FROM DOC_DB.DOCUMENT D, DOC_DB.REPORTS R, DOC_DB.BACKGROUND B
*
ERROR at line 2:
ORA-00942: table or view does not exist
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-06-772R
TITLE: Management Report: Opportunities for Improvements in FDIC's
Internal Controls and Accounting Procedures
DATE: 07/11/2006
-----------------------------------------------------------------
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-06-772R
* PDF6-Ordering Information.pdf
* Order by Mail or Phone
July 11, 2006
Mr. Steven O. App
Deputy to the Chairman and Chief Financial Officer
Federal Deposit Insurance Corporation
Subject: Management Report: Opportunities for Improvements in FDIC's
Internal Controls and Accounting Procedures
Dear Mr. App:
In March 2006, we issued our opinions on the calendar year 2005 financial
statements of the Bank Insurance Fund (BIF), the Savings Association
Insurance Fund (SAIF), and the FSLIC Resolution Fund (FRF). We also issued
our opinion on the effectiveness of the Federal Deposit Insurance
Corporation's (FDIC) internal control over financial reporting (including
safeguarding assets) and compliance as of December 31, 2005, and our
evaluation of FDIC's compliance with significant provisions of selected
laws and regulations for the three funds for the year ended December 31,
2005.1
The purpose of this report is to discuss issues identified during our
audits of the 2005 financial statements regarding internal controls and
accounting procedures that could be improved, and to recommend actions to
address these weaknesses. Although these issues were not material in
relation to the financial statements, we believe they warrant management's
attention. We are making eight recommendations for strengthening FDIC's
internal controls and accounting procedures. We conducted our audits in
accordance with U.S. generally accepted government auditing standards.
Results in Brief
During our audits of the 2005 financial statements, we identified several
internal control issues that affected FDIC's accounting for the funds it
administers. Although
1 GAO, Financial Audit: Federal Deposit Insurance Corporation Funds' 2005
and 2004 Financial Statements, GAO-06-146 (Washington, D.C.: Mar. 2,
2006).
we do not consider them to be material weaknesses2 or reportable
conditions,3 we believe they warrant management's consideration.
Specifically, we found that FDIC:
o Made errors in several of its operating expense allocation
percentages. These errors would have resulted in misstatements in
the BIF, SAIF, and FRF financial statements.
o Did not detect several internal control deficiencies in its
procurement process, two of which resulted in misstatements in the
BIF, SAIF, and FRF financial statements, though the misstatements
were not considered material.
o Did not detect allocation errors in its Supplemental Payment
System. These errors resulted in misstatements in the BIF, SAIF,
and FRF financial statements, though the misstatements were not
considered material.
o Lacked complete control over checks in its Dallas mailroom. The
lack of effective safeguarding control procedures increased the
risk of theft, loss, or misappropriation of assets.
We are making eight recommendations regarding FDIC's internal controls and
accounting procedures. Implementation of these recommendations would
strengthen FDIC's conformance with the internal control standards that
federal agencies are required to follow4 and minimize the risk of future
misstatements in the three funds' financial statements.
In its comments, FDIC agreed with our recommendations and described
actions it has taken or plans to take to address the control weaknesses
described in this report. At the end of our discussion of each of the
issues in this report, we have summarized FDIC's related comments and our
evaluation.
Scope and Methodology
As part of our audits of the 2005 and 2004 financial statements of the
three funds administered by FDIC,5 we evaluated the Corporation's internal
controls and its compliance with selected provisions of laws and
regulations. We designed our audit procedures to test relevant controls,
including those for proper authorization, execution, accounting, and
reporting of transactions.
2 Material weaknesses are defined as a condition in which the design or
operation of one or more of the internal control components does not
reduce to a relatively low level the risk that misstatements caused by
error or fraud in amounts that would be material in relation to the
financial statements may occur and not be detected within a timely period
by employees in the normal course of performing their assigned functions.
3 Reportable conditions are defined as significant deficiencies in the
design or operation of internal control that could adversely affect the
entity's ability to record, process, summarize, and report financial data
consistent with the assertions of management in the financial statements.
4 GAO, Standards for Internal Control in the Federal Government,
GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999).
5 On February 8, 2006, the President signed into law the Federal Deposit
Insurance Reform Act of 2005. Among its provisions, the act calls for
merging the Bank Insurance Fund and Savings Association Insurance Fund
into a single Deposit Insurance Fund. The merger occurred on March 31,
2006.
