FRB: OIG: Strategic Plan Report

Strategic Plan Report

Other format: PDF (710 KB) (Download Accessible PDF Plug-in)

Board of Governors of the Federal Reserve System

Strategic Plan
2008 - 2011

OFFICE OF INSPECTOR GENERAL

Foreword Return to table of contents

Our vision is to achieve results, assess risk, and protect the public interest through an independent partnership with the Board, built on integrity, excellence, and professionalism.

The Office of Inspector General of the Board of Governors of the Federal Reserve System (Board) is pleased to present its Strategic Plan 2008 – 2011. This Strategic Plan sets a results-oriented, risk-focused vision for our office. Our first priority continues to be meeting our statutory and legislative requirements. Over the next four years, we will also strive to broaden our coverage of Board programs and operations, using a risk-based approach that considers the Board’s strategic goals, objectives, and priorities; budgetary and financial impacts; and the potential for reputational, operational, and compliance risk. Internally, we will target new training and development opportunities to expand our expertise, strengthen our quality and internal control framework, and enhance communications with internal and external stakeholders. Six fundamental values—independence, integrity, excellence, professionalism, empowerment, and commitment to the public interest—will shape our decisions and day-to-day operations. Through our audits and attestations, inspections and evaluations, investigations, legal services, and quality assurance programs, we will build strategic partnerships with the Board and other stakeholders to achieve results, while continually practicing and preserving the independence, objectivity, and professionalism that are at the heart of our work.

We renew our commitment to being a highly effective organization that promotes integrity, economy, efficiency, and effectiveness in Board programs and operations; helps prevent and detect fraud, waste, and abuse; and strengthens accountability to the Congress and the public. Through our collective and sustained effort going forward, we will achieve our vision, be guided by our values, and make a positive contribution in helping the Board carry out its mission.

/signed/

Elizabeth A. Coleman
Inspector General
March 31, 2008

Overview of the OIG’s Strategic Plan Return to table of contents

Overview of the OIG's Strategic Plan, 2008-2011

TABLE OF CONTENTS

^Foreword
^{Overview of the OIG’s Strategic Plan}
^Mission
^Vision
^Values
^{Roles and Responsibilities}
^{Business Environment and Challenges}
^{Goals, Objectives, and Strategies}
^{Performance Indicators}
^{List of Abbreviations and Acronyms}

Mission, Vision, and Values

Mission   Return to table of contents
The Office of Inspector General (OIG) conducts independent and objective audits, inspections, evaluations, investigations, and other reviews related to the programs and operations of the Board of Governors of the Federal Reserve System (Board). OIG efforts promote integrity, economy, efficiency, and effectiveness; help prevent and detect fraud, waste, and abuse; and strengthen accountability to the Congress and the public. The OIG’s work assists the Board in managing risk and in achieving its overall mission to foster the stability, integrity, and efficiency of the nation’s monetary, financial, and payment systems so as to promote optimal macroeconomic performance.
Vision   Return to table of contents
The OIG strives to achieve results, assess risk, and protect the public interest through an independent partnership with the Board, built on integrity, excellence, and professionalism.
Values   Return to table of contents
The OIG will accomplish its mission and conduct its day-to-day operations consistent with the following values:

Independence. Independence is a fundamental value guiding OIG operations and our arms-length partnership with the Board. In all matters, we will make independent and objective judgments free from

undue internal and external influences or pressures, or other organizational impairments.

personal bias or other personal impairments.

direct financial or other potential conflicts of interest.

Integrity. The OIG adheres to the highest standards of integrity in its dealings with its employees, as well as the Board, the System, the Congress, and the public. We will

be honest, candid, fair, and constructive.

conduct our work in an objective, fact-based, nonpartisan, and non-ideological manner.

use government information, resources, and position for official purposes.

exercise discretion in using information acquired during the course of our work, appropriately balancing transparency with the proper use of that information.

honor our responsibilities to the public interest, consistent with the highest ethical principles.

Excellence. Achieving our mission demands quality; high performance standards; a robust and secure infrastructure; and an experienced, skilled, and motivated professional workforce. We will

provide high quality results on time and within budget.

make constructive recommendations to address problems and issues, with proper consideration of the Board’s mission, goals, functions, and risks.

bring appropriate knowledge, skills, and abilities to our work and direct our recruitment, hiring, training and development, assignment, and evaluation processes to develop and maintain a highly competent workforce.

build efficiency, effectiveness, and security into our infrastructure, internal operations, and work processes.

maintain an effective quality control process.

Professionalism. We effectively use our knowledge, skills, and experience to perform our duties, in good faith and with integrity. In our day-to-day work, we will

treat others with respect and dignity.

follow applicable professional and technical standards.

comply with applicable laws and regulations.

conduct our work in a constructive manner.

exercise professional judgment and common sense.

Empowerment. The OIG recognizes the need to effectively manage its human resources and remains committed to ensuring a working environment that empowers employee productivity, accountability, and professional growth. We will

reward for excellence.

foster continuous improvement in all staff.

establish, encourage, and enforce a climate of fair and equitable treatment for all employees.

promote teamwork, independent thinking, and information sharing.

provide a family-friendly work environment that effectively balances the goals and objectives of the office with those of the individual.

Public Interest. The public interest is defined as the collective well-being of the community of the people and entities that we serve. We will

seek to protect the public interest and preserve the public trust.

observe integrity, objectivity, and independence in our work.

be accountable and responsive to the Board, the Congress, and the public.

Roles and Responsibilities Return to table of contents

Consistent with the Inspector General Act of 1978 (IG Act), as amended, the Office of Inspector General (OIG) of the Board of Governors of the Federal Reserve System (Board):

conducts and supervises independent and objective audits, investigations, and other reviews of Board programs and operations;

promotes economy, efficiency, and effectiveness within the Board;

helps prevent and detect fraud, waste, and mismanagement in the Board’s programs and operations;

reviews existing and proposed legislation and regulations and makes recommendations regarding possible improvements to the Board’s programs and operations; and

keeps the Chairman and Congress fully and currently informed of problems.

Congress has also mandated additional responsibilities that influence where the OIG directs its resources. For example, the Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA) amended the Federal Deposit Insurance Act to require the Board’s OIG to review failed financial institutions supervised by the Board that result in a material loss to the Bank Insurance Fund (now the Deposit Insurance Fund). This amendment mandated that the OIG produce, within six months of the loss, a report that includes possible suggestions for improvement in the Board’s banking supervision practices. In the information technology arena, the Federal Information Security Management Act of 2002 (FISMA), Title III of Public Law 107-347, provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets. Consistent with FISMA’s requirements, we perform an annual independent evaluation of the Board’s information security program and practices, which includes evaluating the effectiveness of security controls and techniques for selected information systems. The USA PATRIOT Act of 2001 (USA Patriot Act), Public Law 107-56 (October 26, 2001), grants the Board certain federal law enforcement authorities. Our office serves as the External Oversight Function for the Board’s law enforcement program and operations.

The OIG carries out these roles and responsibilities through an organizational structure aligned around the following program areas:

Audits and Attestations.The audits and attestations program area conducts financial audits, performance audits, and attestation engagements within the Board’s three major mission areas—monetary policy, banking supervision and regulation, and oversight of payment systems and financial services—as well as its internal administration and operations.

Investigations.The investigations program area performs criminal, civil, and administrative investigations of alleged fraud, waste, abuse, mismanagement, and employee misconduct. It covers the full range of investigative requirements from both reactive and proactive directions.

