Federal Reserve Banks: Internal Controls Over Cash at Atlanta, Los
Angeles, and Philadelphia Banks (Letter Report, 08/28/97,
GAO/AIMD-97-127).

Pursuant to a congressional request, GAO reviewed the work of the
Federal Reserve's external auditor, Coopers & Lybrand L.L.P., in
reporting on the effectiveness of the internal control structure over
financial reporting for cash at the Atlanta and Philadelphia Federal
Reserve Banks, and the Los Angeles Branch, focusing on whether: (1) the
work was conducted in accordance with applicable professional standards;
and (2) supported the auditor's opinion on managements' assertions on
the effectiveness of the internal controls over cash operations.

GAO noted that: (1) GAO's review disclosed no instances in which Coopers
& Lybrand's work to support its opinions on the effectiveness of the
internal control structures over financial reporting and safeguarding
for coin and currency at the Atlanta and Philadelphia Federal Reserve
Banks, and the Los Angeles Branch did not comply, in all material
aspects, with the American Institute of Certified Public Accountants'
Attestation Standards; (2) Coopers & Lybrand obtained and documented an
understanding of the internal control policies and procedures, developed
by the Federal Reserve Banks, to manage and account for each of the four
main cash operating functions: receiving/shipping, currency processing,
vault, and cash administration; (3) Coopers & Lybrand also performed
tests and other procedures in support of its evaluation of the design
and operating effectiveness of the internal controls in order to form an
opinion about the reliability of management's assertion; and (4) for
each examination, Coopers & Lybrand concluded that the Federal Reserve
Bank management fairly stated its assertion that the bank maintained an
effective internal control structure over financial reporting and
safeguarding for cash as of the date specified by management based on
criteria established in the Internal Control--Integrated Framework
issued by the Committee on Sponsoring Organizations of the Treadway
Commission.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  AIMD-97-127
     TITLE:  Federal Reserve Banks: Internal Controls Over Cash at 
             Atlanta, Los Angeles, and Philadelphia Banks
      DATE:  08/28/97
   SUBJECT:  Federal reserve banks
             Bank examination
             Internal controls
             Currency and coinage
             Bank management
             Accounting procedures
             Auditing procedures
             Cash management
IDENTIFIER:  COSO Internal Control Integrated Framework
             

Federal Reserve Banks: Internal Controls Over Cash at Atlanta, Los
Angeles, and Philadelphia Banks (Letter Report, 08/28/97,
GAO/AIMD-97-127).

Pursuant to a congressional request, GAO reviewed the work of the
Federal Reserve's external auditor, Coopers & Lybrand L.L.P., in
reporting on the effectiveness of the internal control structure over
financial reporting for cash at the Atlanta and Philadelphia Federal
Reserve Banks, and the Los Angeles Branch, focusing on whether: (1) the
work was conducted in accordance with applicable professional standards;
and (2) supported the auditor's opinion on managements' assertions on
the effectiveness of the internal controls over cash operations.

GAO noted that: (1) GAO's review disclosed no instances in which Coopers
& Lybrand's work to support its opinions on the effectiveness of the
internal control structures over financial reporting and safeguarding
for coin and currency at the Atlanta and Philadelphia Federal Reserve
Banks, and the Los Angeles Branch did not comply, in all material
aspects, with the American Institute of Certified Public Accountants'
Attestation Standards; (2) Coopers & Lybrand obtained and documented an
understanding of the internal control policies and procedures, developed
by the Federal Reserve Banks, to manage and account for each of the four
main cash operating functions: receiving/shipping, currency processing,
vault, and cash administration; (3) Coopers & Lybrand also performed
tests and other procedures in support of its evaluation of the design
and operating effectiveness of the internal controls in order to form an
opinion about the reliability of management's assertion; and (4) for
each examination, Coopers & Lybrand concluded that the Federal Reserve
Bank management fairly stated its assertion that the bank maintained an
effective internal control structure over financial reporting and
safeguarding for cash as of the date specified by management based on
criteria established in the Internal Control--Integrated Framework
issued by the Committee on Sponsoring Organizations of the Treadway
Commission.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  AIMD-97-127
     TITLE:  Federal Reserve Banks: Internal Controls Over Cash at 
             Atlanta, Los Angeles, and Philadelphia Banks
      DATE:  08/28/97
   SUBJECT:  Federal reserve banks
             Bank examination
             Internal controls
             Currency and coinage
             Bank management
             Accounting procedures
             Auditing procedures
             Cash management
IDENTIFIER:  COSO Internal Control Integrated Framework
             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************


Cover
================================================================ COVER


Report to the Ranking Minority Member, Committee on Banking and
Financial Services, House of Representatives

August 1997

FEDERAL RESERVE BANKS - INTERNAL
CONTROLS OVER CASH AT ATLANTA,
LOS ANGELES, AND PHILADELPHIA
BANKS

GAO/AIMD-97-127

Federal Reserve Banks

(917761)


Abbreviations
=============================================================== ABBREV

  AICPA - American Institute of Certified Public Accountants
  CAS - Cash Automation System
  COSO - Committee on Sponsoring Organizations of the Treadway
     Commission
  IAS - Integrated Accounting System

Letter
=============================================================== LETTER


B-276265

August 28, 1997

The Honorable Henry B.  Gonzalez
Ranking Minority Member
Committee on Banking and Financial Services
House of Representatives

Dear Mr.  Gonzalez: 

This letter responds to your request that we review the work done by
the Federal Reserve's external auditor (Coopers & Lybrand L.L.P.) in
reporting on the effectiveness of the internal control structure over
financial reporting for cash at the Atlanta and Philadelphia Federal
Reserve Banks, and the Los Angeles Branch.  The external auditor's
work was conducted in response to a previous GAO recommendation that
the Federal Reserve Board of Governors obtain an external examination
of internal controls over cash operations at the Los Angeles
Branch.\1 Coopers & Lybrand reported that management for each of the
three banks fairly stated their assertions that the banks maintained
effective internal controls over financial reporting and safeguarding
for coin and currency as of the date of management's assertion on the
effectiveness of the internal controls.\2

You asked us to review the work done by the Federal Reserve's
external auditor including the scope of its work and the conclusions
reached.  Accordingly, our objective was to determine whether the
work was conducted in accordance with applicable professional
standards and supported the auditor's opinions on managements'
assertions on the effectiveness of the internal controls over cash
operations. 

