The CFPB has released a report for FY 2015 prepared by KPMG LLP of its independent audit of selected CFPB operations and budget. An annual independent audit is required by the Dodd-Frank Act. The report dated December 18, 2015 reflects work performed by KPMG during the period June 15, 2015 to November 24, 2015.
The audit evaluated the CFPB’s (1) budget process relative to CFPB policies and procedures established over budget formulation, execution, and monitoring; (2) Investment Review Board (IRB) process relative to CFPB policies and procedures; (3) information privacy function relative to CFPB policies and procedures concerning compliance with privacy laws and applicable regulations and guidance, and (4) corrective actions taken to resolve the findings included in KPMG’s FY 2014 audit.
KPMG did not identify any findings related to the CFPB’s budget process or IRB process but made several recommendations for strengthening those processes. It also found that the control deficiencies found in the FY 2014 audit had been remediated.
With regard to the CFPB’s privacy policies and procedures, KPMG found that the CFPB had not completed a reconciliation of data necessary to determine whether the CFPB is in compliance with its privacy policies and procedures, and that its privacy policies did not include procedures and options to assure destruction of storage that contains or contained personally identifiable financial information. KPMG recommended that the CFPB complete the reconciliation and update its privacy policies to include such procedures and options.