Federal Deposit Insurance Corporation: Human Capital and Risk	 
Assessment Programs Appear Sound, but Evaluations of Their	 
Effectiveness Should Be Improved (15-FEB-07, GAO-07-255).	 
                                                                 
The Federal Deposit Insurance Reform Conforming Amendments Act of
2005 requires GAO to report on the effectiveness of Federal	 
Deposit Insurance Corporation's (FDIC) organizational structure  
and internal controls. GAO reviewed (1) mechanisms the board of  
directors uses to oversee the agency, (2) FDIC's human capital	 
strategies and how its training initiatives are evaluated, and	 
(3) FDIC's process for monitoring and assessing risks to the	 
banking industry and the deposit insurance fund, including its	 
oversight and evaluation. To answer these objectives, GAO	 
analyzed FDIC documents, reviewed recommended practices and GAO  
guidance, conducted interviews with FDIC officials and board	 
members, and conducted site visits to FDIC regional and field	 
offices in three states.					 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-07-255 					        
    ACCNO:   A65964						        
  TITLE:     Federal Deposit Insurance Corporation: Human Capital and 
Risk Assessment Programs Appear Sound, but Evaluations of Their  
Effectiveness Should Be Improved				 
     DATE:   02/15/2007 
  SUBJECT:   Corporate audits					 
	     Deposit funds					 
	     Employee training					 
	     Federal corporations				 
	     Human capital management				 
	     Human capital planning				 
	     Internal controls					 
	     Lending institutions				 
	     Performance measures				 
	     Program evaluation 				 
	     Risk assessment					 
	     Strategic planning 				 
	     Program goals or objectives			 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-07-255

   

     * [1]Results in Brief
     * [2]Background

          * [3]FDIC's Mission and Structure
          * [4]Changes in the Size of FDIC's Workforce

     * [5]Board Oversight Accomplished through Communication and Infor

          * [6]A Variety of Perspectives and Interaction with FDIC Manageme
          * [7]Standing Committees Conduct Certain Oversight Functions to A
          * [8]Formal Procedures and Periodic Reviews Help Ensure Appropria

     * [9]FDIC's Integrated Approach to Addressing Human Capital Issue

          * [10]FDIC Has Taken a Number of Actions to Strengthen Its Human C

               * [11]Human Resources Committee
               * [12]Corporate University
               * [13]Human Capital Blueprint

          * [14]FDIC Created the Corporate Employee Program to Provide a Cap
          * [15]FDIC Has Additional Human Capital Initiatives to Address Lea
          * [16]Corporate University Evaluates All Training Programs, but It

     * [17]FDIC Has an Extensive Risk Assessment System and Contingency

          * [18]To Assess and Monitor Risk, FDIC Combines Supervision of Ind

               * [19]Individual Institution Examinations are FDIC's Front
                 Line fo
               * [20]Broad Assessment and Monitoring is the Second Part of
                 FDIC's

                    * [21]Regional Risk Committees
                    * [22]National Risk Committee
                    * [23]Risk Analysis Center
                    * [24]Division of Insurance and Research
                    * [25]Financial Risk Committee

          * [26]FDIC Has Broad Plans and Specific Strategies for Handling an
          * [27]FDIC Reviews Some of Its Risk Assessment Activities, but Som

     * [28]Conclusions
     * [29]Recommendations for Executive Action
     * [30]Agency Comments and Our Evaluation
     * [31]GAO Contact
     * [32]Staff Acknowledgments
     * [33]GAO's Mission
     * [34]Obtaining Copies of GAO Reports and Testimony

          * [35]Order by Mail or Phone

     * [36]To Report Fraud, Waste, and Abuse in Federal Programs
     * [37]Congressional Relations
     * [38]Public Affairs

Report to Congressional Committees

United States Government Accountability Office

GAO

February 2007

FEDERAL DEPOSIT INSURANCE CORPORATION

Human Capital and Risk Assessment Programs Appear Sound, but Evaluations
of Their Effectiveness Should Be Improved