Inspections and Evaluations.The inspections and evaluations program area provides the OIG with an alternative to traditional audits and investigations to assess Board programs and activities. It includes special inspections that arise suddenly and need immediate attention, broader program evaluations, and certain acceptable nonaudit work (such as participating in an advisory capacity on new system development efforts).

In addition to these three program areas, our organization structure includes a Counsel to the Inspector General (IG) who is responsible for carrying out our law and regulation review function under the IG Act, as well as providing a full range of legal services to the OIG. Consistent with applicable standards that guide our work, we also have a Communications and Quality Assurance function to guide, expand, and enhance our strategic planning processes; communications protocols; products and reports; quality and internal control framework for audits and attestations, inspections and evaluations, and investigations; and internal administration. Finally, consistent with the independence of our office, we also maintain a separate information technology (IT) infrastructure which provides the essential automation resources and support that enables us to effectively and efficiently carry out our program functions.

Business Environment and Challenges Return to table of contents

The Federal Reserve System (System)—the nation’s central bank—is a federal system composed of a central governmental agency (the Board) and twelve regional Federal Reserve Banks. The Board’s mission is to foster the stability, integrity, and efficiency of the nation’s monetary, financial, and payment systems so as to promote optimal macroeconomic performance. Within that overall mission, the Board has six primary goals with interrelated and mutually reinforcing elements:

conduct monetary policy that promotes the achievement of maximum sustainable long-term growth and the price stability that fosters that goal;

promote a safe, sound, competitive, and accessible banking system and stable financial markets;

effectively implement federal laws designed to inform and protect the consumer, to encourage community development, and to promote access to banking services in historically underserved markets;

provide high-quality professional oversight of Reserve Banks;

foster the integrity, efficiency, and accessibility of U.S. payment and settlement systems; and

foster the integrity, efficiency, and effectiveness of Board programs.

As we issue this strategic plan, complex economic, financial, and social challenges and trends shape the environment in which the Board and the other financial regulatory agencies operate and, accordingly, influence our strategic direction. In addition, legislative, statutory, and regulatory initiatives will affect not only the financial industry, but also the Board’s internal operations and may contain specific audit, evaluation, or other compliance-related requirements for the OIG. Continued economic and financial globalization will heighten the potential for economic shocks and systemic problems to move across national borders (as evidenced by recent problems in the subprime mortgage and financial credit markets), resulting in pressure for greater international consistency of policies, regulations, guidelines and supervisory procedures. At the same time, the U.S. banking system will likely continue to evolve into a smaller number of large, complex banking organizations offering a wider and more innovative range of financial services. The Board will be challenged to balance the pressures to reduce regulatory burden with the need for rule-writing, compliance supervision, and other consumer protection-related efforts.

Threats to the nation’s critical infrastructure—including the financial and economic sectors, financial institutions, and the Board’s internal operations—are likely to continue, demanding constant focus on identifying and mitigating risks. Since September 11, 2001, the Board has taken on new and difficult challenges in addressing terrorists’ financial activities and money laundering, implementing the USA PATRIOT Act, and coordinating with numerous international organizations. The Board’s oversight of the Reserve Banks and the payment systems will be affected by a variety of factors which will result in changes in the delivery of Federal Reserve System services. Reserve Bank infrastructures will continue to evolve as the Reserve Banks try to improve the quality and cost effectiveness of their financial services and support functions, as well as meet continued changes in market innovation and payment preferences.

Internally, a number of factors at the Board will also have a direct impact on our strategic direction. The Board will continue to be challenged by the need to develop and maintain a strong workforce. Staff turnover and changes in the scope and complexity of the Board’s mission will require additional emphasis on recruitment and retention activities, management succession planning, and developing and maintaining leaders capable of meeting future challenges. Workforce retention will also depend on maintaining a competitive compensation and benefits package within budgetary constraints, while any growth in workforce size will need to be balanced against space management concerns. The Board will also be challenged to maintain an information technology infrastructure that not only effectively meets user requirements, but also protects against ever-increasing security concerns. The emphasis on and the costs associated with strengthening physical and cyber infrastructures will also challenge the Board’s ability to operate economically and efficiently. In addition, an increasing emphasis on enterprise risk management and internal controls over financial reporting will bring new perspectives to the Board’s governance structure. Responsible management of its resources is critical to maintaining the Federal Reserve’s independence within the government.

Our business environment is also shaped by a number of factors related to the IG community as a whole. At the time this plan was prepared, Congress was considering significant and wide-ranging legislative alternatives aimed at strengthening IG independence, accountability, and transparency. A common theme across these proposals is the consolidation of the President’s Council on Integrity and Efficiency (PCIE) and the Executive Council on Integrity and Efficiency (ECIE) into a single council to provide leadership to the IG community. Regardless of the outcome, the councils will continue to focus on identifying vulnerabilities in, and recommending performance and management improvements to, federal programs and operations. The councils will also address other management issues, such as auditor and investigator recruiting and training; providing reliable and timely information to the Congress, federal agencies, and the public; and advancing the effectiveness and professionalism of the IG community.

Integrating relevant audit, investigation, inspection and evaluation, and quality standards into the OIG’s business model, governance framework, and IT infrastructure will remain a priority and continue to shape our internal business environment. Of particular significance from a strategic perspective, the Government Accountability Office (GAO) substantially revised the Government Auditing Standards which, consistent with the IG Act, guide the OIG as an audit organization. The revised standards include, among other changes, a description of five key ethical principles (the public interest; integrity; objectivity; proper use of government information, resources, and position; and professional behavior) that should guide our audit work. We have incorporated these principles into our values. The new standards also add risk as a factor to be used in planning and evaluating evidence during performance audits, and stress the critical role of professional judgment in all aspects of audit work. Additional changes related to quality control and assurance and peer reviews will require us to further review and refine our internal policies, procedures, and processes.

The OIG also incorporates a variety of other standards into its work and recognizes that anticipated revisions to these standards in the coming years will continue to have an impact on our business model and governance framework. In both criminal and administrative investigations of alleged wrongdoing involving Board programs and operations, the OIG complies with the Quality Standards for Investigations established by the PCIE and ECIE, and with applicable guidance from the Department of Justice. Investigative standards and the associated peer review process have been under revision, as the IG community works to ensure proper use of law enforcement authority and adopts new requirements for comprehensive investigative peer review. Similarly, the PCIE and ECIE may review and update the Quality Standards for Inspections, which guide our inspection and evaluation work, and changes in these standards will have an impact on our work going forward.

Goals, Objectives, and Strategies Return to table of contents

Within the context of this business environment and our mission and values, the OIG has developed three goals and fourteen corresponding objectives to guide our work over the next four years. We have also developed strategies to help achieve each of our specific objectives. Each objective highlights areas of focus where we plan to target our efforts, with specific projects identified annually and refined each quarter. Our strategic goals and objectives incorporate the Board’s overall mission and each of its functional areas to ensure that we focus on areas of highest risk and help the Board in achieving its strategic objectives. An overview of the OIG’s Strategic Plan can be found on page ii.

Goal 1: Conduct Work Consistent with the OIG’s Statutory and Legislative Requirements

The IG Act, as amended, establishes broad requirements for conducting independent audits, investigations, inspections and evaluations, and other reviews of the Board’s programs and operations. As discussed earlier, other legislation prescribes specific requirements for us to perform work in a particular program, activity, or functional area. Our annual and quarterly planning processes give first priority to ensuring that work performed under this goal is appropriately staffed to enable us to meet statutory and legislative requirements. Consistent with these requirements, our work will focus on the six strategic objectives described below.

