with CUSOs to have written agreements with theCUSOs requiring them to provide the NCUA operational and financial information. 13 TheNCUA collects this information through a CUSO Registry. 14 As of December 31, 2018, therewere 953 registered CUSOs, including 38 CUSOs serving corporate credit unions.12 C.F.R. § 712.5.12 C.F.R. § 712.3(d)(4).14CUSOs report year-end information to the registry during the annual registration period (February 1 throughMarch 31). The registry provides the NCUA with accurate information about CUSOs to evaluate their potentialfinancial and operational risks to credit unions. This information also helps the NCUA identify inter-relationshipsbetween credit unions and CUSOs to help determine which CUSOs to focus on and to identify any systemic risks.1213NCUA Office of Inspector GeneralPage 6

OIG-20-07Audit of the NCUA’s Examination And Oversight Authority overCredit Union Service Organizations and VendorsThe table below outlines the information CUSOs are required to report based on the servicesthey provide. CUSOs offering complex or high-risk activities must report additional informationto the NCUA through the registry. 15Required InformationBasic registration information including: Tax Identification/Employer IdentificationNumber Legal name including trade or Doing BusinessAs names Address Telephone number Website Contact person Chief Executive Officer name and contactinformation Date of last financial auditWho is Required to Report?All CUSOsServices offered by the CUSOFederally insured credit unions that invest in, lend to,or receive services from the CUSO (the credit union"customer" information)Ownership informationServices provided to each federally insured creditunion customerInvestment, loan, or level of activity of each federallyinsured credit unionCUSOs that offer one or more highrisk servicesAudited financial statementsTotal dollar amount of loans facilitated*Total number of loans facilitated*Total dollar amount of loans granted year-to-date*CUSOs that offer credit or lendingservicesTotal number of loans granted year-to-date* As applicable for the types of services that are offered1512 C.F.R. § 712.5.NCUA Office of Inspector GeneralPage 7

OIG-20-07Audit of the NCUA’s Examination And Oversight Authority overCredit Union Service Organizations and VendorsCUSO ReviewsThe NCUA requires any federally insured credit union with an investment in or a loan to aCUSO to enter into a written agreement with the CUSO that it will provide the NCUA withcomplete access to its books and records and the ability to review the CUSO's internal controls. 16The NCUA considers several factors, including the CUSO’s geographic range of operations andtypes of services offered, when deciding which CUSOs will receive an onsite review. A CUSOreview may be part of a credit union examination using the CUSO review questionnaire found inthe NCUA’s Automated, Integrated, Regulatory Examination System (AIRES). 17 A CUSOreview can also be stand-alone review, conducted in response to recommendations from NCUAor State Supervisory Authority (SSA) 18 staff. A follow-up review may be performed at thedirection of a supervisory examiner, Division of Special Actions Director, or other senior NCUAofficial to determine whether a CUSO has properly acted upon previously recommendedcorrective actions from the stand-alone review.As with its other risk-focused examinations, the NCUA expects examiners to tailor examinationprocedures according to the size, complexity, and business of the CUSO being reviewed. TheNCUA may perform CUSO reviews in conjunction with the SSA in the case of FISCUs. In mostcases, the agency that initiates the review will be in charge of the review. Some SSAs have beengranted examination and enforcement authority over CUSOs under state law. In that case, anSSA may conduct the CUSO review independently and provide a copy of the resulting report tothe relevant NCUA regional office.Regional Office Roles and ResponsibilitiesYearly, regions are required to solicit CUSO recommendations from NCUA staff and each SSAin the region. During NCUA’s annual resource budgeting process, the Associate RegionalDirector for Programming is required to determine which CUSOs will receive on-site CUSOreviews based on SSA and field staff recommendations, a CUSO’s overall risk profile (identifiedthrough CUSO Registry information), and the availability of staff resources.Associate Regional Directors for Programming then determine which CUSOs require crossregional coordination and staffing, including identifying the region that will be primarilyresponsible for scheduling and staffing the review as well as any necessary specialized resources.Associate Regional Directors of Programs also determine which CUSOs will receive reviews1612 C.F.R. § 712.3(d)(3).AIRES is the NCUA’s credit union examination tool. The NCUA plans to replace AIRES with the ModernExamination and Risk Identification Tool (MERIT) in 2020. The NCUA is piloting MERIT as of the date of thisreport.18Each state that has a FISCU has its own SSA, which is responsible for completing examinations of FISCUs. Fivestates and the District of Columbia, Guam, Puerto Rico, and the Virgin Islands do not have FISCUs.17NCUA Office of Inspector GeneralPage 8