GAO-07-255

Contents

Letter 1

Results in Brief 3
Background 6
Board Oversight Accomplished through Communication and Information
Channels, Committees, and Delegations of Authority 12
FDIC's Integrated Approach to Addressing Human Capital Issues Has Produced
Key Initiatives, but the Agency Has Not Developed Outcome-Based
Performance Measures 21
FDIC Has an Extensive Risk Assessment System and Contingency Plans for
Bank Failures, but It Has Not Comprehensively or Routinely Evaluated Them
38
Conclusions 56
Recommendations for Executive Action 58
Agency Comments and Our Evaluation 58
Appendix I Objectives, Scope, and Methodology 60
Appendix II Comments from the Federal Deposit Insurance Corporation 64
Appendix III GAO Contact and Staff Acknowledgments 66

Figures

Figure 1: FDIC Organizational Chart 9
Figure 2: Number of FDIC Employees, 1991 - 2006 11
Figure 3: FDIC's Human Resources Committee Organizational Chart 23
Figure 4: FDIC's Human Capital Blueprint 26
Figure 5: FDIC's Risk Assessment and Monitoring Process 42

Abbreviations

CAMELS Capital, Asset quality, Management, Earnings, Liquidity, and
Sensitivity to market risk
CFO Act Chief Financial Officers Act of 1990
CHCO Chief Human Capital Officer
COSO Committee of Sponsoring Organizations of the Treadway Commission
CPDF Central Personnel Data File
CU Corporate University
DIR Division of Insurance and Research
DIT Division of Information and Technology
DOA Division of Administration
DOF Division of Finance
DRR Division of Resolutions and Receiverships
DSC Division of Supervision and Consumer Protection
FDIA Federal Deposit Insurance Act
FDIC Federal Deposit Insurance Corporation
HRC Human Resources Committee
MBA Masters in Business Administration
MERIT Maximum Efficiency, Risk-focused, Institution-Targeted examinations
NCUA National Credit Union Administration
RTC Resolution Trust Corporation
RAC Risk Analysis Center
Reform Act Federal Deposit Insurance Reform Act of 2005
SCOR Statistical CAMELS Off-site Rating system

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

United States Government Accountability Office

Washington, DC 20548

February 15, 2007

The Honorable Christopher J. Dodd
Chairman
The Honorable Richard C. Shelby
Ranking Member
Committee on Banking, Housing, and Urban Affairs
United States Senate

The Honorable Barney Frank
Chairman
The Honorable Spencer Bachus
Ranking Member
Committee on Financial Services
House of Representatives

In recent years, the U.S. banking industry has become more complex, both
through an increased diversity and sophistication of products and
activities as well as through growth in globalization of operations. At
the same time, industry consolidation has sharply reduced the number of
institutions and concentrated assets in a small number of large financial
institutions. Among commercial banks for example, as of September 2006,
just 1.2 percent of some 7,450 institutions now hold 76.4 percent of all
assets; similarly, 3.9 percent of all thrifts hold 75.7 percent of all
assets. This concentration of assets means an increased probability that a
single large bank or thrift failure could potentially overwhelm the
deposit insurance fund.

Against this backdrop, Congress recently granted the Federal Deposit
Insurance Corporation (FDIC)--the guarantor of over $4 trillion in
deposits in the nation's banks and thrift institutions--broad new powers
for managing its insurance fund. In February 2006, the President signed
the Federal Deposit Insurance Reform Act of 2005 (Reform Act),^1 which
amended the Federal Deposit Insurance Act (FDIA),^2 to expand FDIC's
authority to price its insurance according to the risk a particular
institution presents to the fund. Today FDIC has a much smaller workforce
than it did when it handled the banking crisis of the late 1980s and early
1990s. As of June 2006, FDIC has reduced its workforce by about 80 percent
since 1991. However, FDIC has adopted and is implementing strategies to
reduce the impact of a smaller workforce. Further, the banking industry
has been remarkably healthy, recording strong earnings and not
experiencing a single failure between June 2004 and January 2007. However,
FDIC must be prepared to respond to future situations in which the banking
environment may be more volatile and uncertain.

^1Pub. L. No. 109-171, Title II, Subtitle B, 120 Stat. 4, 9-21 (2006).

^2Act of September 21, 1950, ch. 967, 64 Stat. 881 (codified, as amended,
in various sections of Title 12 of the United States Code).