Objective 1: Conduct the Board’s and the FFIEC’s annual financial statement audits.

In 1988, the Board delegated to the OIG the authority to contract for the annual independent financial audit of the Board’s financial statements, consistent with the IG Act’s requirement that audit-like functions being performed by the Board be transferred to the OIG. Section 726 of the Gramm-Leach-Bliley Act of 1999, effective November 12, 1999, added a new section (section 11B) to the Federal Reserve Act of 1913, which mandated that the Board shall order an annual independent audit of the financial statements of each Reserve Bank and of the Board, thus codifying the Board’s long standing practice that such audits be conducted.

The OIG has traditionally used its delegated authority to contract with an independent public accountant firm (IPA) to perform the audit of the Board’s financial statements. Because the Board performs the accounting function for the Federal Financial Institutions Examination Council (FFIEC), we also contract for an IPA to audit the financial statements of the FFIEC. In general, the objective of the audits is to obtain reasonable assurance about whether the financial statements are free of material misstatement. The audits included examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements.

For the fiscal year ending December 31, 2007, the IPA also performed an audit of the design effectiveness of the Board’s internal controls over financial reporting. In 2008, the Board of Governors will transition to compliance with Public Company Accounting Oversight Board Auditing Standard No. 5 (AS5), which provides the standards for auditing internal controls over financial reporting. Therefore, for the fiscal year ending December 31, 2008, the auditors will perform a walk-through of the design and operating effectiveness of the Board’s internal controls over financial reporting, and provide management with an evaluation of its readiness to meet the requirements of AS5. For the fiscal year ending December 31, 2009, and succeeding years, the auditors will perform an audit of the operating effectiveness of the Board’s internal controls over financial reporting, in accordance with AS5, to include an attestation on management’s assertion that it has maintained an effective process of internal controls over financial reporting, and assessed its process based upon criteria established in the Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission.

The OIG will continue to oversee all aspects of the financial statement and internal control audits. In this capacity, OIG staff coordinate the auditor’s logistical requirements, review planning documents and workpapers for compliance with generally accepted government auditing standards (GAGAS), and coordinate publication and distribution of the financial statements. Given recent GAGAS changes, we will update our internal planning documents to ensure that all new requirements are properly incorporated. We will also rotate responsibility for this work among staff who have the proper certifications, to enhance career development and provide greater flexibility in meeting this legislative requirement.

Objective 2: Complete required reviews of commercial bank failures.

FDICIA was enacted, among other purposes, to require the least-cost resolution of failed insured depository institutions, improve supervision and examinations, and provide additional resources to the Deposit Insurance Fund, or DIF. Accordingly, Section 38(k) of the Federal Deposit Insurance Act, as amended, 12 U.S.C. 1831o(k), requires the Inspector General of the appropriate federal banking agency to review the agency’s supervision of the failed institution to:

ascertain why the institution’s problems resulted in a loss to the DIF, and

make recommendations for preventing any such loss in the future.

FDICIA defines a loss as material if it exceeds the greater of $25 million or 2 percent of the institution’s total assets. This section requires that a material loss report be completed within six months after “it becomes apparent that a material loss has been incurred.”

As of March 2008, no Federal Reserve-regulated financial institutions have met the material loss review threshold for failure since the Oakwood Deposit Savings Company was closed in February 2002. Nevertheless, the OIG maintains its readiness to perform a material loss review by conducting ongoing work in the Supervision and Regulation function, and ensuring that staff receive both internal and external training in a variety of banking-related topics.

Objective 3: Conduct annual reviews of the Board’s information security program.

FISMA, Title III of Public Law 107-347, provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets. FISMA requires that each agency develop and implement an agencywide security program to provide information security throughout the life cycle of all agency systems, including systems managed on behalf of the agency by another agency, contractor, or other source. FISMA looks to the agency’s Chief Information Officer (CIO) to ensure compliance with the Act’s requirements.

FISMA also requires each IG to perform an annual independent evaluation of their agency’s information security program and practices. The evaluations are designed to test the effectiveness of controls and techniques for a representative subset of the agency’s information systems and to assess compliance with FISMA requirements. Each agency head is required to submit the results of the IG’s independent evaluation—along with the agency’s reports of the adequacy and effectiveness of information security policies, procedures, and practices—to the director of the Office of Management and Budget (OMB) on an annual basis.

To meet the FISMA control testing requirement, the OIG has developed a control assessment tool based on the security controls defined in the National Institute of Standards and Technology (NIST) Special Publication 800-53 Rev. 1 (SP 800-53). SP 800-53 provides a baseline of management, operating, and technical security controls for use by organizations in protecting their information systems. The controls are divided into “families” (such as access control, risk assessment, and personnel security) and include controls that can be categorized as system-specific or common (that is, applicable across agency systems). Consequently, although our focus is on evaluating specific applications, we also assess some of the security controls that affect Boardwide operations since most applications rely on these controls. We have also established a rotational cycle for systems maintained by the Board and the Reserve Banks to help ensure that our limited IT resources are used most productively. Our review of Reserve Bank systems extends only to those systems used in support of Board programs and operations, primarily in the supervision and regulation function. We will also identify and perform programmatic audits, inspections, and evaluations on information security topics to help fulfill our statutory requirement to evaluate the Board’s overall security program and practices and to respond to areas of interest identified by OMB as part of its annual reporting guidance.

Objective 4: Serve as the External Oversight Function for the Board’s law enforcement activities.

The USA PATRIOT Act, grants the Board certain federal law enforcement authorities. To implement these new authorities, the Board promulgated the Uniform Regulations for Federal Reserve Law Enforcement Officers (Uniform Regulations). The Uniform Regulations designated the Board’s OIG as the External Oversight Function (EOF), with the responsibility for conducting a continuing review and evaluation of the Board’s law enforcement programs and operations. The regulations also established an Internal Oversight Committee (IOC) with inspection and evaluation responsibilities.

We fulfill our EOF responsibilities by conducting biennial audits, inspections, and evaluations of the Board’s Law Enforcement Unit (LEU) and Protective Services Unit (PSU). The LEU consists of uniformed officers who are responsible for protecting and safeguarding the premises, grounds, property, personnel or operations conducted by or on behalf of the Board. The PSU’s mission is to ensure the physical security of the Board’s Chairman.

To date, our EOF reviews have focused on determining whether the Board’s law enforcement organizations are complying with the Uniform Regulations; Board and internal policies and procedures; and, where applicable, law enforcement best practices. Compliance issues, especially as they pertain to weapons, ammunition, and training, will always be an integral part of our EOF work. However, during the period covered by this strategic plan, we plan to also address a wide range of other topics including force structure and deployment, contingency planning and readiness, performance evaluations, use of equipment and technology, and succession planning.

We will also work closely with the IOC to coordinate and share information that is developed during our respective reviews. The Uniform Regulations specify that all incidents of deadly force or any use of force that results in serious bodily injury or death shall be jointly investigated by the IOC and by the EOF, and a report will be filed with the responsible Law Enforcement Manager and the Board. Accordingly, as part of our coordination efforts, we will seek to develop an EOF/IOC protocol regarding specific roles and responsibilities for investigating and reporting on bodily injury or deadly force situations.

Objective 5: Proactively review new and proposed legislation and regulations.

Consistent with Section 4 of the IG Act, the OIG reviews existing and proposed legislation and regulations relating to the programs and operations of the Board. The Act also requires the OIG to make recommendations in its semiannual report to the Congress concerning the impact of such legislation or regulations on the economy and efficiency in the administration of programs and operations of the Board, or prevention and detection of fraud and abuse in such programs.

