An audit by the Office of Inspector General concluded that information security programs at both the Federal Reserve Board and the Consumer Financial Protection Bureau are no longer effective due to critical vulnerabilities.