We requested comments on a draft of this report from the FDIC Deputy to
the Chairman and Chief Financial Officer. We received written comments and
have reprinted the comments in enclosure I. Further details on our scope
and methodology are included in our report on the results of our audits of
the 2005 and 2004 financial statements, and are reproduced in enclosure
II.
Expense Allocation
During our testing of a sample of operating expense transactions, we
identified several erroneous percentages used in FDIC's expense allocation
process. These errors led to an incorrect allocation of expenses among
BIF, SAIF, and FRF. GAO's Standards for Internal Control in the Federal
Government requires agencies to implement internal control procedures to
ensure the accurate and timely recording of transactions and events. In
addition, these standards require that qualified and continuous
supervision be provided to ensure that internal control objectives are
achieved.
Operating expenses not directly attributable to BIF, SAIF, and FRF are
allocated to each fund using predetermined expense allocation percentages.
These percentages are developed during FDIC's annual corporate planning
and budget process. With its implementation of a new accounting system in
May 2005, FDIC's process for entering modifications to its expense
allocation percentages changed. Previously, the process for modifying the
allocation percentages merely required FDIC to modify information in a
table within the accounting system, which in turn automatically updated
the system; under the new accounting system, all changes to the allocation
percentages must be made via a journal entry. The general ledger manager
in the Division of Finance (DOF) is required to review and approve journal
entries for adjusting the allocation percentages along with the underlying
support.
In comparing the allocation source reports prepared by the budget office
to the actual percentages in the accounting system, we found that FDIC
used erroneous expense allocation percentages in four cases. This resulted
in an over allocation of expenses to BIF and FRF of $50,539 each, and an
under allocation to SAIF of $101,078. FDIC corrected these misallocations
in 2005 and corrected the allocation percentages for future allocations.
Although the journal entries for the allocation percentages were approved
by the general ledger manager, the review and approval process failed to
identify these errors. Per discussions with FDIC officials, these errors
were caused by the manager's inexperience with the new accounting system
and the similarity of the allocation percentages.
Recommendation
To minimize the risk of incorrect expense allocation among the funds, we
recommend that FDIC issue a formal notice to all individuals who review
and approve journal entries for the expense allocation percentages
reminding them of their responsibility to properly review proposed changes
to these percentages.
FDIC Comments and Our Evaluation
FDIC agreed with our recommendation and stated that it will reemphasize to
personnel having a general ledger manager role in the new accounting
system that one of their primary responsibilities is to properly review
all journal entries, including entries adjusting the allocation
percentages. We will evaluate the effectiveness of FDIC's actions during
our 2006 financial audit.
Procurement Process
During our 2005 financial audit, we found several internal control
deficiencies in FDIC's procurement process, two of which resulted in
incorrect charges to the funds. GAO's Standards for Internal Control in
the Federal Government requires agencies to implement internal control
procedures to ensure proper execution of transactions and events. In
addition, these standards require that qualified and continuous
supervision be provided to ensure that internal control objectives are
achieved.
Procurement is performed mainly by the Acquisition Services Branch (ASB)
within the Division of Administration. FDIC's Acquisition Policy Manual
(FDIC Circular 3700.16) provides a consolidated and uniform set of
policies and procedures for procuring goods and services on behalf of the
corporation in its corporate, receivership, and conservatorship
capacities. Generally, procurement begins when a requestor electronically
completes a Requirements Package including a Procurement Requisition.
After the requisition is approved by the requestor's division, ASB will
begin to purchase the goods and services. This purchase is generally
processed by the use of a purchase order or a contract. ASB is responsible
for entering purchase order or contract information into the accounting
system, including price, delivery information, due date, program codes,
and account codes. Once the contracted goods/services have been
received/performed, the invoices are sent to the Disbursement Operations
Unit (DOU) within DOF. DOU is responsible for date stamping, entering
information into the accounting system, and electronically routing the
invoice to the appropriate oversight manager for approval. The information
entered includes the vendor's name, invoice date, mailing address, and
invoice amount. Once the oversight manager electronically approves the
invoice, it is processed for payment.