In our September 1996 report, we also recommended that the Federal
Reserve Board consider annual examinations of internal controls at
each Federal Reserve Bank.  In this regard, Federal Reserve officials
advised us that they intend to include internal control examinations
as a component of the annual financial statement audits of the
Federal Reserve Banks. 


--------------------
\1 Federal Reserve Banks:  Inaccurate Reporting of Currency at the
Los Angeles Branch (GAO/AIMD-96-146, September 30, 1996). 

\2 Managements' assertions and the auditor's reports as originally
issued only specifically stated financial reporting controls.  Based
on our inquiries about this language and the scope of the auditor's
work, managements' assertions and the auditor's reports were
appropriately reissued to also include safeguarding of cash.  The
revision conformed the reports to the reporting language suggested by
a May 1994 addendum to the control criteria used by management and
the auditor that is discussed in the background section of this
report. 


   RESULTS IN BRIEF
------------------------------------------------------------ Letter :1

Our review disclosed no instances in which Coopers & Lybrand's work
to support its opinions on the effectiveness of the internal control
structures over financial reporting and safeguarding for coin and
currency at the Atlanta and Philadelphia Federal Reserve Banks, and
the Los Angeles Branch did not comply, in all material respects, with
the American Institute of Certified Public Accountants' (AICPA)
Attestation Standards. 

Coopers & Lybrand obtained and documented an understanding of the
internal control policies and procedures, developed by the Federal
Reserve Banks, to manage and account for each of the four main cash
operating functions:  receiving/shipping, currency processing, vault,
and cash administration.  Coopers & Lybrand also performed tests and
other procedures in support of its evaluation of the design and
operating effectiveness of the internal controls in order to form an
opinion about the reliability of management's assertion. 


   BACKGROUND
------------------------------------------------------------ Letter :2


      CASH OPERATIONS AT THE
      FEDERAL RESERVE
---------------------------------------------------------- Letter :2.1

The Federal Reserve, as the United States' central bank, has primary
responsibility for maintaining the nation's cash supply.  In carrying
out this responsibility, Federal Reserve Banks perform various
cash-related functions to meet the needs of the depository
institutions served by the Federal Reserve Banks.  At the 37 Federal
Reserve Banks and Branches which make up the Federal Reserve System,
the cash operations function is responsible for shipping cash to meet
the needs of depository institutions, receiving shipments of new
currency from the Bureau of Engraving and Printing, new coin from the
U.S.  Mint, and incoming deposits of excess and unfit currency and
coin from depository institutions.  In addition to maintaining
custodial controls over the cash in its possession, each Federal
Reserve Bank and Branch processes currency received from circulation
and records and summarizes the various accounting transactions
associated with these activities. 

While the 37 Federal Reserve Banks and Branches perform the same
cash-related functions, they may use different systems and processes
to manage and account for the cash under their control.  The Federal
Reserve Banks and Branches in three of the System's 12
districts--Atlanta, Philadelphia, and San Francisco--use the Cash
Automation System (CAS) to manage and account for cash under their
control.  CAS is an electronic inventory system which, among other
features, tracks coin and currency activities and balances by
denomination and identifies bank operating units with custodial
responsibility for cash.  Certain data maintained in CAS are used to
provide daily updates to the bank's general ledger system.  CAS data
are also used by bank officials to prepare monthly currency activity
reports.  These reports, which track each Federal Reserve Bank's
monthly currency activities and end-of-month vault balance, are used
by the Federal Reserve Board to monitor currency activities across
the Federal Reserve System. 


      INTERNAL CONTROL ISSUES
      REGARDING CURRENCY REPORTING
      AT THE LOS ANGELES BRANCH
---------------------------------------------------------- Letter :2.2

In September 1996, we reported on the results of a review of currency
activity reports prepared by the Los Angeles Branch.  The review
responded to concerns about reported inaccuracies in certain of the
bank's monthly currency activity reports.  The review's objectives
were to determine the nature of currency reporting inaccuracies and
review actions intended to resolve them.  Our review found that
certain data needed for the October through December 1995 currency
activity reports were forced to ensure that the reports agreed with
the Los Angeles Branch's end-of-month balance sheet.  As a result,
analysis by a bank analyst showed that receipts from circulation were
understated by $5.8 million in October, overstated by $61.8 million
in November and understated by $111 million in December.  Our review
noted problems with the reporting of currency activities which raised
concern about the quality of the Los Angeles Reserve Branch's
internal control environment and potential CAS system limitations
which could affect currency accounting and reporting. 

In response to the review's findings and recommendations, the Federal
Reserve Board took a number of immediate actions specific to the Los
Angeles Branch including (1) revising policies and procedures for
preparing the monthly currency activity report, (2) conducting an
unannounced 100-percent count of the Los Angeles Branch's currency
and coin holdings and comparing the results to the bank's balance
sheet, and (3) conducting an internal review of the bank's cash
operations and related financial records.  The Federal Reserve Board
reported that (1) the results of the physical count confirmed that
the Los Angeles Branch's balance sheet accurately reflected its
currency and coin holdings and (2) its examiners found that the
accounting for the cash handled by the bank was accurate and that
proper safeguards and controls existed to ensure the integrity of the
bank's financial records. 

