Management Report: Opportunities for Improvements in FDIC's
Internal Controls and Accounting Procedures (16-JUN-04,
GAO-04-677R).
In February 2004, we issued our opinions on the calendar year
2003 financial statements of the Bank Insurance Fund (BIF), the
Savings Association Insurance Fund (SAIF), and the FSLIC
Resolution Fund (FRF). We also issued our opinion on the
effectiveness of the Federal Deposit Insurance Corporation's
(FDIC) internal controls as of December 31, 2003, and our
evaluation of FDIC's compliance with significant provisions of
selected laws and regulations for the three funds for the year
ended December 31, 2003. The purpose of this report is to discuss
issues identified during our audits of the 2003 financial
statements regarding accounting procedures and internal controls
that could be improved and to recommend improvements to address
these issues. Although these issues were not material in relation
to the financial statements, we believe they warrant management's
attention. We are making five recommendations for strengthening
FDIC's accounting procedures and internal controls. We conducted
our audits in accordance with U.S. generally accepted government
auditing standards.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-04-677R
ACCNO: A10501
TITLE: Management Report: Opportunities for Improvements in
FDIC's Internal Controls and Accounting Procedures
DATE: 06/16/2004
SUBJECT: Auditing procedures
Auditing standards
Audits
Federal funds
Financial statement audits
Financial statements
Fund audits
Internal controls
Bank Insurance Fund
Savings Association Insurance Fund
FSLIC Resolution Fund
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-04-677R
United States General Accounting Office Washington, DC 20548
June 16, 2004
Mr. Steven O. App
Deputy to the Chairman and Chief Financial Officer
Federal Deposit Insurance Corporation
Subject: Management Report: Opportunities for Improvements in FDIC's
Internal Controls and Accounting Procedures
Dear Mr. App:
In February 2004, we issued our opinions on the calendar year 2003
financial statements of the Bank Insurance Fund (BIF), the Savings
Association Insurance Fund (SAIF), and the FSLIC Resolution Fund (FRF). We
also issued our opinion on the effectiveness of the Federal Deposit
Insurance Corporation's (FDIC) internal controls as of December 31, 2003,
and our evaluation of FDIC's compliance with significant provisions of
selected laws and regulations for the three funds for the year ended
December 31, 2003.1
The purpose of this report is to discuss issues identified during our
audits of the 2003 financial statements regarding accounting procedures
and internal controls that could be improved and to recommend improvements
to address these issues. Although these issues were not material in
relation to the financial statements, we believe they warrant management's
attention. We are making five recommendations for strengthening FDIC's
accounting procedures and internal controls. We conducted our audits in
accordance with U.S. generally accepted government auditing standards
Results in Brief
During 2003, we identified several internal control issues that affected
FDIC's accounting for the funds it administers. These weaknesses would
have resulted in reporting errors had they not been detected and
corrected. Specifically, we found the following:
1U.S. General Accounting Office, Financial Audit: Federal Deposit
Insurance Corporation Funds' 2003 and 2002 Financial Statements,
GAO-04-429 (Washington, D.C.: Feb. 13, 2004).
o FDIC erroneously accounted for funds it received related to
securitizations that terminated in prior years, which would have caused
the related FRF account balances to be misstated.
o FDIC did not always follow its procedures relating to time and
attendance reporting, which would have resulted in an improper allocation
of operating expenses among the funds.
o FDIC made errors in calculations supporting its allowance for losses
on receivables from thrift resolutions. These errors would have led to
misstatements in FRF's financial statements.
At the end of our discussion of each of these issues in the following
sections, we make recommendations for strengthening FDIC's internal
controls. Implementation of these recommendations is intended to bring
FDIC into conformance with the
2
internal control standards that federal agencies are required to follow.
In its comments, FDIC agreed with our recommendations and described
actions it has taken or plans to take to address the control weaknesses
described in this report. At the end of our discussion of each of the
issues in this report, we have summarized FDIC's related comments and our
evaluation.
Scope and Methodology
As part of our audits of the 2003 and 2002 financial statements of the
three funds administered by FDIC, we evaluated the corporation's internal
controls and its compliance with selected provisions of laws and
regulations. We designed our audit procedures to test relevant controls,
including those for proper authorization, execution, accounting, and
reporting of transactions.