This report responds to the mandate included in the Federal Deposit
Insurance Reform Conforming Amendments Act of 2005 requiring the
Comptroller General to report on the effectiveness of FDIC's
organizational structure and internal controls.^3 Specifically, this
report examines: (1) mechanisms used by the FDIC board of directors to
oversee and manage the agency; (2) FDIC's human capital strategies and how
training and development programs are evaluated; and (3) FDIC's process
for monitoring and assessing risks to the industry and the deposit
insurance fund and how that process is overseen and evaluated.

To respond to these objectives, we analyzed agency data and documents, and
identified and reviewed recommended practices on board management and
oversight, human capital and workforce planning, risk management, and
internal controls through a review of management literature and our
guidance.^4 We also interviewed members of FDIC's Human Resources
Committee, senior managers in FDIC's three main business lines--the
Divisions of Insurance and Research, Resolutions and Receiverships, and
Supervision and Consumer Protection, and senior staff in other FDIC
divisions, such as Corporate University and the Division of Finance. We
also met with senior agency executives--such as the Chief Operating
Officer, Chief Financial Officer, and Acting General Counsel--to obtain
their views on board oversight, human capital, and risk management issues.
To obtain more information on how FDIC's board manages and oversees the
agency, we conducted interviews with members of FDIC's current board of
directors, their deputies, and the board's Audit Committee members using
the same set of questions with all interview participants. To obtain
independent views from board members, we met with each board member
separately; each board member's deputies or other senior staff also
participated in the interviews. We also interviewed academicians and
industry observers to obtain their views on management practices at
organizations overseen by boards of directors. In addition, we conducted
site visits at FDIC regional and field offices in three states
(California, Georgia, and Texas) to obtain more in-depth information on
the FDIC board of directors' management and oversight responsibilities;
issues related to human capital, workforce planning, and training and
development; FDIC's methods for identifying, assessing, and monitoring
risk; and FDIC's methods of evaluating its progress toward meeting agency
goals. At these locations, we conducted interviews with division managers,
division staff, case managers, and financial institution examiners using
the same set of questions for each interview session. We met with field
office employee groups separately from regional office managers. We
conducted our work in the previously mentioned three states and
Washington, D.C., from May 2006 through January 2007 in accordance with
generally accepted government auditing standards. Appendix I provides a
detailed description of our objectives, scope, and methodology.

^3Pub. L. No. 109-173, S 6, 119 Stat. 3601, 3607 (2006). The Federal
Deposit Insurance Reform Conforming Amendments Act of 2005, which was
signed into law on February 15, 2006, contains necessary technical and
conforming changes to implement deposit insurance reform, as well as a
number of study and survey requirements.

^4Some of our key guidance includes GAO, A Model of Strategic Human
Capital Management, [39]GAO-02-373SP (Washington, D.C.: March 2002); GAO,
Human Capital: A Guide for Assessing Strategic Training and Development
Efforts in the Federal Government, [40]GAO-04-546G (Washington, D.C.:
March 2004); and GAO, Standards for Internal Control in the Federal
Government, [41]GAO/AIMD-00-21 .3.1 (Washington, D.C.: November 1999).

Results in Brief

FDIC's board of directors uses its diverse perspectives, communication
with FDIC management, standing committees, and documented delegations of
authority to assist the board in making informed decisions and managing
the agency. The composition of FDIC's board of directors reflects a range
of knowledge and perspectives that contribute to discussions and decisions
regarding important agency matters. Also, FDIC board members told us that
ongoing communication with their deputies and senior managers within FDIC
helps them stay abreast of pertinent issues and helps ensure that the
board has timely and useful information to aid in its decision making.
Although board members agreed that the board functions best when it has a
full complement of members, FDIC officials said that occasional board
vacancies did not affect the board's ability to make decisions and did not
negatively affect the agency's operations. FDIC's board of directors has
also established four standing committees to conduct various oversight
functions that assist it in managing the agency. For example, one of the
standing committees, the audit committee, reviews certain audit reports
and ensures that any recommendations are appropriately implemented.
Although management of FDIC rests with its board of directors, the board
delegates authority to FDIC divisions or officers for certain decisions so
that it can focus on policy issues and not be overwhelmed with daily
operational issues. FDIC has procedures for issuing and revising
delegations of authority and has reviewed specific delegations on various
occasions, for example, to clarify language or upon request by a board
member. These formal procedures for issuing and revising delegations and
FDIC's various reviews of its delegations of authority help ensure that
delegations remain appropriate for the agency and the banking environment.

