Submitting OIG:
Report Description:
The National Credit Union Administration (NCUA) Office of Inspector General (OIG) conducted this self-initiated audit to assess the NCUA’s use of cloud computing services. Our objectives were to determine whether the NCUA: (1) adequately addressed risk when contracting cloud computing services; and (2) effectively managed operational and security risks of implemented cloud computing services.
Results of our audit determined that the NCUA needs an enterprise-wide approach to cloud computing to effectively contract and manage cloud computing services. The NCUA should align policies and procedures with this enterprise-wide approach. Our audit also determined the NCUA implemented cloud computing services as the situation or business need occurred to meet mission priorities. We believe this approach has not allowed the NCUA to clearly address federal guidance, has created inconsistent processes, and allowed for decisions and implemented services to be made unsystematically. Therefore, we are making two recommendations in our report and note that management has agreed to both recommendations. Given the current approach to the agency’s cloud computing services, the OIG plans to conduct a follow-up audit on the contracting and risk management of its use of cloud computing services once the recommendations in this report have been implemented.
Date Issued:
Monday, February 12, 2024
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
OIG-24-01
Location(s):
Agency-Wide
Type of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
2
Report updated under NDAA 5274:
No
View Document:
Attachment | Size |
---|---|
OIG-24-01-Cloud-Computing-Audit-Final-021224.pdf | 702.61 KB |
Additional Details Link: