The NCUA's Office of the Inspector General released its list of2016 audits as part of its performance plan for the comingyear.

Among the audits slated for 2016 are a review of NCUSIF material losses of more than $25 million, as required bythe Dodd-Frank Act. The audit will determine causes for creditunion failures and the resulting loss to the NCUSIF, and willassess the NCUA's supervision of the credit unions.

The Federal Information Security Management Act requires the OIGto evaluate the agency's IT security policies, procedures andpractices, as well perform an assessment of compliance and privacymandates. The OIG must determine if the agency was in compliancewith FISMA and prepare an annual report for the Office ofManagement and Budget on the NCUA's IT security managementprogram.

Further, the Inspector General will conduct a review of theagency's purchase and travel card program; participate in a jointreview of NCUA's closing package to support the Sept. 30 year-endgovernment-wide consolidated financial statements, along with theOMB, the Department of Treasury's Financial Management Service andthe Government Accountability Office. It will also conduct a reviewof the NCUA's reporting entities, including the NCUSIF, the NCUAoperating fund, Central Liquidity Facility, Community DevelopmentRevolving Loan Fund and Temporary Corporate Credit UnionStabilization Fund for reports to be released by Feb. 15, 2017.

The OIG will also evaluate the NCUA's DATA Act readiness reviewon reports containing financial and payment data.

In addition, the OIG is considering a discretionary audits todetermine whether the NCUA provides adequate oversight of creditunion cybersecurity to assess whether credit unions are takingsufficient measures to protect the confidentiality, availability,and integrity of credit union assets and sensitive credit uniondata.

Also, it will determine whether the NCUA's procurement processis fair and effective and determine whether NCUA examinersadequately assess credit union real estate loan portfolios,associated risks and credit union actions to mitigate therisks.

The OIG will also determine whether the NCUA adequately limitsor controls employee and contractors access to sensitive NCUA andcredit union data stored within the NCUA's IT infrastructure, andassess the NCUA's Office of Small Credit Union Initiatives' processover eligibility determination when selecting grant recipients, anddetermine whether grant expenditures are used for their intendedpurposes.