The Office of Inspector General released the work plan for the CFPB. The OIG audited the CFPB’s Tableau system, which is an application used to develop, publish and view business intelligence data. The OIG found that the CFPB has implemented risk assessment, planning, security assessment and authorization and system services and acquisition controls for Tableau, in accordance with FISMA requirements. However, improvements are needed in the implementation and monitoring of baseline security configurations to ensure that components of Tableau are securely configured.
Other ongoing projects include an audit of the CFPB’s distribution of funds from the Civil Penalty Fund, an audit of the public consumer complaint database and a security control review of the CFPB’s DT Complaints Database. Planned projects include an audit of the pay and compensation program, an evaluation of the CFPB enforcement office’s process for protecting confidential information and an evaluation of the CFPB’s compliance with the requirements for issuing Civil Investigative Demands (CIDs).
Read the full work plan.