FROM DOC_DB.DOCUMENT D, DOC_DB.REPORTS R, DOC_DB.BACKGROUND B
						 *
ERROR at line 2:
ORA-00942: table or view does not exist 

-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-06-772R	

TITLE:     Management Report: Opportunities for Improvements in FDIC's
Internal Controls and Accounting Procedures

DATE:   07/11/2006 
				                                                                         
----------------------------------------------------------------- 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-06-772R

     

     * PDF6-Ordering Information.pdf
          * Order by Mail or Phone

July 11, 2006

Mr. Steven O. App

Deputy to the Chairman and Chief Financial Officer

Federal Deposit Insurance Corporation

Subject: Management Report: Opportunities for Improvements in FDIC's
Internal Controls and Accounting Procedures

Dear Mr. App:

In March 2006, we issued our opinions on the calendar year 2005 financial
statements of the Bank Insurance Fund (BIF), the Savings Association
Insurance Fund (SAIF), and the FSLIC Resolution Fund (FRF). We also issued
our opinion on the effectiveness of the Federal Deposit Insurance
Corporation's (FDIC) internal control over financial reporting (including
safeguarding assets) and compliance as of December 31, 2005, and our
evaluation of FDIC's compliance with significant provisions of selected
laws and regulations for the three funds for the year ended December 31,
2005.1

The purpose of this report is to discuss issues identified during our
audits of the 2005 financial statements regarding internal controls and
accounting procedures that could be improved, and to recommend actions to
address these weaknesses. Although these issues were not material in
relation to the financial statements, we believe they warrant management's
attention. We are making eight recommendations for strengthening FDIC's
internal controls and accounting procedures. We conducted our audits in
accordance with U.S. generally accepted government auditing standards.

Results in Brief

During our audits of the 2005 financial statements, we identified several
internal control issues that affected FDIC's accounting for the funds it
administers. Although

1 GAO, Financial Audit: Federal Deposit Insurance Corporation Funds' 2005
and 2004 Financial Statements, GAO-06-146 (Washington, D.C.: Mar. 2,
2006).

we do not consider them to be material weaknesses2 or reportable
conditions,3 we believe they warrant management's consideration.

Specifically, we found that FDIC:

           o  Made errors in several of its operating expense allocation
           percentages. These errors would have resulted in misstatements in
           the BIF, SAIF, and FRF financial statements.
           o  Did not detect several internal control deficiencies in its
           procurement process, two of which resulted in misstatements in the
           BIF, SAIF, and FRF financial statements, though the misstatements
           were not considered material.
           o  Did not detect allocation errors in its Supplemental Payment
           System. These errors resulted in misstatements in the BIF, SAIF,
           and FRF financial statements, though the misstatements were not
           considered material.
           o  Lacked complete control over checks in its Dallas mailroom. The
           lack of effective safeguarding control procedures increased the
           risk of theft, loss, or misappropriation of assets.

We are making eight recommendations regarding FDIC's internal controls and
accounting procedures. Implementation of these recommendations would
strengthen FDIC's conformance with the internal control standards that
federal agencies are required to follow4 and minimize the risk of future
misstatements in the three funds' financial statements.

In its comments, FDIC agreed with our recommendations and described
actions it has taken or plans to take to address the control weaknesses
described in this report. At the end of our discussion of each of the
issues in this report, we have summarized FDIC's related comments and our
evaluation.

Scope and Methodology

As part of our audits of the 2005 and 2004 financial statements of the
three funds administered by FDIC,5 we evaluated the Corporation's internal
controls and its compliance with selected provisions of laws and
regulations. We designed our audit procedures to test relevant controls,
including those for proper authorization, execution, accounting, and
reporting of transactions.

2 Material weaknesses are defined as a condition in which the design or
operation of one or more of the internal control components does not
reduce to a relatively low level the risk that misstatements caused by
error or fraud in amounts that would be material in relation to the
financial statements may occur and not be detected within a timely period
by employees in the normal course of performing their assigned functions.

3 Reportable conditions are defined as significant deficiencies in the
design or operation of internal control that could adversely affect the
entity's ability to record, process, summarize, and report financial data
consistent with the assertions of management in the financial statements.

4 GAO, Standards for Internal Control in the Federal Government,
GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999).

5 On February 8, 2006, the President signed into law the Federal Deposit
Insurance Reform Act of 2005. Among its provisions, the act calls for
merging the Bank Insurance Fund and Savings Association Insurance Fund
into a single Deposit Insurance Fund. The merger occurred on March 31,
2006.