We reviewed the procurement process from requisition through the payment
of invoices by selecting and testing samples of operating expense
transactions. In testing these transactions, we identified the following
issues:
o A contractor who provided various advertising services to FDIC
billed estimated expenses for its subcontractors to FDIC while the
contract terms specified that the invoices were to be based on
actual incurred costs. According to the FDIC oversight manager for
this contract, it is commercial practice for advertising companies
to bill based on estimated costs; however, this contract was not
amended to include the appropriate terms and conditions for
advance payment. The contractor conducted a year-end fiscal
closeout that included a detailed reconciliation to its
subcontractors' invoices. Based on the reconciliation, $132,800
was refunded to FDIC in March 2006.
o Two transactions for computer consulting services, valued at
$5,446 and $84,325 respectively, were incorrectly charged solely
to BIF instead of allocated among BIF, SAIF, and FRF. Both of
these transactions were approved by oversight managers. After we
brought this to FDIC's attention, we were told that many employees
were still learning the corporation's new accounting system.
Accordingly, these errors were caused by the oversight managers'
lack of experience with the new system. As a result of these
errors, BIF was overcharged $15,278, and SAIF and FRF were
undercharged $12,582 and $2,696, respectively.
o An approved procurement-related transaction for $122,878 was
incorrectly charged to a wrong purchase order. According to FDIC,
this incorrect charge was due to the related oversight manager
being newly assigned to this particular contract and all purchase
order numbers having changed due to the implementation of the new
accounting system. Because both the original purchase order and
the incorrectly charged purchase order have the same allocation
fund expense percentages, there was no dollar impact on the funds.
o A $30,432 payment to a contractor for computer-related services
was approved without verification of related subcontractor
charges. The supporting subcontractor invoices were not readily
available for review because they were not submitted with the
prime contractor's monthly invoice, even though the contract
required all subcontractor invoices to be submitted with the
monthly invoice. After we requested that FDIC obtain the related
subcontractor's invoices, we found that the related charges were
correct.
In our 2004 financial audit, we found the same type of control
issue but with negative consequences. FDIC was overcharged nearly
$33,000 because this same contractor did not furnish related
subcontractor invoices to FDIC, and FDIC personnel were not
verifying the subcontractor charges. In response to this finding,
FDIC issued a memorandum in May 2005, reminding oversight managers
of their critical responsibility for reviewing and approving
contractor invoices. Nonetheless, the transaction we tested in
2005 was reviewed and approved by the oversight manager in July
2005, and again the oversight manager failed to follow FDIC's
policies and procedures to obtain subcontractor's invoices to
verify charges prior to payment.
Recommendations
To improve internal controls over FDIC's procurement process and to
minimize the potential for erroneous charges and misallocation of charges
to the funds, we recommend that FDIC:
o reissue a formal notice to all individuals who review and
approve procurement-related transactions again reminding them of
their responsibilities to ensure that terms and conditions of the
contract are complied with or changed if appropriate and that
transactions are properly recorded; and
o require contract oversight managers to send a letter to the
appropriate contractors stating that, consistent with the contract
terms, their invoices will not be paid until all supporting
subcontractor invoices are submitted to FDIC for review.
FDIC Comments and Our Evaluation
FDIC agreed with our recommendations. FDIC stated that it will issue
another memorandum to all division and office directors and oversight
managers restating their responsibilities, including the responsibility to
ensure all required supporting documentation are provided and reviewed
before approving payment. Additionally, FDIC stated that the memorandum
will instruct the oversight managers to issue "invoice rejection letters"
to contractors if contractors submit invoices without appropriate
supporting documentation, including subcontractor invoices. The "invoice
rejection letter" will inform the contractor that the invoice will not be
paid until a proper invoice is received, reviewed and approved by the
FDIC. FDIC stated that it will issue the memorandum to oversight managers
by July 17, 2006. We will evaluate the effectiveness of FDIC's actions
during our 2006 financial audit.
Supplemental Payment System
During our testing of operating expenses, we identified a deficiency in
the compensating controls FDIC put in place to allocate certain expenses
processed by the Supplemental Payment System (SPS) among the funds. This
deficiency resulted in incorrect expense charges to the three funds in
2005. GAO's Standards for Internal Control in the Federal Government
requires agencies to implement internal control procedures to ensure the
accurate and timely recording of transactions and events. In addition,
these standards require that qualified and continuous supervision be
provided to ensure that internal control objectives are achieved.