We requested comments on a draft of this report from the FDIC Deputy to
the Chairman and Chief Financial Officer. We received written comments and
have reprinted the comments in enclosure I. Further details on our scope
and methodology are included in our report on the results of our audits of
the 2003 and 2002 financial statements and are reproduced in enclosure II.
Accounting for Terminated Securitizations
During our 2003 financial audit, we found that FDIC did not always
properly account for the funds it received related to terminated
securitization deals. This resulted in certain account balances for FRF
being misstated. GAO's Standards for Internal Control in the Federal
Government3 requires that transactions be accurately recorded.
2 U.S. General Accounting Office, Standards for Internal Control in the
Federal Government,
GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999).
3 GAO/AIMD-00-21.3.1
The former Resolution Trust Corporation (RTC)4 engaged in numerous
securitization transactions as a means of recovering the value of assets
from failed financial institutions. These transactions involved selling
receivership loans to trusts that in turn issued bonds, known as
mortgage-backed securities, to investors. Two types of assets resulted
from these transactions: credit enhancement reserves and residual
certificates. A portion of the proceeds from the sale of the bonds was
placed in credit enhancement reserves to protect the bondholders from
losses. Residual certificates entitle the holder to excess cash that
results when the proceeds from the sale of the underlying loans is greater
than the funds needed to pay off the bonds. FDIC, as the owner of the
credit enhancement reserves and residual certificates, receives the
remaining funds when a securitization deal terminates. When a deal
terminates, the credit enhancement reserve account for the particular deal
is adjusted to zero, and either a realized gain or loss is recorded. In a
given year, FDIC may receive funds related to securitization deals that
terminated in prior years.
During our audit, we found that FDIC erroneously accounted for four of the
five instances in which it received funds related to securitization deals
that terminated in prior years.5 While FDIC correctly determined that
funds it received in 2003 pertained to the credit enhancement reserves on
the terminated deals, it improperly recorded journal entries that
erroneously decreased (credited) the credit enhancement reserve account
instead of adjusting the realized gain or loss account. This resulted in
the related FRF account balances being understated. FDIC recorded entries
to correct these errors after we brought this matter to its attention.
FDIC's policy requires that accounting entries for cash collections
related to the RTC securitization deals not be made by staff responsible
for administering the deals. The accounting entries are required to be
made by staff from another business unit, but are to be made at the
direction of staff responsible for administering the deals. The journal
entries we reviewed were approved and recorded in FDIC's general ledger by
staff other than those responsible for administering the securitization
deals. However, there was no evidence on the journal entries that staff
preparing the entries had received the required input and direction from
staff responsible for administering the securitization deals. In addition,
training of new staff responsible for administering securitization-related
transactions did not cover activity related to previously terminated
deals. These factors contributed to the errors we identified during our
testing of securitization transactions.
Recommendation
We recommend that FDIC management formally remind staff responsible for
recording activity associated with securitization transactions of the need
to obtain input and approval from the individual responsible for
administering the securitization deals prior to recording the activity in
FDIC's accounting records.
4 FDIC is charged with the responsibility for the sale of the remaining
assets and satisfaction of the
liabilities associated with the RTC.
5 When these particular deals terminated, the trustees held back funds
owed to FDIC because of
unresolved issues with one or more of the parties to the deals.
FDIC Comments and Our Evaluation
FDIC agreed with our recommendation. In response to our finding, FDIC
management stated that they have reiterated to staff responsible for
recording cash transactions, including securitization activity, the
procedures relating to proper preparation, documentation, and review of
journal vouchers. We will evaluate the effectiveness of FDIC's actions
during our 2004 financial audit.
Time and Attendance Reporting
During our 2003 financial audit, we found that FDIC's controls over time
and attendance reporting did not always ensure that such information was
properly recorded, resulting in incorrect reporting. GAO's Standards for
Internal Control in the Federal Government6 requires that all transactions
be recorded accurately and timely, all transactions and other significant
events be clearly documented, and the documentation should be readily
available for examination.