In addition to actions addressing the Los Angeles Branch's currency
reporting and controls, the Federal Reserve Board arranged for an
external examination of internal control over cash operations at
certain banks that use CAS to manage and account for cash
operations--the subject of this report. 


      EXTERNAL REVIEW OF CASH
      OPERATIONS AT THREE FEDERAL
      RESERVE BANKS
---------------------------------------------------------- Letter :2.3

Our September 1996 report recommended that, given the problems in
preparing the currency activity report using CAS data in Los Angeles,
the Federal Reserve Board require an external review of internal
controls.  In response to our recommendation, the Federal Reserve
Board hired Coopers & Lybrand L.L.P., an independent public
accounting firm, to examine and report on managements' assertions
about the effectiveness of the internal control structure over
financial reporting and safeguarding\3 for cash at three banks--the
Federal Reserve Bank of Atlanta's Home Office, the Federal Reserve
Bank of San Francisco's Los Angeles Branch, and the Federal Reserve
Bank of Philadelphia. 

These banks represent 3 of the 12 cash operations located in the
Reserve System which use CAS to provide inventory and management
control and accounting for cash-related activities.  Table 1 provides
1996 currency data on the relative size and volume of currency
processing activities at the 3 locations covered by Coopers &
Lybrand's external examinations, the 12 which use CAS, and the entire
37 banks and branches. 



                                Table 1
                
                  Comparative Federal Reserve Currency
                        Activity Data for 1996\a

                             (In billions)

                            Federal Reserve locations
                                    using CAS
                           ----------------------------
                                                                All 37
                                                 All 12        Federal
                             3 locations      locations  Reserve Banks
                                examined      using CAS   and Branches
Total value of currency
 Received                         $ 94.7        $ 181.5        $ 591.2
 Processed                        $ 76.3        $ 143.8        $ 377.3
 Destroyed                        $ 30.6         $ 59.1        $ 149.0
 Shipped                          $ 63.9        $ 119.4        $ 422.0
 On-hand at year-end              $ 12.1         $ 23.5        $ 100.3
Average daily value of
 currency
 Received                       $ 0 .376       $ 0 .720          $ 2.3
 Processed                      $ 0 .303       $ 0 .571          $ 1.5
 Destroyed                      $ 0 .121       $ 0 .235          $ 0.6
 Shipped                        $ 0 .254       $ 0 .474          $ 1.7
Total currency notes
 Received                            5.7           11.7           35.0
 Processed                           4.2            8.8           23.6
 Destroyed                           1.5            3.5            8.7
 Shipped                             4.1            8.1           25.7
 On-hand at year-end                 0.8            1.6            5.1
Average daily currency
 notes
 Received                         0 .023         0 .047         0 .139
 Processed                        0 .017         0 .035         0 .093
 Destroyed                        0 .006         0 .014         0 .035
 Shipped                          0 .016         0 .032         0 .102
----------------------------------------------------------------------
\a The currency activity data was compiled by GAO based on data
provided by the Federal Reserve Board.  Currency received includes
deposits of excess and unfit currency from depository institutions as
well as new currency received from the Bureau of Engraving and
Printing.  The data have not been verified and are provided for
informational purposes only.  The data exclude coin held under the
control of Federal Reserve Banks.  As of December 31, 1996, the coin
held by all Federal Reserve Banks was $591 million; by the 12 Federal
Reserve locations using CAS, $199 million; and by 3 Federal Reserve
locations examined by Coopers & Lybrand, $76 million. 

The objective of Coopers & Lybrand's examinations was to opine on
whether managements' assertions on the effectiveness of internal
controls were fairly stated based on the internal control criteria
used by management.  In performing its examinations and concluding on
the reliability of managements' assertions, Coopers & Lybrand
performed an attest engagement which is governed by the AICPA's
Attestation Standards. 

The attestation standards provide both general and specific guidance
which is intended to enhance the consistency and quality of these
engagements.  The attestation standards consist of general,
fieldwork, and reporting standards which apply to all attestation
engagements and individual standards which apply to specific types of
attestation engagements.  The attestation standards supplement
existing auditing standards by reenforcing the need for technical
competence, independence in attitude, due professional care, adequate
planning and supervision, sufficient evidence, and appropriate
reporting. 

In addition to the general, fieldwork, and reporting attestation
standards, Coopers & Lybrand's examination at the three Reserve Banks
was also subject to requirements of a specific attestation
standard--Statement on Standards for Attestation Engagements No.  2,
Reporting on an Entity's Internal Control Structure Over Financial
Reporting.  This standard provides guidance on planning, conducting,
and reporting on the engagement, including evaluating the design and
operating effectiveness of internal controls.  A key provision of the
standard is that management use reasonable control criteria which
have been established by a recognized body in evaluating the internal
control structure's effectiveness.  This requirement ensures that
management uses commonly understood and/or accepted control criteria
in concluding on the internal control structure's effectiveness and
that the practitioner uses the same criteria in forming an opinion on
management's assertion.  Management for each of the Federal Reserve
Banks covered by Coopers & Lybrand's examinations based their
assessments of internal control effectiveness on criteria contained
in the Internal Control-Integrated Framework issued in September 1992
by the Committee on Sponsoring Organizations of the Treadway
Commission (COSO). 

To develop a broad understanding of internal control and establish
standards for assessing its effectiveness, COSO developed a
structured approach--the Integrated Framework--which defines internal
control and describes how it relates to an entity's operations. 
Internal control represents the process, designed and operated by an
entity's management and personnel, to provide reasonable assurance
that fundamental organizational objectives are achieved.  The
Integrated Framework describes internal control in terms of
objectives, essential components of internal control, and criteria
for assessing internal control effectiveness. 