FDIC uses the SPS to record and process supplemental employee payments
such as relocation payments, commuter reimbursements, travel expenses, and
employment buyouts. SPS also determines the applicable withholding taxes
on supplemental employee payments; prevents FDIC from over withholding
certain payroll taxes (e.g., social security and Medicare); accumulates
supplemental payments made to each employee into one supplemental W-2; and
generates this W-2 separately from the W-2 that the National Finance
Center processes to cover its payroll-related payments. In implementing
its new accounting system in May 2005, FDIC decided that it was not cost
beneficial to customize SPS for automatic allocation of the tax expense
processed within it to the three funds; to compensate, FDIC requires that
manual journal entries be created by FDIC personnel and entered into the
accounting system to allocate the SPS processed tax related charges among
the funds.
In testing transactions from SPS as part of our overall operating expense
sample testing, we identified a $1,839 transaction related to the tax
portion of an employee's relocation payment that was charged entirely to
BIF, but which should have been allocated to BIF, SAIF, and FRF.
Subsequent follow-up related to this transaction revealed that manual
journal entries routinely prepared to allocate the SPS processed tax
related transactions omitted three accounts. For 2005, these omissions
resulted and $84,241, respectively for expenses processed through SPS.
These errors were nocorrected in 2005. Going forward, FDIC officials
stated that the corporation will manually allocate tax expenses from these
three accounts to ensure the funds arebeing charged for appropriate costs.
R
T
Supplemental Payment System, we recommend that FDIC review all of the
general ledger accounts within the new accounting system that are
processed through SPS tensure that they are properly allocated to the
appropriate funds.
F
F
it has already reviewed the accounts processed through the SPS and
confirmed that there are no other affected accounts. Going forward, FDIC
stated that it will ensure these expenses are allocated appropriately. We
will evaluate the effectiveness of FDIC's actions during our 2006
financial audit.
R
D
deficiencies in the mailroom operation of its Dallas field office that
increased the risk of theft, loss, or misappropriation of receipts. GAO's
Standards for Internal Control in the Federal Government requires agencies
to establish physical control to secure and safeguard vulnerable assets.
Examples include security for, and limited access to, assets such as cash,
securities, inventories, and equipment that might be vulnerable to risk of
loss or unauthorized use.
T
receipts for receivership activities. These receipts generally consist of
loan repayments from debtors of failed financial institutions. For
calendar year 2mailroom of the Dallas field office processed 2,051 checks
totaling approximately $19million.
In
the following deficiencies:
o
door was comprised of two half doors, with only the bottom half
being closed anlocked while the top half was left open. We
observed several people bypassing the special access badge reader
by reaching over the top of the bottom locked door and opening it
using the inside handle.
o
two contractor employees concurrently opened mail in the Dallas
mailroom, we observed that they were not following the dual
control procedure which calls forThe mailroom staff logged in all
checks at one time after
Standard Operating Procedures.
o
of assets. Recomme
To improve its physic
re
o instruct its contractor
o close both half doors so that access can only be made by
authorized personnusing the access card;
o require personnel to open official FDIC mail under dual
control; and log check receipts into t
extraction rather than at the completion of the mail-opening
process.
FDIC Comments and Our Evaluation
FDIC agreed with our recommendations. at it had already taken action to
address
th
31, 2006 o the mail room door can only be opened by authorized personnel
using their access card;
o both half doors have been closed and secured so that access can
only be made by authorized personnel using their access cards;
o it has defined "dual control" in its mail opening policy to
ensure that at least one employee or contractor oversees another
employee or contractor when opening official FDIC mail. As an
internal control, perio
dic observation for compliance isconducted by the oversight
manager via a monitoring camera that can be viewed the security
area; and the oversight manager has instructed mailroom
contractors to log checks into the daily check log immediately at
the time of their extraction rather than at the completion of the
mail
opening process. will evaluate the effectiveness of FDIC's actions
during our 2006 financial au
T
his report contains recommendations to you. We would appreciate receiving
a description and status of your corrective actions within 30 days of the
date of this
le
tter.
T
Enclosure I Comments from the Federal Deposit Insurance Corporation
Enclosure
Acknowledgments
The following individuals made major contributions to this report: Gloria
Cano, Gary Chupka, Julia Duquette, Wing Lam, Rich
GAO's Mission
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony
The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( www.gao.gov ). Each weekday, GAO posts newly
released reports, testimony, and correspondence on its Web site. To have
GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061
To Report Fraud, Waste, and Abuse in Federal Programs
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470
Congressional Relations
Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
D.C. 20548
Public Affairs
Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 U.S.
Government Accountability Office, 441 G Street NW, Room 7149 Washington,
D.C. 20548
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
*** End of document. ***