OIG-20-07Audit of the NCUA’s Examination And Oversight Authority overCredit Union Service Organizations and Vendorsstaffed and coordinated within the region, including identifying the supervisor (supervisoryexaminer or Division of Special Actions) responsible for scheduling and staffing the review.Division of SupervisionDivision of Supervision staff are responsible for: Coordinating report actions with the examiner-in-charge, supervisor, SSAs, and CUSOofficials; Coordinating report responses with the CUSO, SSAs, and the examiner-in-charge; and Finalizing and distributing draft and final reports to internal and external recipients. 19Supervisory Examiners and Division of Special ActionsSupervisory examiners and Division of Special Actions staff coordinate with examiners,specialists, and problem case officers to identify CUSOs whose operations may pose potentialrisk, and when identified, will recommend an independent CUSO review to regionalmanagement. Supervisory examiners and Division of Special Actions staff are responsible forreviewing the yearly CUSO review recommendations provided by staff. If an examiner alertsthem to an issue with a CUSO that warrants more immediate attention, they are required toimmediately notify the regional Division of Supervision Director, Associate Regional Director,and Associate Regional Director for Operations.Field StaffField examiners, specialists, and problem case officers are responsible for identifying potentialrisks associated with CUSOs based on information gathered during on-site contacts,examinations, and insurance reviews. If an examiner, specialist, or problem case officer believesthat a CUSO poses significant risk to a credit union because it is not financially stable or becauseof issues with the CUSO’s products or services, they must recommend it for an independentreview.Selecting, Scheduling, and Resourcing CUSO ReviewsThe final selection of CUSOs for review is based on emerging risks and the potential forsystemic risk if the CUSO serves multiple credit unions. On a quarterly basis, regions arerequired to provide in their quarterly workload memo to E&I any additions or deletions to the listInternal recipients include regional management, central offices, and E&I, and external recipients include CUSOs,SSA (when applicable), and the affiliated credit union.19NCUA Office of Inspector GeneralPage 9

OIG-20-07Audit of the NCUA’s Examination And Oversight Authority overCredit Union Service Organizations and Vendorsof CUSOs scheduled for a review and the anticipated dates for completion of CUSO reviews forthe quarter.CUSO Report ProcessThe examiner-in-charge has flexibility in developing the overall content of the CUSO report butgenerally may not include information that is considered to be a CUSO’s trade secret orproprietary information, or that could expose a CUSO to additional risk, such as informationrelated to security controls. If it is important nonetheless for this information to be included in areport, the examiner-in-charge includes it in a “Closed Section” appendix, which is provided tothe CUSO but not the associated credit union.Distributing the Draft CUSO ReportThe examiner-in-charge forwards the draft CUSO report to his or her supervisor for review, andupon review and approval, the supervisor forwards the report to the Division of Supervision,which assigns an analyst to review the report within 14 days. Coordinating with the supervisorand the examiner-in-charge, the analyst edits and clarifies the report as necessary. Once theanalyst makes any necessary changes, they send the report to any SSA that participated in the onsite review and ask for a response within 15 days. Working with the examiner-in-charge, theanalyst may revise the report based on the SSA response. The analyst then sends the report toCUSO management to respond to the findings and recommended corrective actions within 15days of receipt of the report.Management Response and Report DistributionOnce the analyst receives the response from CUSO management, the analyst forwards it to theexaminer-in-charge to address the response within 10 days of receipt. The examiner-in-charge,the analyst, and SSA staff (if applicable) coordinate with CUSO management regarding theresponse if necessary. If no agreement can be reached regarding the report or response, inconsultation with NCUA regional management, the report is finalized and issued to CUSOofficials, credit union officials, 20 and the SSA (if applicable) on a case-by-case basis. If a CUSOdoes not respond, the NCUA will indicate that in the report and issue the report.CUSO Review Report MaintenanceInstead of using AIRES, E&I maintains all CUSO reports and associated documents in aSharePoint 21 site that serves as the central repository for all agency CUSO reviews. Division ofSupervision staff upload the report file to the SharePoint site and send an email to the E&Imailbox and all other regional Division of Supervision mailboxes to alert them of the upload.2021Credit union officials are owners of the CUSO (investors).SharePoint is a web-based collaborative platform, which is primarily a document management and storage system.NCUA Office of Inspector GeneralPage 10