To meet our IG Act mandate concerning legislation and regulatory review, the OIG will provide continuous tracking and monitoring of all existing and proposed Board-related legislation and regulations. In addition, we will provide independent analysis and review of such legislation for economy, efficiency, and detection of fraud and abuse in Board programs. The OIG’s Legal Services program area has developed an extensive system of identification, tracking, and documentation of analysis for new and proposed legislation and regulations. Legislative and regulatory items that are identified as having a significant impact on the economy and efficiency of Board or OIG programs, or relate to the detection of fraud and abuse in such programs, are brought to the attention of OIG senior management for official position and comment. Highlights of our activities in this area are included in our semiannual reports to the Congress.

Objective 6: Conduct criminal, civil, and administrative investigations.

The OIG, under the authority of the IG Act, conducts investigations relating to the programs and operations of the Board. We perform criminal, civil, and administrative investigations of alleged fraud, waste, abuse, mismanagement, and employee misconduct, and operate our nationwide Hotline operations. When we develop evidence that a violation of law has occurred, we work with the Department of Justice to prosecute the violation.

As major economic and financial trends continue to shape the environment in which the Board and other financial regulatory agencies operate, the challenges to the financial regulators to implement new requirements for banks to detect illegal activities, such as money laundering and terrorist financing, will also increase. We envision that over the next four years the nature and complexity of our investigations will continue to evolve as we assist the Board’s efforts to detect and prevent Bank Secrecy Act (BSA) violations, money laundering, terrorist financing, fraud, and other financial crimes in Federal Reserve-regulated institutions. In addition to administrative and traditional white-collar crime investigations, our criminal investigation activity will include leading or participating in multi-agency task forces where bank fraud, terrorist financing, and money laundering will often be the potential crimes being investigated.

Goal 2: Broaden Coverage of Board Mission Areas to Enhance Economy, Efficiency, and Effectiveness; Limit Risk; Detect and Prevent Fraud and Abuse; and Ensure Compliance

Over the next four years, the OIG will strive to broaden its coverage of the Board’s four mission areas, using a risk-based approach that considers the Board’s strategic goals, objectives, priorities, and strategies; budgetary and financial impacts; and the potential for reputational, operational, and compliance risk to Board programs and operations. We also recognize that resource availability will influence our ability to address the objectives under this goal; therefore, we will build flexibility into our plans to adapt to changing circumstances, such as unexpected new priorities, revised expectations or requests from stakeholders, or unanticipated increases in mandatory work demands.

Objective 1: Enhance our understanding of the Board’s monetary policy function and plan work to add value.

One of the Federal Reserve’s primary responsibilities is to conduct the nation’s monetary policy by influencing monetary and credit conditions in the economy. The Board fulfills this responsibility, in part, by conducting research, analysis, and policymaking related to domestic and international financial and economic matters. Three divisions at the Board (the Division of Monetary Affairs, the Division of Research and Statistics, and the Division of International Finance) carry out these activities.

The application of economic principles and financial and economic data to the conduct of monetary policy remains at least as much an art as it is a science. However, the environmental context in which the formulation of monetary policy takes place is subject to a variety of influences and factors which can affect the economy, efficiency, and integrity of the processes used to support this function, and the OIG will conduct its audit, inspection, and evaluation work from this perspective.

Potential OIG areas of interest over the strategic planning horizon include:

The Board’s monetary policy mission and process.The OIG plans to initiate a scoping effort to enhance our knowledge and understanding of the mechanics of the Board’s monetary policy process. During such an effort, we will apply our risk assessment and analytic skills in targeting improvement opportunities for the Board to achieve greater efficiencies in its monetary policy operations.

System security controls over sensitive information.The divisions responsible for the formulation and conduct of monetary policy, like all components of the Board, are subject to the requirements of FISMA. Because of the unique nature of their operations, however, the security associated with the handling and transmission of economic information and data must, necessarily, be of paramount concern to the Board. As part of our annual FISMA work, we will focus on the information systems that collect, employ, and maintain data used in the development of monetary policy. One approach that we plan to take is to identify best practices by other agencies that handle extremely sensitive economic data to see whether adoption of any of those practices, if not already used by the Board, may make sense in our unique operating environment.

Publication of economic and financial data.As part of its goal of increasing the understanding and transparency of Federal Reserve policy, the Board publishes a wealth of economic and financial data that is released in a wide variety of different formats and publications. Moreover, the Board appears to be maintaining some data services that may be available commercially. These publications and this information is intended to be used and relied upon by the Federal Open Market Committee, the System, industry, other financial regulators and governmental agencies, and the public. OIG reviews in this area can help assure these stakeholders that the Board is efficiently maximizing its resources to publish information that is accurate, relevant, and cost-effective.

Recruitment and retention.Recruitment and retention of a highly qualified staff of economists, analysts, and other experts is another area that is critical to successful performance of the monetary policy function. In addition to using the domestic labor pool, the Board may need to look overseas to maintain the high standards it sets for employing these professionals. Possible OIG activities in this area could include a review of “green card” sponsorship, and its related security clearance process.

Objective 2: Perform work to address current and emerging challenges and issues that impact the safety and soundness and consumer protection goals of the Board’s Supervision and Regulation function.

The Federal Reserve is the primary federal supervisor and regulator of all U.S. bank holding companies and state-chartered commercial banks that are members of the Federal Reserve System. The Supervision and Regulation function at the Federal Reserve has two major strategic goals:

Promote a safe, sound, competitive, and accessible banking system and stable financial markets; and

Effectively implement federal laws designed to inform and protect consumers, encourage community development, and promote access to banking services in historically underserved markets.

The Division of Banking Supervision and Regulation (BS&R) promotes banking industry safety, soundness, stability, and accessibility by overseeing Federal Reserve Bank supervision and on-site examinations of state member banks, bank holding companies, foreign banking organizations, and other activities supervised by the Federal Reserve. BS&R also develops and implements supervisory policies and guidance, and advises the Board on current conditions and significant emerging banking and financial developments.

The Division of Consumer and Community Affairs (C&CA) fulfills the consumer protection, community development, and access to banking services goal by enforcing a wide range of consumer protection laws and regulations through regularly scheduled consumer compliance examinations that are conducted by Federal Reserve Banks. C&CA also oversees issuing consumer-related regulations and promotes consumer education through research, consumer publications and partnerships with other organizations.

Our strategic focus in the Supervision and Regulation function is framed by an environment in which ongoing banking industry consolidation is creating larger and more complex financial institutions. This evolution has heightened the need for more sophisticated processes and systems for identifying, measuring, and monitoring risks. Accordingly, the direction of our supervision and regulation audit, evaluation, inspection, and investigative efforts will be influenced by environmental trends and other emerging issues that include:

Supervisory challenges associated with the Revised Basel Accord (Basel II). Basel II encourages banks to develop more robust risk measurement techniques, bring regulatory capital more in line with banks’ internal risk management systems, and give banks greater incentives to create enhanced risk management systems. Many countries around the world are already implementing Basel II in their jurisdictions, while the U.S. banking agencies are in the process of finalizing their rules for implementation. Supervisors must develop techniques and methodologies to validate the effectiveness of complex and sophisticated risk measurement and management techniques.