FDIC has taken steps to institutionalize elements of its human capital
framework and uses an integrated approach to develop its human capital
strategies, but the agency could improve how it measures the effectiveness
of significant initiatives, such as developing new employees.
Interdivisional representation--whereby senior executives from major FDIC
divisions and managers and staff from support divisions collaborate on
human capital issues--is a key component of FDIC's human capital framework
and has resulted in the development of key human capital initiatives, such
as certifications to enhance employees' expertise in certain areas, to
address its human capital goals. FDIC also developed the Corporate
Employee Program to cross train new employees in multiple divisions, so
they can be reassigned to other divisions in the event of an unexpected
change in workload priorities. FDIC staff in the regional and field
offices we visited said the program was a good idea, but they had concerns
that the cross-training aspects would further delay the ability of new
employees to contribute to mission critical functions. FDIC headquarters
officials stated that the program is new, but they nonetheless believe the
Corporate Employee Program helps prepare a more capable workforce.
Differences of opinion between management and employees on the benefits of
a new initiative are likely to occur when agencies undergo significant
change, which underscores the importance of measuring and communicating
the benefits of new initiatives to employees at all levels. Our work on
human capital strategic planning states that human capital practices
should be assessed by how well they help the agency pursue its mission and
goals. FDIC's Corporate University conducts evaluations of FDIC's training
and development programs and is implementing a "scorecard" that will
measure its progress toward meeting the agency's overall human
capital-related goals. While the scorecard currently includes an output
performance measure for the Corporate Employee Program, FDIC officials
said they were hoping to develop outcome-based performance measures for
the Corporate University scorecard and in particular for key human capital
initiatives, but they had not yet done so.

FDIC has an extensive system for assessing external risk, and it has
developed contingency plans for handling the greatest dangers to the
deposit insurance fund, but our review of how FDIC evaluates and monitors
its risk assessment activities identified some weaknesses. To assess and
monitor risk, FDIC takes a two-fold approach-- supervision of individual
institutions, coupled with research and analysis of trends and
developments affecting the health of banks and thrifts generally. Looking
toward any future downturn, FDIC has drawn both broad plans and specific
strategies for handling a significant increase in troubled or failed
institutions. The heart of these efforts is a three-part strategy relying
on: rotating cross-trained employees into priority duties as necessary,
recalling FDIC retirees for temporary duty, and hiring contractors to
handle overflow work. A well-designed and implemented risk management
process should include continuous monitoring and evaluation that is woven
into ongoing operations. While FDIC has evaluated some of its risk
assessment plans and programs, most of the evaluations we reviewed were
not done routinely or comprehensively. For example, some of the
simulations of bank failures were either out of date or did not follow
FDIC's guidance on planning for bank failures. Furthermore, a good
internal control environment requires that the agency's organizational
structure clearly define key areas of authority and responsibility. Our
review of FDIC's risk management framework found that it does not clearly
define how it will oversee evaluation and monitoring of its risk
activities. Clearly defining how it will monitor and evaluate its risk
activities could assist FDIC in addressing or preventing weaknesses in its
evaluations.

This report includes two recommendations related to human capital and risk
management for the Chairman of FDIC's board of directors. To ensure that
FDIC can measure the contribution that its human capital initiatives make
toward achieving agency goals, we recommend that FDIC take steps to
identify meaningful, outcome-based performance measures to include in the
development of its scorecard and communicate available performance results
to all FDIC employees. At a minimum, identifying outcome-based performance
measures will ensure that FDIC can begin collecting appropriate
information that will help in determining whether key training and
development programs, such as the Corporate Employee Program, assist the
agency to achieve its mission and goals. To strengthen the oversight of
its risk management framework, we also recommend that FDIC develop
policies and procedures that clearly define how it will systematically
evaluate and monitor its risk assessment activities and ensure that
required evaluations are conducted in a comprehensive and routine fashion.