Internal control objectives--what internal controls are intended to
achieve--fall into three distinct but overlapping categories: 
operations--relating to effective and efficient use of an entity's
resources; financial reporting--relating to preparing reliable
financial statements; and compliance--relating to an entity's
compliance with laws and regulations.  Safeguarding controls are a
subcategory within each of these control objectives.  Safeguarding
controls--those designed to prevent or promptly detect unauthorized
acquisition, use, or disposition of an entity's resources--are
primarily operations controls.  However, certain aspects of
safeguarding controls can also be considered compliance and financial
reporting controls.  When legal or regulatory requirements apply to
use of resources, operations controls designed to safeguard the
efficient and effective use of resources also address compliance
objectives.  Similarly, objectives designed to ensure that losses
associated with the use or disposition of resources are properly
recognized and reflected in the entity's financial statements also
address financial reporting objectives. 

In May 1994, COSO issued an addendum to its Integrated Framework to
provide specific reporting guidance on controls concerning
safeguarding of assets.\4 COSO stated that there is a reasonable
expectation that a management report will cover not only controls to
help ensure that transactions involving an entity's assets are
properly reflected in the financial statements, but also controls to
help prevent or promptly detect unauthorized acquisition, use, or
disposition of the underlying assets.  COSO believes it is important
that this expectation be met.  The addendum provided suggested
wording for management's report on internal control over financial
reporting to also specifically state safeguarding of assets when
covered by management's report. 

Internal control, as described in the Integrated Framework, consists
of five essential and interrelated components:  control environment,
risk assessment, control activities, information and communication,
and monitoring.  The control environment represents the control
consciousness of an entity, its management, and staff.  Risk
assessment refers to the awareness and management of relevant
internal and external risk associated with achieving established
objectives.  Control activities represent the operating policies and
procedures designed to help ensure that management's
directives--desired actions intended to address risks--are carried
out.  Information and communication refers to the need for relevant
and useful information to be communicated promptly to management and
staff for use in carrying out their responsibilities.  The monitoring
component refers to the need to monitor and assess over time the
effectiveness of internal control policies and procedures in
achieving their intended objectives. 

The nature and extent to which an entity's internal control structure
incorporates the five control components represent criteria that can
be used in assessing the internal control effectiveness of operating,
financial reporting, and compliance controls.  Management can assess
and report on the effectiveness of any of the three categories of
control objectives.  Internal controls can be judged effective if,
for each category of control objective reported on, management has
reasonable assurance that each of the five control components has
been effectively incorporated into the entity's internal control
structure.  COSO recognized that determining effectiveness was a
subjective judgment.  Similarly, with respect to effectiveness of
safeguarding controls, controls can be judged effective if management
has reasonable assurance that unauthorized acquisition, use, or
disposition of an entity's assets that could have a material effect
on the financial statements are being prevented or detected promptly. 


--------------------
\3 An entity's internal control structure over financial reporting
includes those policies and procedures that pertain to an entity's
ability to record, process, summarize, and report financial data
consistent with the assertions embodied in the entity's financial
statements.  Safeguarding of assets refers to those controls designed
to provide reasonable assurance regarding prevention or timely
detection of unauthorized acquisition, use, or disposition of an
entity's assets that could have a material effect on the financial
statements. 

\4 Internal Control - Integrated Framework:  Addendum to "Reporting
to External Parties," May 1994, COSO. 


   RESULTS OF EXTERNAL REVIEWS OF
   CONTROL OVER CASH OPERATIONS
------------------------------------------------------------ Letter :3

For each examination, Coopers & Lybrand concluded that Federal
Reserve Bank management fairly stated its assertion that the bank
maintained an effective internal control structure over financial
reporting and safeguarding for cash as of the date specified by
management based on criteria established in the Internal
Control--Integrated Framework issued by COSO. 

Coopers & Lybrand's examinations were conducted at different times
during the late summer and fall of 1996 because management for each
of the three Reserve Banks made their assertions about the
effectiveness of internal controls as of different specified dates
(Atlanta, September 30, 1996; Los Angeles, August 31, 1996; and
Philadelphia, October 31, 1996).  In making an assertion as of a
point in time, the scope of management's assessment of internal
controls is limited to the design and operating effectiveness of
internal controls in place on the date of management's assertion. 

In addition to its positive conclusions on the reliability of
management's assertion on the effectiveness of financial reporting
and safeguarding controls, Coopers & Lybrand's report contains
standard language related to the inherent limitations in any internal
control structure and projections of results of any internal control
structure evaluation to other periods.  This language, required by
the AICPA's Attestation Standards, is intended to remind readers that
(1) internal controls, no matter how well designed and operated, can
provide only reasonable assurance that internal control objectives
are achieved, and (2) projections of the results of any internal
control structure evaluation to any other period is subject to the
risk that the internal control structure may be inadequate because of
changes in conditions, or the degree of adherence to policies and
procedures may deteriorate. 


   SCOPE AND METHODOLOGY
------------------------------------------------------------ Letter :4

To perform our work, we met with Federal Reserve officials and the
Coopers & Lybrand partner and audit manager responsible for the
examination and discussed the nature of the examination of internal
controls over financial reporting and safeguarding for cash.  We also
discussed the applicable attestation standards and internal control
criteria used by the firm in conducting the examination.  We reviewed
the applicable attestation standards and evaluation criteria
(Internal Control--Integrated Framework issued by COSO) used by the
bank's management and Coopers & Lybrand to assess the effectiveness
of internal controls over financial reporting and safeguarding for
cash. 