We requested comments on a draft of this report from the FDIC Deputy to
the Chairman and Chief Financial Officer. We received written comments and
have reprinted the comments in enclosure I. Further details on our scope
and methodology are included in our report on the results of our audits of
the 2005 and 2004 financial statements, and are reproduced in enclosure
II.

Expense Allocation

During our testing of a sample of operating expense transactions, we
identified several erroneous percentages used in FDIC's expense allocation
process. These errors led to an incorrect allocation of expenses among
BIF, SAIF, and FRF. GAO's Standards for Internal Control in the Federal
Government requires agencies to implement internal control procedures to
ensure the accurate and timely recording of transactions and events. In
addition, these standards require that qualified and continuous
supervision be provided to ensure that internal control objectives are
achieved.

Operating expenses not directly attributable to BIF, SAIF, and FRF are
allocated to each fund using predetermined expense allocation percentages.
These percentages are developed during FDIC's annual corporate planning
and budget process. With its implementation of a new accounting system in
May 2005, FDIC's process for entering modifications to its expense
allocation percentages changed. Previously, the process for modifying the
allocation percentages merely required FDIC to modify information in a
table within the accounting system, which in turn automatically updated
the system; under the new accounting system, all changes to the allocation
percentages must be made via a journal entry. The general ledger manager
in the Division of Finance (DOF) is required to review and approve journal
entries for adjusting the allocation percentages along with the underlying
support.

In comparing the allocation source reports prepared by the budget office
to the actual percentages in the accounting system, we found that FDIC
used erroneous expense allocation percentages in four cases. This resulted
in an over allocation of expenses to BIF and FRF of $50,539 each, and an
under allocation to SAIF of $101,078. FDIC corrected these misallocations
in 2005 and corrected the allocation percentages for future allocations.
Although the journal entries for the allocation percentages were approved
by the general ledger manager, the review and approval process failed to
identify these errors. Per discussions with FDIC officials, these errors
were caused by the manager's inexperience with the new accounting system
and the similarity of the allocation percentages.

Recommendation

To minimize the risk of incorrect expense allocation among the funds, we
recommend that FDIC issue a formal notice to all individuals who review
and approve journal entries for the expense allocation percentages
reminding them of their responsibility to properly review proposed changes
to these percentages.

FDIC Comments and Our Evaluation

FDIC agreed with our recommendation and stated that it will reemphasize to
personnel having a general ledger manager role in the new accounting
system that one of their primary responsibilities is to properly review
all journal entries, including entries adjusting the allocation
percentages. We will evaluate the effectiveness of FDIC's actions during
our 2006 financial audit.

Procurement Process

During our 2005 financial audit, we found several internal control
deficiencies in FDIC's procurement process, two of which resulted in
incorrect charges to the funds. GAO's Standards for Internal Control in
the Federal Government requires agencies to implement internal control
procedures to ensure proper execution of transactions and events. In
addition, these standards require that qualified and continuous
supervision be provided to ensure that internal control objectives are
achieved.

Procurement is performed mainly by the Acquisition Services Branch (ASB)
within the Division of Administration. FDIC's Acquisition Policy Manual
(FDIC Circular 3700.16) provides a consolidated and uniform set of
policies and procedures for procuring goods and services on behalf of the
corporation in its corporate, receivership, and conservatorship
capacities. Generally, procurement begins when a requestor electronically
completes a Requirements Package including a Procurement Requisition.
After the requisition is approved by the requestor's division, ASB will
begin to purchase the goods and services. This purchase is generally
processed by the use of a purchase order or a contract. ASB is responsible
for entering purchase order or contract information into the accounting
system, including price, delivery information, due date, program codes,
and account codes. Once the contracted goods/services have been
received/performed, the invoices are sent to the Disbursement Operations
Unit (DOU) within DOF. DOU is responsible for date stamping, entering
information into the accounting system, and electronically routing the
invoice to the appropriate oversight manager for approval. The information
entered includes the vendor's name, invoice date, mailing address, and
invoice amount. Once the oversight manager electronically approves the
invoice, it is processed for payment.

