Management Report: Opportunities for Improvements in FDIC's	 
Internal Controls and Accounting Procedures (10-JUN-05, 	 
GAO-05-553R).							 
                                                                 
In February 2005, we issued our opinions on the calendar year	 
2004 financial statements of the Bank Insurance Fund (BIF), the  
Savings Association Insurance Fund (SAIF), and the FSLIC	 
Resolution Fund (FRF). We also issued our opinion on the	 
effectiveness of the Federal Deposit Insurance Corporation's	 
(FDIC) internal controls as of December 31, 2004, and our	 
evaluation of FDIC's compliance with significant provisions of	 
selected laws and regulations for the three funds for the year	 
ended December 31, 2004. The purpose of this report is to discuss
issues identified during our audits of the 2004 financial	 
statements regarding accounting procedures and internal controls 
that could be improved, and to recommend improvements to address 
these issues. Although these issues were not material in relation
to the financial statements, we believe they warrant management's
attention.							 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-05-553R					        
    ACCNO:   A26332						        
  TITLE:     Management Report: Opportunities for Improvements in     
FDIC's Internal Controls and Accounting Procedures		 
     DATE:   06/10/2005 
  SUBJECT:   Accounting errors					 
	     Financial statement audits 			 
	     Financial statements				 
	     Internal controls					 
	     Reporting requirements				 
	     Bank Insurance Fund				 
	     FSLIC Resolution Fund				 
	     Savings Association Insurance Fund 		 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-05-553R

A

United States Government Accountability Office Washington, D.C. 20548

June 10, 2005

Mr. Steven O. App
Deputy to the Chairman and Chief Financial Officer
Federal Deposit Insurance Corporation

Subject: Management Report: Opportunities for Improvements in FDIC's
Internal Controls and Accounting Procedures

Dear Mr. App:

In February 2005, we issued our opinions on the calendar year 2004
financial statements of the Bank Insurance Fund (BIF), the Savings
Association Insurance Fund (SAIF), and the FSLIC Resolution Fund (FRF). We
also issued our opinion on the effectiveness of the Federal Deposit
Insurance Corporation's (FDIC) internal controls as of December 31, 2004,
and our evaluation of FDIC's compliance with significant provisions of
selected laws and regulations for the three funds for the year ended
December 31, 2004.1

The purpose of this report is to discuss issues identified during our
audits of the 2004 financial statements regarding accounting procedures
and internal controls that could be improved, and to recommend
improvements to address these issues. Although these issues were not
material in relation to the financial statements, we believe they warrant
management's attention. We are making three recommendations for
strengthening FDIC's accounting procedures and internal controls. We
conducted our audits in accordance with U.S. generally accepted government
auditing standards.

Results in Brief	During 2004, we identified several internal control
issues that affected FDIC's accounting for the funds it administers.
Although the amounts would not have been material to the financial
statements taken as a whole, these issues would have resulted in reporting
errors had they not been

1 GAO, Financial Audit: Federal Deposit Insurance Corporation Funds' 2004
and 2003 Financial Statements, GAO-05-281 (Washington, D.C.: Feb. 11,
2005).

detected by our audit and corrected by FDIC. Specifically, we found the
following:

o 	FDIC made errors in calculations supporting its allowance for losses on
receivables from thrift resolutions. These errors would have led to
misstatements in SAIF's and FRF's financial statements.

o 	FDIC did not have effective compensating controls in place to ensure
the accuracy of pay computations related to the National Finance Center's
(NFC) Thrift Savings Plan (TSP). Other payroll expenses could have been
misstated in the funds' financial statements.

o 	FDIC did not detect billing errors made by a contractor, resulting in
overpayments to the contractor. The lack of effective invoice review
procedures increases the risk of overcharges for goods and services and
that they may not be detected and recovered.

We are making three recommendations regarding FDIC's accounting procedures
and internal controls. Implementation of these recommendations is intended
to strengthen FDIC's conformance with the internal control standards that
federal agencies are required to follow.2

In its comments, FDIC agreed with our recommendations and described
actions it has taken or plans to take to address the control weaknesses
described in this report. At the end of our discussion of each of the
issues in this report, we have summarized FDIC's related comments and our
evaluation.

                             Scope and Methodology

As part of our audits of the 2004 and 2003 financial statements of the
three funds administered by FDIC, we evaluated the Corporation's internal
controls and its compliance with selected provisions of laws and
regulations. We designed our audit procedures to test relevant controls,
including those for proper authorization, execution, accounting, and
reporting of transactions.