We also reviewed the Coopers & Lybrand working papers supporting its
opinions on internal controls at the Atlanta, Los Angeles, and
Philadelphia Federal Reserve Banks.  We looked for evidence that the
work had been planned and performed in accordance with applicable
attestation standards.  We also looked for evidence that Coopers &
Lybrand's work addressed the applicable internal control criteria. 
Where necessary, we obtained additional understanding of the
procedures performed through discussions with the partner and audit
manager of Coopers & Lybrand.  Where Coopers & Lybrand's working
papers indicated that it used work performed by the Federal Reserve
Banks' General Auditors with respect to electronic data processing
controls, we conducted interviews with the General Auditor staff for
the three banks and Federal Reserve Automation Services and reviewed
their applicable internal audit working papers. 

We visited the Atlanta, Los Angeles, and Philadelphia banks to
enhance our understanding of the respective internal control
structures over financial reporting and safeguarding for cash. 
During our visits, which took place during April and May 1997, we
observed the processes and internal controls in the respective bank's
cash department that had been identified and documented by Coopers &
Lybrand, and held discussions with management and staff of the cash
department and the internal audit department. 

We performed our work from January 1997 through June 1997.  Our
review was performed in accordance with generally accepted government
auditing standards.  We requested comments on a draft of this report
from the Federal Reserve System Board of Governors.  On August 1,
1997, the Board of Governors of the Federal Reserve System provided
us with comments that are included in appendix II and discussed in
the agency comments section of this report. 


   EXTERNAL AUDITOR'S PROCEDURES
------------------------------------------------------------ Letter :5

In performing its examinations, Coopers & Lybrand (1) obtained an
understanding of the procedures and internal controls, (2) evaluated
the design effectiveness of the controls, (3) tested and evaluated
the operating effectiveness of the controls, and (4) formed opinions
about whether managements' assertions regarding the effectiveness of
the internal controls were fairly stated, in all material respects,
based on the COSO control criteria.  Internal controls usually
involve two elements:  a policy establishing what should be done and
procedures to effect the policy.  The procedures include a range of
activities such as approvals, authorizations, verifications,
reconciliations, physical security, and separation of duties. 

Coopers & Lybrand found that the Federal Reserve has developed
custody control standards and procedures that provide a framework for
establishing systems of internal controls to protect cash processed
and stored at the banks.  Coopers & Lybrand's working papers
described the cash operating process the banks followed in managing,
controlling, and accounting for cash operations.  This process is
broken down into four major areas:  (1) receiving/shipping of cash,
(2) processing of currency to check the accuracy of deposits from
depository institutions, identify counterfeit currency, and determine
the currency's fitness for recirculation, (3) vault storage of cash,
and (4) cash administration.  The cash operations followed by the
banks are discussed in more detail in appendix I. 

Coopers & Lybrand's work focused on the internal controls designed to
properly record, process, and summarize transactions to permit the
preparation of reliable financial statements and to maintain
accountability for assets (financial reporting controls) and
safeguard assets against loss from unauthorized acquisition, use, or
disposition (safeguarding controls).  These controls include two
categories of information system control activities\5 which serve to
ensure completeness, accuracy, and validity of the financial
information in the system. 

In order to determine whether the internal controls provided
reasonable assurance that losses or misstatements material in
relation to the financial statements would be prevented or detected
as of the date of management's assertion, Coopers & Lybrand tested
the operating effectiveness of the internal controls.  The testing
methods included observation, inquiry, and inspection. 

No one specific control test is necessary, applicable, or equally
effective in every circumstance.  Generally, a combination of these
types of control tests is performed to provide the necessary level of
assurance.  The types of tests performed for each control activity
are determined by the auditor using professional judgment and depend
on the nature of the control to be tested and the timing of the
control test.  For example, documentation of some control activities
may not be available or relevant and evidence about the effectiveness
of operation is obtained through observation or inquiry.  Also, some
activities, such as those relating to the resolution of exception
items, may not occur on the date that the auditor is conducting the
tests.  In those cases, the auditor needs to inquire about the
procedures performed when exceptions occur. 

Observation tests are conducted by observing entity personnel
actually performing control activities in the normal course of their
duties.  For example, Coopers & Lybrand observed the physical
separation between the carriers and the receiving and shipping teams,
the use of locks and seals on the containers used for storing
currency, and the preparation of the end of day proof by each of the
teams.  In currency processing, Coopers & Lybrand observed
preparation of the processing unit proof, transfer of currency to and
from the processing teams, and processing team operations. 
Observation of processing operations documented in their working
papers included the handling of currency rejected by the high speed
machine and its processing on the slower speed machine, and the
physical transfer of rejected currency from the processing team to
the cancellation team. 

Inquiry tests are conducted by making either oral or written
inquiries of entity personnel involved in the application of specific
control activities to determine what they do or how they perform the
specific control activity.  For example, Coopers & Lybrand's
inquiries of bank personnel included asking about procedures
performed when containers stored in the vault are found to have
broken seals and when discrepancies in shipments are reported by the
depository institutions. 

Inspection tests are conducted by examining documents and records for
evidence (such as the existence of initials, signatures, or other
indications) that a control activity was applied to those documents
and records.  Coopers & Lybrand used inspection to test controls such
as the daily reconciliation of CAS and the general ledger system, the
end of day proofs prepared by each team, vault inventories, and
monitoring logs prepared by cash department management personnel. 

Similarly, Coopers & Lybrand tested computer controls through
observation, inquiry, and inspection.  For example, they observed the
enforcement of physical access controls such as logging of visitors
and video surveillance.  They asked management about the control
procedures over changes to the CAS program code and corroborated the
information they were given by interviewing system users and
application developers.  They inspected a system log to verify that
backup tapes were being produced on schedule. 