We reviewed the procurement process from requisition through the payment
of invoices by selecting and testing samples of operating expense
transactions. In testing these transactions, we identified the following
issues:

           o  A contractor who provided various advertising services to FDIC
           billed estimated expenses for its subcontractors to FDIC while the
           contract terms specified that the invoices were to be based on
           actual incurred costs. According to the FDIC oversight manager for
           this contract, it is commercial practice for advertising companies
           to bill based on estimated costs; however, this contract was not
           amended to include the appropriate terms and conditions for
           advance payment. The contractor conducted a year-end fiscal
           closeout that included a detailed reconciliation to its
           subcontractors' invoices. Based on the reconciliation, $132,800
           was refunded to FDIC in March 2006.

           o  Two transactions for computer consulting services, valued at
           $5,446 and $84,325 respectively, were incorrectly charged solely
           to BIF instead of allocated among BIF, SAIF, and FRF. Both of
           these transactions were approved by oversight managers. After we
           brought this to FDIC's attention, we were told that many employees
           were still learning the corporation's new accounting system.
           Accordingly, these errors were caused by the oversight managers'
           lack of experience with the new system. As a result of these
           errors, BIF was overcharged $15,278, and SAIF and FRF were
           undercharged $12,582 and $2,696, respectively.

           o  An approved procurement-related transaction for $122,878 was
           incorrectly charged to a wrong purchase order. According to FDIC,
           this incorrect charge was due to the related oversight manager
           being newly assigned to this particular contract and all purchase
           order numbers having changed due to the implementation of the new
           accounting system. Because both the original purchase order and
           the incorrectly charged purchase order have the same allocation
           fund expense percentages, there was no dollar impact on the funds.

           o  A $30,432 payment to a contractor for computer-related services
           was approved without verification of related subcontractor
           charges. The supporting subcontractor invoices were not readily
           available for review because they were not submitted with the
           prime contractor's monthly invoice, even though the contract
           required all subcontractor invoices to be submitted with the
           monthly invoice. After we requested that FDIC obtain the related
           subcontractor's invoices, we found that the related charges were
           correct.

           In our 2004 financial audit, we found the same type of control
           issue but with negative consequences. FDIC was overcharged nearly
           $33,000 because this same contractor did not furnish related
           subcontractor invoices to FDIC, and FDIC personnel were not
           verifying the subcontractor charges. In response to this finding,
           FDIC issued a memorandum in May 2005, reminding oversight managers
           of their critical responsibility for reviewing and approving
           contractor invoices. Nonetheless, the transaction we tested in
           2005 was reviewed and approved by the oversight manager in July
           2005, and again the oversight manager failed to follow FDIC's
           policies and procedures to obtain subcontractor's invoices to
           verify charges prior to payment.

Recommendations

To improve internal controls over FDIC's procurement process and to
minimize the potential for erroneous charges and misallocation of charges
to the funds, we recommend that FDIC:

           o  reissue a formal notice to all individuals who review and
           approve procurement-related transactions again reminding them of
           their responsibilities to ensure that terms and conditions of the
           contract are complied with or changed if appropriate and that
           transactions are properly recorded; and
           o  require contract oversight managers to send a letter to the
           appropriate contractors stating that, consistent with the contract
           terms, their invoices will not be paid until all supporting
           subcontractor invoices are submitted to FDIC for review.

FDIC Comments and Our Evaluation

FDIC agreed with our recommendations. FDIC stated that it will issue
another memorandum to all division and office directors and oversight
managers restating their responsibilities, including the responsibility to
ensure all required supporting documentation are provided and reviewed
before approving payment. Additionally, FDIC stated that the memorandum
will instruct the oversight managers to issue "invoice rejection letters"
to contractors if contractors submit invoices without appropriate
supporting documentation, including subcontractor invoices. The "invoice
rejection letter" will inform the contractor that the invoice will not be
paid until a proper invoice is received, reviewed and approved by the
FDIC. FDIC stated that it will issue the memorandum to oversight managers
by July 17, 2006. We will evaluate the effectiveness of FDIC's actions
during our 2006 financial audit.

Supplemental Payment System

During our testing of operating expenses, we identified a deficiency in
the compensating controls FDIC put in place to allocate certain expenses
processed by the Supplemental Payment System (SPS) among the funds. This
deficiency resulted in incorrect expense charges to the three funds in
2005. GAO's Standards for Internal Control in the Federal Government
requires agencies to implement internal control procedures to ensure the
accurate and timely recording of transactions and events. In addition,
these standards require that qualified and continuous supervision be
provided to ensure that internal control objectives are achieved.

FDIC uses the SPS to record and process supplemental employee payments
such as relocation payments, commuter reimbursements, travel expenses, and
employment buyouts. SPS also determines the applicable withholding taxes
on supplemental employee payments; prevents FDIC from over withholding
certain payroll taxes (e.g., social security and Medicare); accumulates
supplemental payments made to each employee into one supplemental W-2; and
generates this W-2 separately from the W-2 that the National Finance
Center processes to cover its payroll-related payments. In implementing
its new accounting system in May 2005, FDIC decided that it was not cost
beneficial to customize SPS for automatic allocation of the tax expense
processed within it to the three funds; to compensate, FDIC requires that
manual journal entries be created by FDIC personnel and entered into the
accounting system to allocate the SPS processed tax related charges among
the funds.