We provided a draft of this report to FDIC for review and comment. In a
letter reprinted in appendix II, FDIC agreed with our recommendations.
FDIC specifically recognized the importance of developing outcome-based
performance measures to determine the effectiveness of its key training
and development programs and stated that it planned to conduct evaluations
of certain training and development initiatives, including the Corporate
Employee Program, that will include outcome-based measures. FDIC also
recognized the benefits of reviewing its risk assessment activities to
ensure they are comprehensive, appropriate, and fully evaluated and stated
that it has assembled a committee to perform an in-depth review of its
current risk assessment activities and evaluation procedures. The
committee will make recommendations for strengthening the agency's risk
assessment framework, and FDIC executive management will establish a plan
for implementing the committee's recommendations. FDIC also provided
technical comments that we incorporated as appropriate.

Background

FDIC's Mission and Structure

FDIC was created in 1933 in response to the thousands of bank failures
that occurred in the 1920s and early 1930s. FDIC's mission is to maintain
the stability and public confidence in the U.S. financial system by
insuring depositor accounts in banks and thrifts, examining and
supervising financial institutions, and managing receiverships.^5
Currently, FDIC insures individual accounts at insured institutions for up
to $100,000 per depositor and up to $250,000 for certain retirement
accounts.^6 FDIC says that since the start of its insurance coverage in
January 1934, depositors have not lost any insured funds to a bank
failure. Today, FDIC's obligations are considerable--as of September 2006,
8,743 insured U.S. institutions held $6.47 trillion in domestic deposits,
of which an estimated 63.2 percent, or $4.09 trillion, were insured. To
protect depositors, FDIC held insurance reserves of $50 billion, as of
September 2006.

^5FDIC insures only deposits and certain retirement accounts at banks and
thrifts. 12 U.S.C. S 1821. FDIC does not insure securities, mutual funds,
or similar types of investments that banks and thrifts may offer.

FDIC directly supervises about 5,237 banks and thrifts, more than half of
the institutions in a banking system jointly overseen by four federal
regulators.^7 By assets, however, FDIC-supervised institutions account for
only 18.1 percent of the industry. Banks and thrifts can receive charters
from the states or from the federal government; state-chartered banks may
elect to join the Federal Reserve System. FDIC's role as the primary
federal regulator is for banks chartered by the states that are not
members of the Federal Reserve System. In addition, FDIC is the back-up
supervisor for insured banks and thrift institutions that are either
state-chartered institutions or are under the direct supervision of one of
the other federal banking regulators. FDIC receives no congressional
appropriations; it receives funds from premiums that banks and thrift
institutions pay for deposit insurance coverage and from earnings on
investments in U.S. Treasury securities.

FDIC's five board members (known as directors) manage the agency. FDIC's
chairman manages and directs the daily executive and administrative
operations of the agency. The chairman also has the general powers and
duties that the chief executive officer for a private corporation usually
has, even though FDIC is a federal government agency. Executive and senior
FDIC staff report to the chairman directly or indirectly through the
Deputy to the Chairman and Chief Operating Officer, or the Deputy to the
Chairman and Chief Financial Officer; no other board director has similar
authority or responsibility within the agency. The President appoints
three of the members, two of whom he designates as the board's chairman
and vice chairman. The other two members, the Comptroller of the Currency
and the Director of the Office of Thrift Supervision, serve as ex-officio
board members.^8 The three members directly appointed to FDIC's board are
often referred to as inside board directors, while the other two are
referred to as outside board directors.

^6See FDIA S 11 (codified as amended at 12 U.S.C. S 1821). Section 2103 of
the Reform Act amended section 11 to authorize FDIC and the National
Credit Union Administration (NCUA), beginning in 2010 and every 5 years
thereafter, to jointly consider adjustments to the insurance coverage
limits and share insurance coverage limits based on the rate of inflation.
NCUA is the federal agency that charters and supervises federal credit
unions and insures savings (termed member shares) in federal and most
state-chartered credit unions through the National Credit Union Share
Insurance Fund. Share insurance is similar to the deposit insurance
protection offered by FDIC.