FDIC's payroll processing procedures call for employees to complete a
Corporate Time and Attendance Worksheet (CTAW) and submit it to a
timekeeper. The timekeeper reviews the CTAW and the supporting documents
and enters the data into the corporation's Biweekly Time and Attendance
System. The timekeeper prints a Time and Attendance Report for
Certification (Report for Certification) for each employee, and compares
the report to each employee's CTAW to ensure data was entered completely
and correctly. Supervisors are required to compare the Report for
Certification, the CTAW, and all other supporting documents for
consistency and accuracy. Additionally, supervisors verify the accuracy of
the employee's hours worked and leave taken, and ensure that hours are
charged to the correct fund, organization, program, location, and project
codes. The supervisor signs and dates each employee's Report for
Certification, certifying the accuracy of the data. Timekeepers are
required to receive all approved time and attendance related documents and
reports from the supervisor, and file all original documents in a locked
file cabinet.
In testing a sample of operating expenses, we found three cases where the
CTAW and Report for Certification entries did not match. These errors were
not discovered by either the timekeeper or the supervisor, resulting in
the incorrect recording of these transactions. In two cases, the
organization/program coding was incorrect, which would have resulted in an
improper allocation of operating expense among the funds had FDIC not
corrected the errors when we brought them to its attention. In the third
case, direct expense charges to BIF were incorrect. We also noted that, in
a fourth case, the Report for Certification was not signed and it took
FDIC 2 months to locate the related CTAW.
6 GAO/AIMD-00-21.3.1
Recommendation
We recommend that FDIC management formally remind
o timekeepers of their responsibility to compare the Report for
Certification to each employee's CTAW to ensure data was entered
completely and correctly,
o supervisors of their responsibility to verify the accuracy of the
employee's time and attendance data by signing and dating each employee's
Report for Certification, and
o timekeepers of their responsibility to receive all approved time and
attendance documents and reports from supervisors and to file all original
documents in a locked file cabinet.
FDIC Comments and Our Evaluation
FDIC agreed with our recommendations. In response to our findings, FDIC
stated that it had sent notices to its timekeepers and supervisors
reminding them of their responsibilities and has held refresher timekeeper
training courses. FDIC also stated that it would review its policy on time
and attendance reporting to identify any needed improvements in the
policy. We will evaluate the effectiveness of FDIC's actions during our
2004 financial audit.
Asset Valuation
During our 2003 financial audit, we identified errors in certain
calculations supporting the allowance for losses on receivables from
thrift resolutions that were not identified during FDIC's normal
supervisory review process. These errors, while not material to FRF's
financial statements, nonetheless would have led to misstatements in the
financial statements had we not identified them through the audit process.
GAO's Standards for Internal Control in the Federal Government7 requires
agencies to implement internal control procedures to ensure the accurate
and timely recording of transactions and events. In addition, these
standards require that qualified and continual supervision be provided to
ensure that internal control objectives are achieved.
FDIC's receivables from bank/thrift resolutions are paid off through the
sale of failed bank/thrift assets of its receiverships. To determine the
allowance for losses on its receivables from failed bank/thrift
resolutions, FDIC estimates values for the receivership assets to be
disposed of through a Loan Loss Reserve (LLR) process. To ensure that
consistent methods for valuing assets are being applied, FDIC developed a
uniform Standard Asset Valuation Estimation (SAVE) methodology, which is
documented in an asset valuation policies and procedures manual (the SAVE
manual). Per the SAVE manual, equity in subsidiaries' assets are valued
using the Subsidiary Cash Recovery Analysis Worksheets and Cash Flow
Worksheets to determine the estimated present values of the assets'
estimated recovery. As part of the cash flow analysis, future cash
outflows and inflows are estimated and a discount
7 GAO/AIMD-00-21.3.1
rate from an assumption listed in the SAVE manual is to be applied. To
further ensure both accuracy and consistency, the SAVE manual requires two
levels of review after the valuation is prepared.
Despite these requirements, we found that two of six assets we reviewed
were not valued in accordance with the SAVE methodology. In both cases,
the individual responsible for preparing the valuation failed to use the
prescribed standard yield comparison rate as part of calculating the
overall discount rate for equity in subsidiary assets. Additionally, in
one of these cases, the preparer also made errors in the calculation of
future cash flows, which contributed to the overall error found in the
valuation of the asset. While FDIC had performed primary and secondary
reviews of the asset valuations, both reviews failed to detect errors in
the asset valuation calculations. FDIC corrected the errors after we
brought them to its attention. While the errors, totaling over $570,000,
were not material to the financial statements, they indicate that the
review procedures are not fully effective in preventing or timely
detecting errors in the asset valuation process.