We requested comments on a draft of this report from the FDIC Deputy to
the Chairman and Chief Financial Officer. We received written comments

2 GAO, Standards for Internal Control in the Federal Government,
GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999).

and have reprinted the comments in enclosure I. Further details on our
scope and methodology are included in our report on the results of our
audits of the 2004 and 2003 financial statements and are reproduced in
enclosure II.

Asset Valuation	During our 2004 financial audit, we identified errors in
certain calculations supporting the allowance for losses on receivables
from thrift resolutions that were not identified during FDIC's normal
supervisory review process. These errors, while not material to SAIF's and
FRF's financial statements, nonetheless would have led to misstatements in
the financial statements had we not identified them through the audit
process. GAO's Standards for Internal Control in the Federal Government
requires agencies to implement internal control procedures to ensure the
accurate and timely recording of transactions and events. In addition,
these standards require that qualified and continual supervision be
provided to ensure that internal control objectives are achieved.

FDIC's receivables from thrift resolutions are paid off through the sale
of failed thrift assets of its receiverships. To determine the allowance
for losses on its receivables from failed thrift resolutions, FDIC
estimates values for the receivership assets to be disposed of through a
Loan Loss Reserve process. To ensure that consistent methods for valuing
assets are being applied, FDIC developed a uniform Standard Asset
Valuation Estimation (SAVE) methodology, which is documented in an asset
valuation policies and procedures manual (the SAVE manual). Cash flow
analysis is one of the key methodologies that is standardized in the SAVE
manual. As part of the cash flow analysis, future cash outflows and
inflows are estimated and a discount rate from an assumption listed in the
SAVE manual is to be applied. To further ensure both accuracy and
consistency, the SAVE manual requires two levels of review after the
valuation is prepared.

Despite these requirements, we found that three of five assets we reviewed
were not valued in accordance with the SAVE methodology. In one case, the
individual responsible for preparing the valuation failed to use all the
current available information as described in the SAVE manual to calculate
the asset valuation. In another case, the individual responsible for
preparing the asset valuation used an incorrect net present value formula
in the calculation. For the third case, the individual responsible for
preparing the asset valuation applied an incorrect discount rate over an
incorrect number of time periods (quarters) in the calculation. While FDIC
had

performed primary and secondary reviews of the asset valuations, both
reviews failed to detect errors in the asset valuation calculations. FDIC
corrected the errors after we brought them to its attention. In response
to this matter, FDIC stated that the lack of detection of these errors in
the first case was the result of a primary reviewer who was new to the
asset valuation process. FDIC re-reviewed six of its asset valuations
related to the other cases and advised us that they did not detect any
further deviations from the SAVE methodology.

We identified similar reviewing errors during our 2003 financial audit.3
At that time, FDIC stated that it had developed additional procedures to
ensure that proper review was being effectively implemented. However, as
our work during the 2004 audit indicates, these additional procedures have
not been fully effective in preventing or detecting asset valuation errors
in a timely manner.

Recommendation	We recommend that FDIC issue a formal notice to all
individuals who perform primary and secondary reviews of asset valuations
reminding them of their responsibility to ensure that assets are valued in
accordance with the SAVE methodology.

FDIC Comments and Our Evaluation

FDIC agreed with our recommendation. In response to our finding, FDIC
management stated that by July 31, 2005, a formal notice will be issued to
all individuals designated to perform primary and secondary reviews of
asset valuations to remind them of their responsibility to ensure that
assets are valued in accordance with the SAVE methodology, and to
reemphasize the importance of an in-depth review of the asset valuations.
We will evaluate the effectiveness of FDIC's actions during our 2005
financial audit.

3 GAO, Management Report: Opportunities for Improvements in FDIC's
Internal Controls and Accounting Procedures, GAO-04-677R (Washington,
D.C.: June 16, 2004).

Thrift Savings Plan	During our 2004 financial audit, we found that 11 FDIC
employees were incorrectly excluded from receiving a 1 percent agency
contribution to their TSP accounts. Although the total amount of these
errors was not material to the financial statements of the three funds,
FDIC is at risk that other payroll information processed by the NFC may
contain errors. Consistent with GAO's Standards for Internal Control in
the Federal Government, FDIC's internal control should provide reasonable
assurance that its financial transactions, including those processed by
NFC, are accurately recorded and that its staff are compensated properly.