^7In addition to FDIC, the other three federal banking regulators are: the
Board of Governors of the Federal Reserve System, the Office of the
Comptroller of the Currency, and the Office of Thrift Supervision. For the
purposes of this report, the term "banking system" excludes credit unions.

FDIC operates principally through three divisions:

           o the Division of Supervision and Consumer Protection, which
           supervises insured institutions and is responsible for promoting
           compliance with consumer protection, fair lending, community
           reinvestment, civil rights, and other laws;
           o the Division of Insurance and Research, which assesses risks to
           the insurance fund, manages FDIC's risk-related premium system,
           conducts banking research, publishes banking data and statistics,
           analyzes policy alternatives, and advises the board of directors
           and others in the agency; and
           o the Division of Resolutions and Receiverships, which handles
           closure and liquidation of failed institutions.

           Other divisions include the Division of Administration, the
           Division of Finance, the Legal Division, and the Division of
           Information Technology (see fig. 1). FDIC currently employs about
           4,500 people throughout 6 regional offices, 2 area offices, and 85
           field offices that are geographically dispersed, with centralized
           operations in Washington, D.C.

^8These outside directors are also appointed by the President, but in
their capacities as the Comptroller of the Currency and Director of the
Office of Thrift Supervision, not in their capacities as FDIC board
members.

Figure 1: FDIC Organizational Chart

Note: This figure is intended to be a simplified version of FDIC's
organizational chart. Some offices and positions are intentionally
excluded.

Changes in the Size of FDIC's Workforce

Following the resolution of the banking crisis of the 1980s and early
1990s, FDIC significantly reduced its workforce--down by about 80 percent,
from a peak of about 23,000 employees in 1991 to about 4,500 employees as
of June 2006.^9 This trend is illustrated in figure 2. A significant
portion of the reductions were staff in FDIC absorbed from the former
Resolution Trust Corporation (RTC).^10

9For background on the crisis, see Federal Deposit Insurance Corporation,
History of the Eighties--Lessons for the Future, a 1997 study prepared by
FDIC's (former) Division of Research and Statistics, available at
http://www.fdic.gov/bank/historical/history/index.html (accessed Dec.
21, 2006). The study analyzes the economic, financial, legislative, and
regulatory causes leading to the extraordinary number of failures seen in
the 1980s and early 1990s. It also evaluates responses to the crisis, and
assesses implications for deposit insurance and bank supervision in the
future.

^10The Resolution Trust Corporation (RTC) was created in 1989 upon the
enactment of the Financial Institutions Reform Recovery and Enforcement
Act to manage and dispose of the assets of insolvent thrifts. See Pub. L.
No. 101-73, S501, 103 Stat. 183, 363-93 (1989). The Resolution Trust
Corporation Completion Act, Pub. L. No. 103-204, 107 Stat. 2369 (1993)
terminated RTC, effective 1995, and transferred operations to FDIC. In
all, the RTC resolved 747 failed thrifts and disposed of more than $450
billion in failed thrift assets. For details, see Davison, L., "The
Resolution Trust Corporation and Congress, 1989-1993," FDIC Banking
Review, volume 18, number 2, 2006, available at
www.fdic.gov/bank/analytical/banking/2006sep/article2/article2.pdf
(accessed Dec. 21, 2006).

Figure 2: Number of FDIC Employees, 1991 - 2006

FDIC's downsizing generally reduced jobs across the agency, and some
occupational categories experienced sizeable reductions in staff. For
example, the attorney workforce decreased by 83 percent, from 1,452
attorneys in 1992 to 249 attorneys in 2005. The composition of FDIC's
examination staff also experienced significant change. Although there was
a 35 percent decrease in the number of examiners (from 3,305 in 1992 to
2,157 in 2005), the percentage of FDIC's workforce devoted to examinations
increased, from 15 percent in 1992 to 47 percent for 2005. Like other
federal banking regulators, FDIC is generally required to conduct
full-scope, on-site examinations of institutions it directly supervises at
least annually, although it can extend the interval to 18 months for
certain small institutions.^11

FDIC's downsizing activities also resulted in a loss of institutional
knowledge and expertise, and FDIC will have to replace a significant
percentage of its current, highly experienced executive and management
staff due to projected retirements over the next 5 years. An estimated 8
to 16 percent of FDIC's remaining permanent workforce is projected to
retire over the next 5 years. In some FDIC divisions, projected
retirements are almost double these percentages.