For many of the computer controls tests in their work program,
Coopers & Lybrand consulted with Federal Reserve Bank's General
Auditors to gain an understanding of the computer controls and/or
examined their working papers to further corroborate information that
Coopers & Lybrand obtained through observation, inquiry, and
inspection.  In addition to other tests conducted by inspection,
observation, and inquiry, the banks' internal audit working papers
evidenced tests based upon independent verification of compliance
with computer control procedures.  For example, the General Auditors
for the Federal Reserve Bank in Philadelphia selected five days of
work for each of five cash processing rooms and examined system
reports and manual logs to verify that the high-speed currency
processing machines were tested daily and that they returned
acceptable results before being put into production. 


--------------------
\5 General controls are the policies and procedures that apply to the
entity's overall computer operations and create the environment which
ensures the continued, proper operation of the application systems. 
Application controls include computerized steps within the
application software and related manual procedures to provide
reasonable assurance of accurate and reliable processing. 


   RESULTS OF GAO'S REVIEW OF
   COOPERS & LYBRAND'S EXAMINATION
------------------------------------------------------------ Letter :6

The results of our review disclosed no instances in which Coopers &
Lybrand did not comply, in all material respects, with the AICPA's
Attestation Standards in the work described above.  We found that
Coopers & Lybrand's working papers adequately documented that it had
planned, performed and supervised the work.  The working papers
contained evidence that the auditor had an appropriate level of
knowledge about the Federal Reserve Banks and had considered relevant
work from prior years' audits, such as descriptions of the internal
control structure.  The scope of the examination was detailed in a
written engagement letter.  We found that the work was performed by
staff who were independent with respect to the Federal Reserve Banks
and had adequate experience.  Also, the working papers evidenced that
the staff had been properly supervised.  For example, key working
papers were reviewed by the Audit Manager and Partner. 

We found that Coopers & Lybrand used audit tools to assist it in
documenting the internal controls for each of the processes included
in cash operations.  For example, its auditors prepared worksheets
which identified internal control objectives, the related risks and
the control activities designed to address the objectives.  Also,
they prepared work programs which described the procedures to be
performed to test the control activities, and they documented the
results of their tests in written working papers.  They used similar
audit tools for their review of computer controls, documenting in
their working papers the control objectives to be tested, the
procedures performed, and their conclusions.  In accordance with the
attestation standards, the working papers contained written
assertions made by management about the effectiveness of the bank's
internal controls and contained a written management representation
letter. 


   AGENCY COMMENTS
------------------------------------------------------------ Letter :7

In commenting on a draft of this report, the Board of Governors of
the Federal Reserve System fully concurred with our conclusion on
Coopers & Lybrand's work.  The Board of Governors indicated that our
conclusions are consistent with those of the Board's Inspector
General.  Also, the Board of Governors noted that the financial
controls in each Reserve Bank's operations, including cash, will be
evaluated on an ongoing basis as part of Coopers & Lybrand's audit
procedures in order to render an opinion on the financial statements. 
Further, the cash operations controls are reviewed regularly by the
Banks' internal auditors, the Board's financial examiners, Board
staff who conduct periodic operations reviews of Reserve Bank cash
functions, and the Department of Treasury reviews of currency
destruction activities. 


---------------------------------------------------------- Letter :7.1

We are sending copies of this report to the Chairman of the Board of
Governors of the Federal Reserve System; the Secretary of the
Treasury; the Chairman of the House Committee on Banking and
Financial Services; the Chairman and Ranking Minority Member of the
Senate Committee on Banking, Housing, and Urban Affairs; and the
Director of the Office of Management and Budget.  Copies will be made
available to others upon request. 

Please contact me at (202) 512-9406 if you or your staff have any
questions.  Major contributors to this report are listed in appendix
III. 

Sincerely yours,

Robert W.  Gramling
Director, Corporate Audits
 and Standards


CASH OPERATIONS AT THE ATLANTA,
LOS ANGELES, AND PHILADELPHIA
FEDERAL RESERVE BANKS
=========================================================== Appendix I

As the United States' central bank, the Federal Reserve has primary
responsibility for maintaining the nation's cash supply.  In carrying
out this responsibility, Federal Reserve Banks perform various
cash-related operations.  At the 37 Federal Reserve Banks and
Branches, the cash operations function is responsible for receiving
new coin from the U.S.  Mint, new currency from the Bureau of
Engraving and Printing, cash from depository institutions, currency
processing, safeguarding cash held on deposit, and shipping cash to
meet the needs of depository institutions.  In addition, Federal
Reserve Banks must record and summarize the various accounting
transactions associated with their cash-related activities.  While
each Federal Reserve Bank performs the same basic cash-related
functions, banks may use different systems and procedures to manage
and account for the cash under their control. 

Federal Reserve Banks in Atlanta, Los Angeles, and Philadelphia use
the Cash Automation System (CAS) to provide inventory, safeguarding,
and accounting control over currency processing.  CAS is an
electronic inventory system which, among other features, tracks coin
and currency activities and balances by denomination, and identifies
bank operating units with custodial responsibility for cash.  Certain
data maintained in CAS are used to provide daily updates to the
Federal Reserve's general ledger system.  CAS data are also used by
Federal Reserve officials to prepare monthly currency activity
reports.  In addition to CAS, the three Federal Reserve Banks use
procedural controls to safeguard cash and account for
processing-related activities.  These controls include restricted
access, joint custody, segregation of processing-related duties,
video surveillance cameras, supervisory review, and monitoring. 

Presented below is a general description of the cash operations
functions at the three Federal Reserve Banks examined by Coopers &
Lybrand.  While the description focuses on currency operations, the
handling and control procedures over coin are similar to those for
currency, with a few notable differences.  For example, coins are
handled in bags and their content is verified through a weighing
process, while currency notes received from depository institutions
are individually checked by high-speed equipment for accuracy,
fitness, and authenticity.  Also, coin is stored in a separate vault
from currency. 