The Federal Employees' Retirement System (FERS) became effective January
1, 1987. Almost all new employees hired after December 31, 1983, are
automatically covered by FERS. One of the components of the FERS
retirement plan is the TSP. For all FERS employees, the employing agency
is required to pay 1 percent of the basic pay every pay period into each
employee's TSP account whether or not the employee contributes to a TSP
account.4 NFC provides FDIC with centralized, automated, integrated
systems and support services for payroll and personnel payments, including
the 1 percent TSP agency contribution.

In October 2004, the U.S. Department of Agriculture's Inspector General
issued a report which contained a qualified opinion for the internal
control structure at NFC because certain control policies and procedures
at the center were not suitably designed or operating effectively.5 The
report described weaknesses in policies and procedures that may be
relevant to the internal control structure of NFC's customer agencies,
such as FDIC. The report further warned customer agencies that the
accuracy and reliability of any payroll-related data processed by NFC
ultimately rests with the customer agencies and any accompanying
compensating controls implemented by such agency. Given the seriousness of
the control weaknesses at NFC and the critical nature and sensitivity of
federal payroll, it is important that FDIC implement compensating controls
to ensure the Corporation's biweekly payroll is accurately processed by
NFC.

4 See 5 U.S.C. 8432 (c) (1).

5 U.S. Department of Agriculture Office of Inspector General Audit Report,
Fiscal Year 2004-Review of the National Finance Center General Controls,
Report No. 11401-20-FM (Washington, D.C.: Oct. 25, 2004).

Although FDIC has compensating controls to test payroll information
processed by NFC at an aggregate level, these procedures do not include
verifying NFC's mathematical calculations related to FDIC's payroll data
at the individual employee level. In our testing, we found that an
employee was incorrectly excluded from receiving the 1 percent
contribution. Once we notified FDIC of this situation, the Corporation
performed more detailed analyses and identified 10 additional employees
who were also not receiving the 1 percent contribution. FDIC made NFC
aware of this problem, and NFC subsequently corrected these employees' TSP
accounts. Additionally, NFC has informed FDIC that it is still trying to
determine the cause of the error. For its part, FDIC has recently
implemented an additional control by running a report every pay period to
detect any employees not receiving the agency's automatic 1 percent TSP
contribution.

Recommendation	In light of the errors we found in FDIC employees' TSP
accounts and continued serious internal controls deficiencies cited over
NFC's payroll processing functions, we recommend that FDIC review its
existing compensating controls over NFC-processed payroll information to
determine whether additional controls, such as periodically verifying
NFC's mathematical calculations related to FDIC's payroll data at the
individual employee level, are needed to ensure that other NFC
mathematical calculations related to FDIC's payroll data are correct.

FDIC Comments and Our FDIC agreed with our recommendation. The Division of
Administration's

Evaluation	Human Resources Branch at FDIC has reviewed its existing
compensating controls over NFC-processed payroll information and
determined that additional controls are not warranted at this time. We
will continue to review the effectiveness of FDIC's compensating controls
over NFCprocessed payroll information as part of our 2005 financial audit.

Contractor Payment	During our 2004 financial audit, we found that FDIC
approved and paid a monthly invoice to a contractor that contained an
overcharge. After we brought this error to FDIC's attention, the
Corporation discovered additional overcharge errors from the same
contractor in 13 other monthly invoices. GAO's Standards for Internal
Control in the Federal Government requires agencies to implement internal
control procedures to ensure the accurate and timely recording of
transactions and events. In addition, these standards require that
qualified and continual supervision be provided to ensure that internal
control objectives are achieved.

Specifically, we found that a contractor FDIC hired for computer-related
services incorrectly charged the Corporation a mark-up fee for
subcontractor costs in a January 2004 invoice. The terms of the contract
between FDIC and the contractor called for FDIC to pay for any
subcontractor costs based on the subcontractors' hourly rates, with no
surcharge or mark-up. FDIC's subsequent analysis of the 14 invoices
submitted by this contractor from August 2003 to September 2004 showed
that in each case, the contractor added a mark-up fee to the costs
associated with its use of subcontractors. FDIC ultimately determined the
total amount of the overcharges to be $32,713.35, for which it was
subsequently reimbursed by the contractor. Although all 14 monthly
invoices had been reviewed and approved by either or both the contracting
officer and oversight manager, the overcharges were not detected in the
invoice reviewing process.