The Federal Reserve’s supervisory role in the credit and subprime mortgage market. A loan is considered subprime when the borrower has a minimal or blemished credit record or other factors that suggest an elevated degree of credit risk. A responsible subprime market can be beneficial to consumers because it provides opportunities for borrowers with non-prime credit histories or those without a credit history to become homeowners. The subprime market has grown dramatically, and in 2006, about 20 percent of new mortgage loans were subprime. While this trend has increased access to credit, the market has more recently seen increased delinquencies and foreclosures, partly as a consequence of broader economic conditions, including interest rate changes and slowing house price growth. The supervisory approach to mortgage market problems must be appropriately calibrated to address unfair and abusive practices, while preserving incentives for responsible subprime lenders.

Deploying staff resources and maintaining a qualified and motivated workforce. Ongoing structural changes within the banking industry present Federal Reserve supervisors with challenges in maintaining an organizational structure that effectively allocates staff resources in accordance with identified and emerging risks. Achieving an effective structure will require creative solutions that could include assigning certain functions or responsibilities across the System, and enhancing System-wide resource sharing arrangements. Likewise, evaluating the risks associated with the complex business areas now being pursued by banking organizations, and assessing sophisticated risk measurement models at large institutions will require staff who possess the appropriate skills, experience, and training. Flexible compensation programs and innovative use of non-financial incentives likely will be needed to attract and retain highly specialized staff.

Bank Secrecy Act and anti-money laundering examination and law enforcement activities. The original purpose of the BSA, which was enacted in 1970, was to prevent banks from being used to conceal money derived from criminal activity and tax evasion. The focus of the BSA was escalated further in the wake of the September 11, 2001, terrorist attacks when the USA PATRIOT Act expanded BSA beyond its original purpose of deterring and detecting money laundering to include terrorist financing. In general, federal banking agencies are responsible for ensuring that each financial institution under their supervision establishes and maintains a BSA and Anti Money Laundering (AML) program that (1) guards against money laundering and terrorist financing and (2) ensures compliance with the BSA and its implementing regulations. Accordingly, as part of its overall responsibility and authority to examine banks for safety and soundness, the Federal Reserve is responsible for examining state member financial institutions for compliance with BSA.

Bank supervisors are faced with the challenge of striking an appropriate balance to ensure that BSA/AML examinations are risk-focused, but also reflect a depth and breadth of scrutiny and transaction testing that is commensurate with the bank’s products, services, customers, entities, and geographic location. In addition, the role of law enforcement continues to become more important as Congress and the public demand that cases involving money laundering or terrorist financing are vigorously pursued. Our office—in conjunction with the various United States Attorneys and the Federal Bureau of Investigation, and other federal law enforcement agencies—will investigate such allegations as they relate to institutions regulated by the Board. Unless otherwise restricted, the OIG will notify the Board of any issues that arise in these investigations relating to banking law violations or safety and soundness issues, such as a possible material loss to the institution or malfeasance by senior officers or directors, so that the Board’s enforcement program may take appropriate action, including its own parallel regulatory investigation.

Objective 3: Identify and review key aspects of the Federal Reserve’s role in providing high-quality oversight of the Reserve Banks and in fostering the integrity, efficiency, and accessibility of the U.S. payment and settlement service.

The Federal Reserve Act of 1913 and Monetary Control Act of 1980 provide the legal framework for the Federal Reserve’s role in the nation’s payment systems. The Federal Reserve’s mission in the payments system is to foster the integrity, efficiency, and accessibility of U.S. dollar payment and settlement systems. This mission is fulfilled in part by providing financial services to depository institutions and serving as the fiscal agent and depository for the U.S. government. The U.S. financial system settles over $12 trillion on an average day, and both Reserve Banks and the private sector operate key systems such as check clearing, automated clearing house (ACH) services, wire (fund) transfers, securities transfer, and national settlement services¹. Federal Reserve Banks perform fiscal agency responsibilities on behalf of the U.S. Department of the Treasury (Treasury) that include auctioning and safekeeping marketable Treasury securities, and issuing and redeeming savings bonds. Reserve Banks also maintain the Treasury’s bank account, accept deposits of Federal taxes and fees, pay checks drawn on Treasury’s account, and handle electronic payments. The Federal Reserve also provides cash services to depository institutions to foster efficient distribution that meets both domestic and international demands.

The Division of Reserve Bank Operations and Payment Systems (RBOPS) oversees the Federal Reserve Banks’ provision of financial services to depository institutions; fiscal agency services to the Treasury and other government agencies; and significant support functions, such as information technology, financial and cost accounting, audit, human resources, facilities management, and protection. As part of its Reserve Bank oversight role, RBOPS examines each Reserve Bank through extensive on- and off-site activities, and assesses the reasonableness of the strategic direction in major functions, implementation of major initiatives, and overall operational efficiency and controls. RBOPS also develops policies and regulations to promote the efficiency and integrity of the U.S. payments system, works with other central banks and international organizations to improve the payments system more broadly, and conducts research on payments issues.

Below are several Payment System policy and Reserve Bank oversight issues that may be the subject of audit, evaluation, or inspection projects during the period covered by this strategic plan:

The Federal Reserve’s long-term role in the retail payments system. Retail payments provided by Reserve Banks include check clearing and ACH services. A 2003 Federal Reserve study on the use of retail payment instruments found that, for the first time ever, the number of electronic payments in the United States—such as credit card, debit card, and ACH payments—exceeded check payments. Moreover, electronic payments continue to increase while payments by checks continue to decline. Not only are more payments being made electronically, but more check payments are also being processed electronically, in part because of the Check Clearing for the 21st Century Act (Check 21). Check 21, which took effect in October 2004, removed legal barriers that were preventing electronic technologies from being applied to long-established check collection processes. As the electronic check processing environment continues to grow, one of the Federal Reserve’s primary reasons for being involved in retail payments—national presence—may change. Geographic location becomes less relevant when check payments are made electronically rather than being transported and delivered in paper form. The Federal Reserve’s future role in retail payments will depend on ongoing analysis of how it can continue to foster innovation, competitiveness, and cost effectiveness, and ensure equitable access to these services.

Oversight of outsourced cash depots. Reserve Banks have fundamentally restructured their national check-processing operations in light of declining check volume. Check processing sites, which numbered forty-five in late 2003, were reduced to eighteen as of March 2008. As a result of the check restructuring effort, a study was initiated to determine a cost-effective approach to providing cash services in areas where check operations were ceased. Cash collection and distribution services—called cash depots—are now outsourced in six (soon to be seven) cities. Outsourced cash depots typically involve an armored carrier facility that serves as a collection and distribution point for currency deposits and orders. The armored carriers transport bank deposits and orders to and from an adjacent Reserve Bank office for processing. Because the risk associated with transporting cash is inherently high, judicious contract oversight and a keen awareness of internal controls governing cash depot operations is essential.

Oversight of Reserve Bank law enforcement operations. While the OIG serves as the EOF for the Board’s law enforcement programs, the Uniform Regulations designate RBOPS as the EOF for Reserve Bank law enforcement programs. As noted earlier, the regulations also call for each law enforcement unit to establish an IOC that is charged with inspection and evaluation responsibilities and providing a written report to the EOF. By practice, Reserve Bank law enforcement unit IOCs submit the required report every two years, and RBOPS staff conduct an on-site review of law enforcement operations at each Reserve Bank at least once every three years. RBOPS is also responsible for coordinating the System-wide law enforcement training activities, and played an integral role in the process of getting the program accredited by the Federal Law Enforcement Training Accreditation Board. Law enforcement is an inherently high-risk activity, and strategically sound and systematically implemented oversight is an essential component of the internal control and risk mitigation framework.

Objective 4: Assess the integrity, efficiency, and effectiveness of the Board’s internal administration and operations.