OIG-20-07Audit of the NCUA’s Examination And Oversight Authority overCredit Union Service Organizations and VendorsCUSO Follow-Up ReviewsAt management’s direction, examiners-in-charge may conduct CUSO follow-up reviews. Theexaminer-in-charge may use discretion in developing both the content and the format of thefollow-up review report, but at a minimum, they must address any action taken by CUSOofficials on the recommended corrective actions outli

credit unions in order to protect the National Credit Union Share Insurance Fund (Share Insurance Fund). Our audit also determined that since 2004, the last four NCUA Board Chairmen have led an effort through Congressional committee testimony to amend the Federal

Related Documents:

OIG conducted an Audit of NRC's Decommissioning Funds Program (OIG-16-A-16) that included a review of NRC's oversight of the decommissioning funds of both reactors and materials. The audit report was issued in June 2016. During that audit, OIG was not able to verify the accuracy of the Inventory List of material licensee decommissioning

The quality audit system is mainly classified in three different categories: i Internal Audit ii. External Audits iii. Regulatory Audit . Types Of Quality Audit. In food industries all three audit system may be used to carry out 1. Product manufacturing audit 2. Plant sanitation/GMP audit 3. Product Quality audit 4. HACCP audit

Department of Labor (DOL) is pleased to present the OIG Investigations Newsletter, containing a bimonthly summary of selected investigative accomplishments. The OIG conducts criminal, civil, and administrative investigations into alleged violations of federal laws relating to DOL programs, operations, and personnel. In addition, the OIG conducts

INTERNAL AUDIT Example –Internal audit report [Short Client Name] Internal Audit Report Rev. [Rev Number] STEP ONE: Audit Plan Process to Audit (Audit Scope): Audit Date(s): Lead Auditor: Audit #: Auditor(s): Site(s) to Audit: Applicable Clauses of [ISO 9001 or AS9100] S

4.1 Quality management system audit 9.2.2.2 Quality management system audit - except: organization shall audit to verify compliance with MAQMSR, 2nd Ed. 4.2 Manufacturing process audit 9.2.2.3 Manufacturing process audit 4.3 Product audit 9.2.2.4 Product audit 4.4 Internal audit plans 9.2.2.1 Internal audit programme

DOT OIG Internal Audit GAO Audit Standards Require That: 8.72 Assessing the risk of fraud is an ongoing process throughout the audit. When information comes to the auditors’ attention indicating that fraud, significant within the context of the audit objectives, may have occurred, auditors should extend the audit steps and procedures, as

OIG-18-12 . DHS OIG SPECIAL REPORT . Lessons Learned from Previous Audit Reports . on Insurance under the Public Assistance Program . November 7, 2017 Why We Did This Special Report We prepared this special report to addre

Packages OIG-17-A-21 August 16, 2017 All publicly available OIG reports (including this report) are accessible through NRC's Web site at . Transportation of Radioactive Material Packages Regulation (10 CFR Part 71) Title 10 Code of Federal Regulations Part 71 (Part 71) establishes the .