RECEIVING/SHIPPING

Each work day, depository institutions may notify Federal Reserve
Banks electronically of currency that they are depositing with or
ordering from each bank.  The notification includes the dollar amount
and denominational breakdown for the deposit or order.  The cash is
transported between the Federal Reserve Banks and depository
institutions by armored carriers which enter the bank buildings
through secured entrances.  To ensure the integrity of the currency
received from or transferred to the carriers, the Federal Reserve
Banks use a minimum of two-person receiving or shipping teams.  These
teams are always physically separated from the carriers as shipments
are unloaded or loaded by the carriers.  For example, carriers unload
or load the currency into a glass-walled room (sometimes called an
anteroom) which is bordered on one end by the carriers' entrance and
on the other end by the receiving or shipping room.  Each anteroom
has two sets of locking doors on either end.  The receiving or
shipping team cannot enter the anteroom when the carrier is unloading
or loading currency.  Currency transfers are accepted on a "said to
contain"\1 basis.  Carriers verify currency transfers by checking the
number and denomination of currency bags to see if they match the
stated contents on the manifests. 

When currency is received by a Federal Reserve Bank, the receiving
team counts the number of bags received from each depository
institution and independently compares this to the carrier's manifest
before accepting the currency from the carrier.  Subsequently, the
receiving team counts the bundles\2 of currency to verify the total
amount received.  These counts of the number of bundles received for
each denomination are performed independently by each team member. 
The team members then independently put their counts into CAS where
they are compared to each other and to the deposit notification
received from the depository institution.  If the counts match, the
depository institution automatically receives credit for the
shipment.  If the counts do not match, the difference is investigated
and must be resolved before the end of day closeout or reconciliation
process can be completed.  After the counts are completed, the
currency is transferred to a vault in a sealed container\3 where it
is safeguarded until it goes through currency processing. 

When currency is being shipped to fill an order, the currency is
transferred from the vault to a shipping team.  The shipping team
inspects the integrity of the seals on the containers prior to
accepting accountability for the currency.  The shipping team
prepares the order by placing the currency in sealed bags.  The team
members independently count the order and put their counts into CAS
where they are compared to each other and to the order notification
received electronically from the depository institution.  Because the
carrier accepts the shipment on a said-to-contain basis, any
discrepancies subsequently identified by the depository institution
in the amounts of currency in the bags must be resolved with the
Federal Reserve Bank that filled the order. 

At the end of each shift, each receiving and shipping team prepares a
daily proof to ensure that all of the currency transferred to the
team from a carrier or the vault is accounted for either in the
team's ending inventory or through transfers to the vault or
carriers. 

CURRENCY PROCESSING

Currency received from depository institutions is processed to check
the accuracy of the deposit, identify counterfeit currency, and
determine the currency's fitness.  The processing takes place in
glass-walled rooms which have numerous surveillance cameras and
locked doors that enable the processing team to control access to
each room and its contents.  Processing teams are composed of either
two or three members who share joint custody and accountability for
the team's currency holdings and processing activities. 

On a scheduled basis, the processing machines are tested to ensure
they are performing within established tolerance levels.  The tests
consist of running currency test decks through the machines to
determine whether they are correctly counting the notes, identifying
and rejecting different denominations and counterfeit currency, and
identifying and shredding soiled currency.  Testing is performed by
trained currency processing staff who are not directly involved in
routine processing activities.  The test results are tracked through
automated output reports which are reviewed by the test operator and
management.  If the test results indicate the need for service, site
engineers are available to service the machines.  Test decks are only
used for a specified number of tests after which the test decks are
destroyed.  Custody of the test decks is tracked in the CAS inventory
and access is restricted through the use of locked storage
containers. 

All currency received from circulation is processed initially on a
high-speed machine which counts the notes and tests for denomination,
soil level, and authenticity.  One of three things can happen to
individual currency notes as they are processed on the high-speed
machine.  Currency which passes the machine's various tests is
considered fit for recirculation and is repackaged with a new
currency strap which identifies the Federal Reserve Bank, the
processing team, and the date the currency was processed.  Currency
failing only the soil test is shredded on-line by the high-speed
machine which generates output reports that track the number and
denomination of currency shredded during the shift.  The high-speed
machine also rejects currency for incorrect denomination,
questionable soil levels, and/or potential counterfeit.  This
currency undergoes further processing to check denomination and
authenticity on a slower speed machine.  Differences in count are
tracked by the automated output reports and recorded in CAS as
adjustments\4 to the depository institution's deposit.  Depository
institutions are notified--via a written adjustment advice--of
changes to their previously recorded deposit amounts. 

Rejected currency is transferred to a slower machine for further
processing and inspection along with the straps that identify the
depository institution that packaged the currency.  The operator
enters the rejected currency into the slower speed machine where it
is retested for denomination, soil level, and counterfeit.  Currency
which passes the retests is shredded on-line and tracked in automated
output reports.  Currency which fails any one of the retests is
rejected by the slower speed machine.  The rejects, along with the
cause for the rejections, are tracked and separately reported in
automated output reports.  These reports are also used to adjust the
depository institution's account with the Federal Reserve Bank for
the amount of the difference. 

Currency rejected by the slower speed machine is sorted for off-line
destruction or transfer.  Counterfeit items are stamped "Counterfeit"
and transferred daily from the processing team to independent clerks
who examine, count, and collect counterfeit currency for shipment to
the U.S.  Secret Service for follow-up and analysis.  Currency
rejected for denomination and soil level is transferred daily to a
separate team for cancellation and subsequent off-line destruction. 
In the presence of the processing team, a cancellation team counts
and accepts the transfer of the rejected currency for cancellation. 
The transfer is recorded in the CAS system.  The team takes the
rejected currency in a locked container to a cancellation room where
the currency is cancelled by punching bank-specific-shaped holes into
the currency.  The cancellation process is monitored by an
independent observer who also monitors the transfer of the cancelled
currency to a separate off-line destruction team.  Upon verification
and approval by the off-line destruction team, the transfer of
cancelled currency is recorded in CAS. 