The overall goal of the Board’s internal management function is to enhance the integrity, efficiency, and effectiveness of Board programs and operations. This objective covers many diverse responsibilities: financial management; human resource management; facilities management; security; legal services; records management; publications and communication; and information technology management. As noted earlier, increased budgeting concerns, staffing considerations, and security requirements will continue to place competing pressures on the Board’s infrastructure, and staff will be challenged to maintain cost-effective, quality support to all of the Board’s mission areas.

The Board will need to continue upgrading its current facilities to address fundamental infrastructure requirements (such as electrical and plumbing enhancements), as well as employee safety, continuity of operations, and physical security, all of which are key Board priorities. Staff turnover remains a fundamental challenge, driving decisions on recruiting, compensation, benefits, training, and succession planning. Tight labor markets for key job families will further constrain the Board’s ability to recruit and retain high-performing staff. Technology is an integral component of all business processes, and the Board’s IT strategic direction will be influenced by changes in the requirements of the banking supervision and research communities; by legislative initiatives; by demands for more timely information and greater mobility; and by changes in the strategies and standards of the Federal Reserve System’s IT environment.

Throughout the years, we have focused a large percentage of our audit, inspection, evaluation, and investigative resources on the Board’s internal administrative area. This level of effort recognizes the varied programmatic responsibilities and resulting significant resource commitment of the Board’s internal operations. While we will strive to balance our resource commitments across all of the Board’s program areas, we recognize that the internal support and administrative program area will continue to require an OIG presence. To continue providing value-added support to the Board’s internal operations over the upcoming strategic planning horizon, we envision focusing on the following areas:

Ongoing and emerging security requirements, including physical and technological infrastructures. Threats to both physical and information security will continue, and likely increase, in the coming years. The Board must constantly monitor risks to its employees, operations, and assets, and ensure that security measures have been implemented to mitigate those risks. Our legislatively mandated responsibilities under FISMA and the USA PATRIOT Act will require significant OIG resources to be dedicated to this area. Beyond these mandates, however, we will also analyze the emerging threats, the associated risks, and the Board’s mitigation strategies to identify additional opportunities to assist the Board in maintaining a secure environment conducive to efficient and effective operations.

Internal controls over financial reporting. . The Board’s decision to voluntarily follow the applicable requirements of Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) has led to a concerted effort by Management Division (MGT) staff to review business processes and develop required documentation (including process flowcharts, narratives, procedures, and risk control matrices) in preparation for requesting an opinion on internal controls over financial reporting as part of future financial statement audits. Although the Board has made significant advancements, work remains to test and remediate (as required) its internal controls and continue to build on the work accomplished. While primary responsibility for testing and evaluating internal controls rests with the external auditor, the OIG’s organizational independence, knowledge of Board programs and operations, and expertise in internal controls and risk management gives us the unique opportunity to perform SOX-related audits and attestations that our external auditor can rely upon. We performed two pilot projects in the prior strategic planning period to establish a methodology and framework for completing this work, and we will coordinate efforts with the external auditors to maximize audit resources and minimize duplication of effort.

Procurement activities and contract management. As discussed above, future investments in infrastructure enhancements—both physical and technological—will require potentially large capital outlays. Underlying these projects will be large, and potentially complex, contracts. Our work in this area will be designed to ensure that adequate controls are in place throughout the procurement process, and will include evaluating the reliability and integrity of reported information; compliance with laws, regulations, policies, and procedures; and the economical and efficient use of Board resources.

Information technology life cycle management. One of the objectives of the Division of IT is to provide timely, quality support for customer projects. To support this objective, the Division of IT has developed a quality assurance process designed to ensure that systems developed, deployed, and maintained by the division meet the business requirements of its client community and follow standard quality processes to reduce business risks. Over the strategic planning period, the Board has identified several high-profile projects, including the modernization of the shared national credit system; the replacement of a large automated system supporting the Board’s statistical function; and the possibility of changing the automation systems underlying financial reporting processes due to potential legislative initiatives. We plan to monitor the life-cycle management process to help ensure that IT division resources are efficiently and effectively used and that security controls are properly included in the application development process.

Objective 5: Evaluate functions and activities that cross organizational boundaries.

Although the Board’s operations generally fall into one of the four mission areas discussed above, programs and activities may cross functional boundaries. For example, although the Board maintains a central procurement function, all divisions and offices perform procurement-related activities (such as acquisition decision-making, receipt, and inventory management). Individual divisions and offices also have responsibilities related to budgeting, recruiting, information management and security, and human resource management. Likewise, components of Reserve Bank oversight and evaluation exist in multiple divisions, as does support to foreign governments and other central banks. We will look for opportunities to provide senior Board management with a broader perspective of issues that cut across the traditional program lines.

Goal 3: Enhance the Efficiency and Effectiveness of the OIG’s Operations and Communications

Consistent with our mission to evaluate the programs and operations of the Board, we continually search for ways to enhance our capabilities, strengthen our service delivery and internal processes, and improve our communication methods. Consistent with previous strategic plans, we have made great strides in our staff development and evaluation processes to meet the ongoing challenge of maintaining an effective workforce. We have also initiated several enhancements to our technology infrastructure and major business processes. We also recognize that we will most effectively achieve our mission by building effective working relationships and maintaining open communications not only with Board management, but also with the Congress, the Reserve Banks, the broader OIG community, and other key stakeholders. To fully realize the results envisioned in this strategic plan, we also plan to continuously review and evaluate our internal policies, procedures, and practices.

Objective 1: Strengthen our human resource management

Our people are our most valuable resource. Each individual brings unique knowledge, skills, and abilities to help achieve our mission and goals. Human resource considerations are an integral part of our vision, values, goals, and objectives and strategies. During this planning period, strengthening our human resource management processes will remain one of our highest priorities. Specifically, we plan to continue focusing on the following:

Enhance our knowledge of the Board’s programs and mission areas, and identify and develop the skills required to maintain a dynamic, highly-skilled workforce. Goal two calls for broadening our coverage of Board mission areas and, over time, our work under this goal will further enhance our knowledge of the Board’s programs and mission areas. We may also assign senior-level staff additional responsibilities to develop subject matter expertise in specific mission areas and to serve as an added resource for projects in their respective area. We will also look to enhance our internal reference library by fully utilizing the technology available in our audit and investigative software. To ensure that we maintain a dynamic, highly skilled workforce to perform the full range of OIG work and effectively apply technology innovations, we plan to review our core competencies to ensure that they are relevant and that they provide a realistic roadmap of the knowledge, skills, and abilities needed to successfully take on more challenging roles and responsibilities. We will also tailor a training program—consisting of formal courses and on-the-job experience—to effectively build those competencies across our workforce.

Strengthen succession planning and career development. . Our organizational structure has evolved over time, and building our mid-level management structure and developing future leaders are top priorities. Early in the strategic planning period, we will provide OIG staff with promotion opportunities to the manager level, with corresponding opportunities for progression to the senior level. We will also place a renewed emphasis on individual development plans across the OIG to identify and address appropriate developmental activities, resources, and timeframes to accomplish short- and long-term development goals. We will reassess our job descriptions to ensure that they remain accurate and relevant, and that our career ladders are consistent with other Board divisions and offices. We will also apply “knowledge management’ concepts to facilitate the sharing and transfer of knowledge from the senior members of the organization to future managers and officers.

More effectively transition incoming staff to Board and OIG processes and practices. As part of this effort, we will develop a more comprehensive new employee orientation program that includes ensuring that each new staff member is assigned a sponsor or mentor to serve as a resource and focal point for answering questions. We will also identify specific training requirements based on each new employee’s background and experience, and tailor each development plan to meet those requirements.