In testing transactions from SPS as part of our overall operating expense
sample testing, we identified a $1,839 transaction related to the tax
portion of an employee's relocation payment that was charged entirely to
BIF, but which should have been allocated to BIF, SAIF, and FRF.
Subsequent follow-up related to this transaction revealed that manual
journal entries routinely prepared to allocate the SPS processed tax
related transactions omitted three accounts. For 2005, these omissions
resulted and $84,241, respectively for expenses processed through SPS.
These errors were nocorrected in 2005. Going forward, FDIC officials
stated that the corporation will manually allocate tax expenses from these
three accounts to ensure the funds arebeing charged for appropriate costs.

R

T

Supplemental Payment System, we recommend that FDIC review all of the
general ledger accounts within the new accounting system that are
processed through SPS tensure that they are properly allocated to the
appropriate funds.

F

F

it has already reviewed the accounts processed through the SPS and
confirmed that there are no other affected accounts. Going forward, FDIC
stated that it will ensure these expenses are allocated appropriately. We
will evaluate the effectiveness of FDIC's actions during our 2006
financial audit.

R

D

deficiencies in the mailroom operation of its Dallas field office that
increased the risk of theft, loss, or misappropriation of receipts. GAO's
Standards for Internal Control in the Federal Government requires agencies
to establish physical control to secure and safeguard vulnerable assets.
Examples include security for, and limited access to, assets such as cash,
securities, inventories, and equipment that might be vulnerable to risk of
loss or unauthorized use.

T

receipts for receivership activities. These receipts generally consist of
loan repayments from debtors of failed financial institutions. For
calendar year 2mailroom of the Dallas field office processed 2,051 checks
totaling approximately $19million.

In

the following deficiencies:

o

           door was comprised of two half doors, with only the bottom half
           being closed anlocked while the top half was left open. We
           observed several people bypassing the special access badge reader
           by reaching over the top of the bottom locked door and opening it
           using the inside handle.

           o

           two contractor employees concurrently opened mail in the Dallas
           mailroom, we observed that they were not following the dual
           control procedure which calls forThe mailroom staff logged in all
           checks at one time after
           Standard Operating Procedures.

           o

of assets. Recomme

To improve its physic

re

o  instruct its contractor

           o  close both half doors so that access can only be made by
           authorized personnusing the access card;
           o  require personnel to open official FDIC mail under dual
           control; and log check receipts into t
           extraction rather than at the completion of the mail-opening
           process.
           FDIC Comments and Our Evaluation

FDIC agreed with our recommendations. at it had already taken action to
address

th

31, 2006  o  the mail room door can only be opened by authorized personnel
using their access card;

           o  both half doors have been closed and secured so that access can
           only be made by authorized personnel using their access cards;
           o  it has defined "dual control" in its mail opening policy to
           ensure that at least one employee or contractor oversees another
           employee or contractor when opening official FDIC mail. As an
           internal control, perio
           dic observation for compliance isconducted by the oversight
           manager via a monitoring camera that can be viewed the security
           area; and the oversight manager has instructed mailroom
           contractors to log checks into the daily check log immediately at
           the time of their extraction rather than at the completion of the
           mail
           opening process. will evaluate the effectiveness of FDIC's actions
           during our 2006 financial au

           T

his report contains recommendations to you. We would appreciate receiving
a description and status of your corrective actions within 30 days of the
date of this

le

tter.

T

Enclosure I Comments from the Federal Deposit Insurance Corporation

Enclosure

Acknowledgments

The following individuals made major contributions to this report: Gloria
Cano, Gary Chupka, Julia Duquette, Wing Lam, Rich

GAO's Mission

The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( www.gao.gov ). Each weekday, GAO posts newly
released reports, testimony, and correspondence on its Web site. To have
GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

To Report Fraud, Waste, and Abuse in Federal Programs

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: [email protected]
Automated answering system: (800) 424-5454 or (202) 512-7470

Congressional Relations

Gloria Jarmon, Managing Director, [email protected] (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
D.C. 20548

Public Affairs

Paul Anderson, Managing Director, [email protected] (202) 512-4800 U.S.
Government Accountability Office, 441 G Street NW, Room 7149 Washington,
D.C. 20548

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
*** End of document. ***