Off-line destruction occurs periodically throughout the week and is
monitored by an independent observer who counts the number and
denomination of the currency straps to be destroyed and matches it to
the strap count performed by the off-line destruction team.  In
addition, the destruction team and independent observer follow
prescribed policies which include sample counts of individual low
value currency notes and a 100 percent count of higher value currency
notes.  Once this count is completed, the off-line destruction team,
along with the independent observer, takes the cancelled currency to
a special room where it is destroyed in a shredder.  Once all
currency has been destroyed, the destruction team and the independent
observer inspect the shredder to ensure that all cancelled currency
was destroyed.  Following the off-line destruction, the team
generates from CAS a certificate of destruction based on the earlier
currency transferred to the off-line destruction team.  The
certificate of destruction is signed by the team and the observer and
forwarded to Cash Administration for use in the end-of-day
reconciliation. 

At the end of each shift, each processing team prepares its unit
proof.  The proof is designed to ensure that the processing team can
account for the team's currency holdings and processing activities by
tracking the value of its beginning and ending inventory, its
currency transfers in and out, and any adjustments arising during
processing.  After the team completes and accepts the proof data, it
is transmitted electronically to CAS where it is compared to related
currency data entered into CAS during the shift.  If the proof data
balance and agree with related currency data in CAS, the unit proof
is accepted.  If the proof data do not agree with related currency
data in CAS, the processing team must request management assistance
to identify and resolve differences. 

VAULT STORAGE

The Federal Reserve Banks use vaults to safeguard the currency they
hold.  The vault is a separate room within the cash department and a
record is maintained of all persons who enter and exit the vault each
day.  Access to the vault may also be restricted through the use of
keys or swipe cards.  When stored in the vault, currency of the same
denomination is stacked in locked containers.  Cash department
employees have a set of locks with their own personal key or
combination.  The employees use these locks to secure the containers
for which they are accountable.  In addition to the locks, each
two-person team secures the containers with two prenumbered seals. 
In some Federal Reserve Banks, the locks are removed while the
containers are stored in the vault.  When this occurs, the integrity
of the seals is verified when accountability for the container is
transferred to another team. 

In some Federal Reserve Banks, accountability for the currency is
transferred to vault custodians when the currency is stored in the
vault.  In other Federal Reserve Banks, accountability for currency
stored in the vault stays with either the receiving or shipping team,
and the vault custodians serve more of an administrative function. 
In both cases, the vault custodians periodically conduct a rack count
of the currency in the vault (i.e., daily in Atlanta and Los Angeles,
weekly in Philadelphia) and reconcile the count to CAS.  The
custodians also prepare a daily proof at the end of each day to
ensure that all transfers of currency in and out of the vault match
shipping, receiving and high-speed processing records. 

CASH ADMINISTRATION

The Cash Administration independent proof clerk is responsible for
producing the department proof, the daily reconciliation of CAS and
the Integrated Accounting System (IAS),\5 and submitting manual
entries to the IAS.  All manual IAS entries must balance and be
reviewed and approved by management.  Before the department proof can
be produced, CAS is used to verify that all teams have produced their
final unit proofs, and the cash department inventory and transaction
totals agree.  The department proof lists all of the transactions and
current inventory balances for each of the department's teams
(receiving, shipping, processing, and vault).  The independent proof
clerk then compares the department inventory total to the calculated
balance from CAS.  The calculated balance is determined by taking the
ending inventory from the previous day and adding/subtracting for the
current day's transactions.  The two totals must be equal. 

Throughout the day, transactions from CAS are automatically uploaded
and posted to IAS.  The daily reconciliation of CAS and IAS involves
the comparison of the end-of-day department inventory totals from CAS
to the total reflected in IAS.  The two totals must be equal. 
Periodically, the independent proof clerk performs a blind
confirmation of the reconciliation in which the clerk is "locked out"
of IAS and submits the CAS balances to the accounting department for
reconciliation.  The daily reconciliations of CAS and IAS are
reviewed and approved by cash administration management. 



(See figure in printed edition.)Appendix II

--------------------
\1 "Said to contain" means that the carrier accepts responsibility
only for the number of sealed bags, without regard to the amounts
contained in the bags.  The carrier is not responsible for any
differences that either the Federal Reserve Bank or depository
institution identifies unless the integrity of the bag seals was
compromised while under the carrier's responsibility. 

\2 A bundle consists of 10 straps of 100 notes each. 

\3 The seal numbers are entered into CAS to track the container. 

\4 Within established time frames, the credit given a depository
institution when its deposit is received by the Federal Reserve Bank
is subject to adjustment based on the results of processing the
currency. 

\5 IAS is the Federal Reserve's general ledger system. 


COMMENTS FROM THE BOARD OF
GOVERNORS OF THE FEDERAL RESERVE
SYSTEM
=========================================================== Appendix I



(See figure in printed edition.)



(See figure in printed edition.)


MAJOR CONTRIBUTORS TO THIS REPORT
========================================================= Appendix III

ACCOUNTING AND INFORMATION
MANAGEMENT DIVISION, WASHINGTON,
D.C. 

John J.  Reilly, Assistant Director
Christine A.  Robertson, Assistant Director
C.  Les Thompson, Assistant Director

ATLANTA FIELD OFFICE

Sharon S.  Kittrell, Auditor

*** End of document. ***