Foster a performance culture that engenders information sharing, continuous learning, and high achievement. To accomplish this, we will ensure that our operating environment has the necessary tools to enhance productivity for all audits, inspections, evaluations, and investigations, as well as for our internal activities. We will also enhance our internal record-keeping processes, both manual and electronic. We plan to review, and revise as necessary, our evaluation processes to ensure that we provide timely feedback on all assigned projects, properly reward desired behaviors and outcomes, and identify additional training opportunities.

Objective 2: Enhance internal and external communication, coordination, and information sharing.

Effective communication is a central focus in successfully achieving the OIG’s mission. Within the Board and the System, we will work across organizational lines in informing staff and management within the Board and throughout the Federal Reserve System about our roles, responsibilities, and work. In addition, the OIG has a duty and responsibility to keep Congress fully and currently informed by means of semiannual and other reports concerning fraud and other serious problems, abuses, and deficiencies relating to the administration of programs and operations administered or financed by the Board. At the same time, we are also charged with recommending corrective actions and reporting on the progress made in implementing these corrective actions.

We are also members of broader IG and professional communities. In this role, we will continue to work with other IGs to promote professionalism and coordination among the PCIE and ECIE membership on shared concerns. In addition, our continued coordination with other IGs in the financial regulatory agencies promotes consistency in our work and potentially provides a more global assessment of common issues that warrant attention. We plan to emphasize the following areas under this objective:

Better inform Board and System employees about our work and coordinating with our office. Having information about the OIG readily available to employees at the Board and within the System helps to promote a clear understanding of the OIG’s roles and responsibilities, facilitate effective communications and coordination, and foster constructive working relationships. In addition, the OIG’s work assists the Board in preventing fraud, waste, and abuse; highlighting the OIG hotline number and other contact information provides employees with appropriate access to the OIG for reporting any suspected fraud, waste, abuse, or misconduct. We plan to develop various communication vehicles, such as a pamphlet and protocol documents, to inform others about the OIG. We will also coordinate with MGT officials to integrate information about the OIG into ongoing programs, such as the Board’s orientation and ethics programs.

Redesign our product line to more efficiently and effectively communicate project results, promote consistency, and facilitate the report writing and production processes. Providing timely, accurate, and useful information regarding the results of our audit, attestation, inspection, evaluation, and investigative projects is critical to meeting the mandates of the IG Act. Given that our reports must convey a wide range of information, meet the needs of different audiences, and comply with different sets of standards, we recognize that “one-size-fits-all” reporting is not feasible, and we will continue to look for the most optimal reporting mechanisms to meet our varied requirements. To the extent possible, we will design a consistent format and organization to help distinguish OIG products and to assist users in quickly determining the report’s main message and in locating relevant information. Concurrently, we will also develop criteria and guidelines to help streamline and enhance the report writing and production processes.

Update and maintain the OIG website to better highlight and disseminate information to internal and external stakeholders. Increasingly, the OIG relies on its website as the primary resource for providing information about the OIG to internal and external stakeholders. Internally, Board staff can visit the OIG’s website through the Board’s intranet, Inside the Board; externally, visitors can learn more about the OIG by accessing our public website via the IG community website at www.ignet.gov. Recent legislation requires that the OIG’s website be easily accessible from the agency’s main website and that the OIG post public reports expeditiously; provide a service for visitors to automatically request OIG reports or products; and establish a link for individuals to anonymously report potential fraud, waste, and abuse. In implementing this legislation, we plan to redesign our website to be more consistent with the Board’s main webpage, facilitate ease-of-use, and better enable visitors to quickly locate and obtain needed information.

Coordinate with key Board and other stakeholders to help ensure that we are addressing the areas of highest risk. Through our strategic and annual planning processes, we strive to ensure that we are properly focusing our scarce resources to provide the highest level of value-added services to the Board, the Congress, and other key stakeholders. We have augmented those processes with a “just-in-time” planning approach, which allows us to react appropriately and adjust priorities based on changes in the internal and external operating environments. Over the next few years, we will look for opportunities to strengthen our interactions with the Governors, division directors, and other key Board officials to ensure that we understand planned and ongoing initiatives in order to best align our audit and investigative resources. We will also enhance our communication efforts with the Reserve Bank General Auditors to identify common interests, share tools and techniques, and, where appropriate, collaborate on projects to benefit the entire System.

Build effective working relationships with members of the OIG community and related groups. While our primary mission is to enhance Board programs and operations, we actively participate in the broader IG and professional communities. Coordination with other IGs, particularly in the financial regulatory agencies, can promote consistency in our approaches and priorities help address areas of common vulnerability, and provide a broader perspective of issues that warrant attention. We will continue to participate actively as a member of the PCIE/ECIE, the Council of Counsels, and related community-wide groups in the audit, inspection, evaluation, and investigative program areas. While we will look to the community for best practices and creative ways to meet workload demands, we will also be open to sharing our tools, techniques, and results (the positive as well as the negative) to maintain a two-way communications approach that promotes goodwill and strengthens oversight activities throughout the federal government.

Objective 3: Continue to Improve Our Business Processes.

The standards under which we perform our work are constantly updated to reflect new requirements and environments, and our internal policies, procedures, and practices must continually be refined and updated to remain in compliance. In addition, new methodologies, tools, and techniques continue to become available at a rapid pace, with features that have the potential to further enhance our business processes. To ensure that our operations continue to be state-of-the-art, we must be willing to question the status quo and adopt alternative methods to accomplish our work more efficiently without sacrificing quality or failing to meet applicable standards. Over the strategic planning horizon, we will:

Ensure quality and efficiency of OIG audits, attestations, inspections, evaluations, and investigations. As in any organization, we are continually reviewing and revising our internal business processes to ensure that quality is incorporated throughout a project’s life cycle and to ensure that management is provided with meaningful information on project status and progress. The recent changes to GAO’s Government Auditing Standards will necessitate revising our audit policies for financial audits, performance audits, and attestations. We will strengthen the scoping and planning phase of our audit assignments to incorporate compliance with standards in each assignment as early as possible. For each audit, inspection, and evaluation, we will set clear objectives, develop an appropriate methodology to address these objectives, and set realistic project timeframes. In the investigations program, we plan to complete our investigative policies and procedures, and receive our first external peer review, early in the strategic planning period. We are also assessing new investigative project management software to help us more efficiently and effectively perform our work. We will also conduct and complete all external audit and investigative peer reviews with the objectives of not only offering suggestions and recommendations to other offices, but also as an opportunity to identify best practices which can be used to further enhance our internal operations.

Increase our use of data mining to support ongoing audits, inspections, evaluations, and investigations as well as to develop a continuous auditing process. . Over the past few years, we have employed data mining technology to great success on several projects across all OIG service areas. These successes have identified an even greater demand within the office for expanded capabilities, and we have increased our investment in technology and training. Over the next few years, we plan to identify a set of performance metrics for which we will establish routine data mining queries to identify potential areas of interest for audit or investigative activities.

Enhance follow-up processes to promote and track action on recommendations. An efficient and effective audit resolution and follow-up process helps Board management in identifying and managing relevant risks and serves as a key component of the Board’s internal control framework. During this strategic planning period, we plan to implement an automated recommendation tracking system that will provide both OIG auditors and Board management with appropriate access to a single database to capture recommendations and associated management decisions, establish accountability and action plans, monitor progress, and track results.