The amount of the total overcharges was not material to the financial
statements of the three funds. Nonetheless, the lack of effective review
procedures over contractor invoices increases the risk that FDIC would be
overcharged for goods and services provided and that such overcharges may
not be timely detected and recovered.

Recommendation	We recommend that FDIC issue a formal notice to all
individuals who review and approve invoices reminding them of their
responsibility to compare each invoice to the terms of the contract prior
to approving the invoice for payment.

FDIC Comments and Our FDIC agreed with our recommendation. In response to
our finding, FDIC

Evaluation	management issued a memorandum on May 10, 2005, reminding
oversight managers of their critical responsibility for reviewing and
approving

contractor invoices. We will evaluate the effectiveness of FDIC's actions
during our 2005 financial audit.

This report contains recommendations to you. We would appreciate
receiving a description and status of your corrective actions within 30
days
of the date of this letter.

This report is intended for use by FDIC management, members of the FDIC
Audit Committee, and the FDIC Inspector General. We are sending copies
of this report to the Chairman and Ranking Minority Member of the Senate
Committee on Banking, Housing, and Urban Affairs; the Chairman and
Ranking Minority Member of the House Committee on Financial Services;
the Chairman of the Board of Directors of the Federal Deposit Insurance
Corporation; the Chairman of the Board of Governors of the Federal
Reserve System; the Comptroller of the Currency; the Director of the
Office
of Thrift Supervision; the Secretary of the Treasury; the Director of the
Office of Management and Budget; and other interested parties. In
addition,
this report will be available at no charge on GAO's web site at
http://www.gao.gov.

We acknowledge and appreciate the cooperation and assistance provided
by FDIC management and staff during our audits of FDIC's 2004 and 2003
financial statements. If you have any questions about this report or need
assistance in addressing these issues, please contact me on (202) 512-9521
or [email protected].

Sincerely yours,

Steven J. Sebastian
Director
Financial Management and Assurance

Enclosures

Enclosure I

            Comments from the Federal Deposit Insurance Corporation

Enclosure I
Comments from the Federal Deposit
Insurance Corporation

Enclosure I
Comments from the Federal Deposit
Insurance Corporation

Enclosure I
Comments from the Federal Deposit
Insurance Corporation

Enclosure II

                          Details on Audit Methodology

To fulfill our responsibilities as auditor of the financial statements of
the three funds administered by the FDIC, we did the following:

o 	examined, on a test basis, evidence supporting the amounts and
disclosures in the financial statements;

o 	assessed the accounting principles used and significant estimates made
by management;

o  evaluated the overall presentation of the financial statements;

o 	obtained an understanding of internal controls related to financial
reporting (including safeguarding assets) and compliance with selected
laws and regulations;

o 	tested relevant internal controls over financial reporting and
compliance, and evaluated the design and operating effectiveness of
internal control;

o 	considered FDIC's process for evaluating and reporting on internal
control based on criteria established by 31 U.S.C. S: 3512 (c), (d),
(commonly referred to as the Federal Managers' Financial Integrity Act);
and

o 	tested compliance with applicable laws and regulations, including
selected provisions of the Federal Deposit Insurance Act, as amended, and
the Chief Financial Officers Act of 1990.

Enclosure III

                     GAO Contact and Staff Acknowledgments

GAO Contact Steven J. Sebastian (202) 512-9521

Acknowledgments	Staff who made key contributions to this report were Gary
Chupka, Julia Duquette, Wing Lam and LaShawnda Wilson.

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

GAO's Mission

Obtaining Copies of GAO Reports and Testimony

The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly
released reports, testimony, and correspondence on its Web site. To have
GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone 	The first copy of each printed report is free.
Additional copies are $2 each. A check or money order should be made out
to the Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are discounted 25
percent. Orders should be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone: 	Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

To Report Fraud, Contact:

Waste, and Abuse in Web site: www.gao.gov/fraudnet/fraudnet.htm

E-mail: [email protected] Programs Automated answering system: (800)
424-5454 or (202) 512-7470

Gloria Jarmon, Managing Director, [email protected] (202)
512-4400Congressional U.S. Government Accountability Office, 441 G Street
NW, Room 7125 Relations Washington, D.C. 20548

Public Affairs 	Paul Anderson, Managing Director, [email protected] (202)
512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548

                           PRINTED ON RECYCLED PAPER
*** End of document. ***