The CFPB has released the independent audit conducted by KPMG of selected CFPB operations and budget in FY 2013.  An annual independent audit is required by the Dodd-Frank Act.  The items evaluated in the 2013 audit and results were as follows:

  • KMPG evaluated how the CFPB’s intra-agency and inter-agency coordination process for its student loan initiatives measured up to leading practices for intra-agency and intra-agency collaborations.  Based on that review, KPMG identified various steps for such collaboration recommended by the Government Accountability Office for the CFPB to consider in developing a formal policy and procedures for inter-agency and intra-agency collaboration, such as defining and articulating common goals and outcomes and defining roles and responsibilities for each department/division or agency involved in a project.
  • KPMG looked at the CFPB’s contracting officer’s representative (COR) function related to contract activities.  (CORs are individuals appointed by an agency’s  contracting officers to assist in the monitoring of contracts, including the approval of invoices.)  KPMG found that a majority of the contract files it reviewed were missing required documentation and recommended that the CFPB reinforce detailed instructions to CORs regarding file maintenance, and increase the frequency of reviews of contract files maintained by CORs.
  • KPMG evaluated the CFPB’s budget process relative to its policies and procedures on budget formulation, execution, and monitoring.  It found certain controls over budget execution and monitoring needed to be strengthened, particularly the CFPB’s process for reviewing open obligations and removing stale obligations.
  • KPMG reviewed the corrective actions taken by the CFPB to address the findings in its 2012 independent audit.  KPMG found that the CFPB had completed its corrective action plan for three of the five findings that required corrective action: that the CFPB needed to establish a machine readable privacy policy on its website, complete the formal approval process for its privacy policy, and review all systems at least bi-annually to identify any changes that may require changes to CFPB Systems of Records Notices.  KPMB found the CFPB had only partially completed its corrective action plan for the findings that the CFPB needed to address how Consumer Response responds to written inquiries and develop its continuity of operations plan.