Employ additional project-specific tools and techniques. Our project management software provides the infrastructure for workpaper preparation and review, document storage, time management, and other fundamentals necessary to manage our audits, inspections, evaluations, and investigations. However, we recognize that there are a myriad of technologies available which can enhance the efficiency and effectiveness of our operations. As discussed above, data mining technology is one approach which we plan to emphasize in the coming years. In addition, we will evaluate additional tools for our IT auditors to perform scanning, vulnerability analysis, and other testing in support of our FISMA-mandated work. For our inspections and evaluations, we will leverage the statistical capabilities in our data mining software while exploring other statistical packages with additional quantitative data analysis capabilities. Over the past few years, we have invested in our computer forensics capabilities within our investigative program area, and we will look to upgrade this capability during the upcoming biennial budgeting period. In addition, given our increased participation in interagency task forces involved with more complex cases, we will supplement our existing investigative capabilities with other technologies focused on link and trend analysis, and increase our use of existing databases such as the database of suspicious activity reports maintained by the Treasury’s Financial Crimes Enforcement Network.

Objective 4: Continue to Build our Technology Infrastructure.

Through the effective use of information technology, we have made significant improvements in the way we complete our projects, and technology continues to offer more efficient and effective approaches to streamline our processes. At the same time, rising cyber threats demand enhanced security requirements. We will need to balance user-friendliness and the desire for operational efficiency with the need to maintain secure systems that meet the requirements established by the NIST, OMB, and the Board’s Information Security Program.

Specifically, we plan to:

Ensure that our business processes remain fully integrated with the functionality inherent in our project software. We will continue to examine the capabilities of our current project management software while evaluating other technology solutions. Although our preference will remain to employ commercially available software, we recognize that other IGs have developed customized applications that may better meet our requirements. As noted above, changes in government auditing standards, investigative standards, and other standards that define the way we operate will require continual review and revisions to our internal policies and procedures. Beyond updating documentation, however, we will look to our software functionality to automate compliance with standards to the extent possible.

Employ new technologies, such as web-based applications and enhanced information management tools and techniques, to enhance productivity and leverage scarce resources.Our office has adopted telecommuting with great success, and experiments with a “virtual office” concept have validated our ability to operate remotely, at least for a limited period of time. Although our current applications have met our immediate requirements, we recognize that the ability to access and manage information through the internet offers additional capabilities which could further enhance productivity. We also plan to explore the development of an internal web page to enhance communication within the office. In addition, we will look for solutions to the ever-increasing demand for management information, most of which is now maintained in an electronic format. Identifying cost-effective, easy-to-use solutions that are sufficiently robust to aggregate and analyze data across varied platforms will remain a significant challenge.

Establish continuous monitoring processes to ensure that our security controls are implemented correctly, operating as intended, and producing the desired outcome to protect the confidentiality, integrity, and availability of the OIG IT infrastructure. In late 2007, we completed a certification and accreditation (C&A) of our infrastructure. Our internal review of NIST control requirements, in preparation for the external certification, identified several opportunities to strengthen our processes for performing change management and conducting vulnerability scans. The certification testing, conducted by an independent contractor, provided additional areas for improvement which we have added to our internal plan of actions and milestones. Given our limited internal IT resources, we will look for automated solutions in all of these areas. We recognize that information security is not static, and we will remain vigilant to emerging threats. In addition, we will look for more efficient ways to maintain the documentation required by FISMA to ensure that the valuable insights gained during the initial C&A process are not lost.

Performance Indicators Return to table of contents

Consistent with the requirements of the Government Performance and Results Act, the OIG has established a set of performance indicators to help measure how well we are achieving the three strategic goals set forth in this plan:

Conduct work consistent with the OIG’s statutory and legislative requirements.

Broaden coverage of Board mission areas to enhance economy, efficiency, and effectiveness; limit risk; detect and prevent fraud and abuse; and ensure compliance.

Enhance the efficiency and effectiveness of the OIG’s operations and communications.

As shown in Table 1 (see page 34), our performance indicators generally fall into two main categories: outputs, which capture basic statistics and other quantitative measures of our work; and outcomes, which assess the results and other more qualitative measures of our work. Because our staff are so important to effectively achieving our mission, the outcomes section specifically highlights human capital indicators to ensure a strategic focus on professional development, leadership and succession planning, and communications objectives.

We will track these performance indicators and look to our semiannual reports to communicate how well we are achieving these indicators. Over the longer term, we plan to implement an accomplishment reporting process to capture our contributions in helping the Board manage risk and achieve its mission.

Table 1: OIG Performance Indicators

Outputs

Output Indicators

Number of products issued.
- Percentage of products issued within agreed-upon timeframes.
- Percentage of projects that meet stated objectives.
- Percentage of products with recommendations.

Number/percentage of recommendations implemented.

Number of investigations closed.
- Number of closed investigations that resulted in a referral for action to the Department of Justice, state, and local law enforcement officials, or relevant administrative authority.
- Number of closed investigations that resulted in an indictment, conviction, civil suit or settlement, judgment, administrative action, or monetary result.

Number of relevant bills/laws and regulations reviewed for their impact on Board programs and operations.

Outcomes

Outcome Indicators

Extent to which the OIG effects positive change in Board programs and operations, such as
- Improved internal controls.
- Operational efficiencies.
- Improved program performance.
- Enhanced compliance with applicable laws and regulations.
- More effective information security controls.
- Enhanced fraud prevention and detection.

Extent of coverage of Board mission areas.

Extent to which review of legislation and regulations contributes to understanding and assessing Board programs and operations.

Extent to which legal research and support meets requestor needs in a timely and effective manner.

Extent of monetary recoveries, civil and criminal indictments, administrative action, and successful prosecutions based on OIG investigations.

Human Capital Indicators

Enhanced understanding of Board programs and mission areas.

Enhanced succession planning.

Greater emphasis on leadership and career development opportunities.

Enhanced knowledge and consistent implementation of OIG quality and internal control processes.

Increased commitment to information sharing, continuous learning, and high achievement.

List of Abbreviations and Acronyms Return to table of contents

ACH Automated Clearing House

AML Anti-Money Laundering

Basel II Revised Basel Accord

Board Board of Governors of the Federal Reserve System

BS&R Division of Banking Supervision and Regulation

BSA Bank Secrecy Act

C&A Certification and Accreditation

C&CA Division of Consumer and Community Affairs

Check 21 Check Clearing for the 21st Century Act

CIO Chief Information Officer

DIF Deposit Insurance Fund

ECIE Executive Council on Integrity and Efficiency

EOF External Oversight Function

FDICIA Federal Deposit Insurance Corporation Improvement Act

FFIEC Federal Financial Institutions Examination Council

FISMA Federal Information Security Management Act of 2002

GAGAS Generally Accepted Government Auditing Standards

GAO Government Accountability Office

IG Act Inspector General Act of 1978

IG Inspector General

IOC Internal Oversight Committee

IPA Independent Public Accountant

IT Information Technology

LEU Law Enforcement Unit

MGT Management Division

NIST National Institute of Standards and Technology

OIG Office of Inspector General

OMB Office of Management and Budget

PCIE President’s Council on Integrity and Efficiency

PSU Protective Services Unit

RBOPS Division of Reserve Bank Operations and Payment Systems

SOX Sarbanes-Oxley Act of 2002

Treasury U.S. Department of the Treasury

USA PATRIOT Act USA PATRIOT Act of 2001

Footnote

¹ACH is a nationwide electronic funds transfer system which clears interbank electronic payments for participating depository financial institutions.Return to text

Office of the Inspector General Home