In order of significance, the challenges are:
- Ensuring an Effective Information Security Program
- Ensuring Comprehensive Policies & Procedures Are in Place and Followed
- Maturing the Human Capital Program
- Manage and Acquiring Sufficient Workspace to Support CFPB Activities
The review was conducted by Mark Bialek, the Office of the Inspector General of the Federal Reserve Board and the CFPB.
The CFPB “has not fully implemented processes” within its network that would “enable the agency to detect and better protect against unauthorized access to and disclosure of its sensitive information and help lower the risk of insider threats,” according to the report.
The report acknowledges that the CFPB has “taken several steps to develop and implement an information security continuous monitoring program that is generally consistent with federal requirements.” A centralized logging information tool for CFPB systems was cited as an example of its compliance with the program.
With respect to internal controls, the CFPB has not provided dedicated training to officials “on controls related to travel card expenses, which could result in the agency reimbursing cardholders for improper purchases.” Additionally, a General Accountability Office report cited issues with the agency’s internal controls over financial reporting related to property, equipment, and software.
Our reports have identified additional gaps in policies and procedures, however, including a lack of clearly defined or documented roles and responsibilities.
Another management challenge is related to personnel at the CFPB. The agency is using a new performance management system that aims to correct problems cited in a 2013 report that detailed performance ratings among employees of different demographic groups. As well, the CFPB “needs to continue its efforts to ensure it is adequately staffing mission-critical positions and developing a qualified and diverse pool of candidates for senior management positions.”
Finally, renovations to the CFPB’s headquarters could possibly create problems in making sure there is enough space to house agency employees.
Our audit work found that the CFPB does not have a process for consistently collecting, maintaining, and using information to help inform future space-planning decisions. Implementing such a process may help the CFPB ensure that it is effectively planning for and using its office space to meet its long-term mission needs. According to a CFPB official, the agency is developing a process that will standardize its collection, maintenance, and use of information to assist in its space-planning activities.