Recommendation
We recommend that FDIC management examine its current review procedures
and controls related to its loan loss reserve estimation process and
revise them if necessary to ensure the review guidelines are properly
implemented.
FDIC Comments and Our Evaluation
FDIC agreed with our recommendation. In response to our finding, FDIC
stated that it had developed additional procedures to ensure proper review
is being implemented.
We will evaluate the effectiveness of FDIC's actions during our 2004
financial audit.
This report contains recommendations to you. We would appreciate receiving
a description and status of your corrective actions within 30 days of the
date of this letter.
This report is intended for use by FDIC management, members of the FDIC
Audit Committee, and the FDIC Inspector General. We are sending copies of
this report to the Chairman and Ranking Minority Member of the Senate
Committee on Banking, Housing, and Urban Affairs; the Chairman and Ranking
Minority Member of the House Committee on Financial Services; the Chairman
of the Board of Directors of the Federal Deposit Insurance Corporation;
the Chairman of the Board of Governors of the Federal Reserve System; the
Comptroller of the Currency; the Director of the Office of Thrift
Supervision; the Secretary of the Treasury; the Director of the Office of
Management and Budget; and other interested parties. In addition, this
report will be available at no charge on GAO's web site at
http://www.gao.gov.
We acknowledge and appreciate the cooperation and assistance provided by
FDIC management and staff during our audits of FDIC's 2003 and 2002
financial statements. If you have any questions about this report or need
assistance in addressing these issues, please contact Julia Duquette,
Assistant Director, at (202) 512-5131 or [email protected].
Sincerely yours,
Steven J. Sebastian
Director
Financial Management and Assurance
Enclosures - 3
Enclosure I
Comments from the Federal Deposit Insurance Corporation
Enclosure II
Details on Audit Scope and Methodology
To fulfill our responsibilities as auditor of the financial statements of
the three funds administered by the FDIC, we did the following:
o Examined, on a test basis, evidence supporting the amounts and
disclosures in the financial statements;
o Assessed the accounting principles used and significant estimates made
by management;
o Evaluated the overall presentation of the financial statements;
o Obtained an understanding of internal controls related to financial
reporting (including safeguarding assets) and compliance with laws and
regulations;
o Tested relevant internal controls over financial reporting and
compliance, and evaluated the design and operating effectiveness of
internal control;
o Considered FDIC's process for evaluating and reporting on internal
control based on criteria established by 31 U.S.C. S: 3512 (c), (d)
(commonly referred to as the Federal Managers' Financial Integrity Act);
and
o Tested compliance with selected provisions of the Federal Deposit
Insurance Act, as amended, and the Chief Financial Officers Act of 1990.
Enclosure III
GAO Contacts and Staff Acknowledgments GAO Contacts Julia Duquette, (202)
512-5131 Gary Chupka, (202) 512-9314
Acknowledgments
Staff who made key contributions to this report were Ronald Bergman, John
Craig, and Timothy Murray.
(196015)
GAO's Mission
Obtaining Copies of GAO Reports and Testimony
The General Accounting Office, the audit, evaluation and investigative arm
of Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability of
the federal government for the American people. GAO examines the use of
public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
The fastest and easiest way to obtain copies of GAO documents at no cost
is through the Internet. GAO's Web site (www.gao.gov) contains abstracts
and fulltext files of current reports and testimony and an expanding
archive of older products. The Web site features a search engine to help
you locate documents using key words and phrases. You can print these
documents in their entirety, including charts and other graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document files.
To have GAO e-mail this list to you every afternoon, go to www.gao.gov and
select "Subscribe to e-mail alerts" under the "Order GAO Products"
heading.
Order by Mail or Phone The first copy of each printed report is free.
Additional copies are $2 each. A check or money order should be made out
to the Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are discounted 25
percent. Orders should be sent to:
U.S. General Accounting Office 441 G Street NW, Room LM Washington, D.C.
20548
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061
To Report Fraud, Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm
Waste, and Abuse in E-mail: [email protected]
Federal Programs Automated answering system: (800) 424-5454 or (202)
512-7470
Jeff Nelligan, Managing Director, [email protected] (202) 512-4800
Public Affairs U.S. General Accounting Office, 441 G Street NW, Room 7149
Washington, D.C. 20548
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
*** End of document. ***