^11See 12 U.S.C. S 1820 (d).

Board Oversight Accomplished through Communication and Information Channels,
Committees, and Delegations of Authority

FDIC's board of directors has a mix of knowledge and skills that
contribute diverse perspectives in the board's decision making, and the
board relies on communication with deputies and senior management within
FDIC to provide timely and useful information for effective and informed
decision making. The board has also established standing committees to
conduct certain oversight functions, such as monitoring the implementation
of audit report recommendations, to help manage the agency. Further,
FDIC's board of directors has the ability to broadly delegate its
authority to allow the agency to operate efficiently.^12 These delegations
are extensive and have been reviewed periodically to ensure they are
appropriate for FDIC's current size and structure, and the current banking
environment.

A Variety of Perspectives and Interaction with FDIC Management Helps Board of
Directors Make Informed Decisions

The literature we reviewed on best practices for boards of directors
states that the composition of the board should be tailored to meet the
needs of the organization, but there should also be a mix of knowledge and
skills.^13 FDIC's board of directors reflects a mix of knowledge,
perspectives, and political affiliations; for example, FDIC's board
includes the directors of the Office of the Comptroller of the Currency
and Office of Thrift Supervision as well as a director with experience in
state bank supervision. Further, after February 28, 1993, no more than
three of the members of the board of directors could be members of the
same political party.

^12Although FDIC has broad delegation authority, there are some duties
that the board is prohibited from delegating to staff. See, e.g., 12
U.S.C. S 1815 (a) (determination to deny deposit insurance); 12 U.S.C. S
1818 (a)(9) (decision to terminate an institution's deposit insurance); 12
U.S.C. S 1818 (t)(2) and (3) (exercise of back-up enforcement authority);
12 U.S.C. S 1821 (c)(9) (decision to act as sole receiver or conservator);
12 U.S.C. S 1823 (c)(4)(G) (emergency actions taken to mitigate systemic
effects of a bank failure); 12 U.S.C. S 1823 (f)(2) (decision to override
a state's objection to the sale of assets of a failed institution to an
out-of-state institution).

^13The Conference Board, Corporate Governance Handbook 2005: Developments
in Best Practices, Compliance, and Legal Standards (New York, N.Y.: 2005).

According to FDIC board members, each director provides a different
perspective that contributes to board diversity. Additionally, officials
told us that the presence of the outside directors on the board helps to
represent the views of their respective agencies during joint rule making.
Senior FDIC officials and board directors agreed that the board functions
best with a full complement of directors. Vacancies on the board could
result in the board not benefiting from the perspectives of a full
complement of directors. Board members told us that without a full
complement, there would be fewer ideas and opinions during board
deliberations. For example, one board member stated that the possible
absence of a member with state bank supervisory experience might affect
discussions on state banks. However, FDIC board members told us that board
vacancies would not negatively affect the daily operation of the agency.

According to our standards for internal control, effective communications
should occur in a broad sense with information flowing down, across, and
up the organization.^14 The literature we reviewed related to best
practices for boards of directors suggests that boards need quality and
timely information to help them obtain a thorough understanding of
important issues. The literature states that board members should receive
information through formal channels, such as management reports and
committee meetings, and informal channels, such as phone or e-mail
discussions. ^15 FDIC directors told us that board members are fully aware
of and familiar with operations at the agency, frequently communicating
and interacting with senior management and staff on a broad range of
issues. For example, board directors told us they have regular meetings
with various division managers to discuss agency issues. We also observed
a November 2006 board meeting, where it appeared from the board members'
few questions and supportive comments to the FDIC staff that the board
members were informed of the staff's recommendations.

Directors explained that there is a free flow of information between
directors and FDIC senior management and staff as well as between
directors and the board chairman. Each director also has a deputy who
assists him or her in carrying out his or her duties and responsibilities.
With the assistance of their deputies, outside (ex-officio) directors are
able to remain engaged in pertinent issues at FDIC. The deputies also
assist directors in examining diverse policy issues of concern to the
agency, either initiated by the director, or at the request of the
chairperson. Also, FDIC management provides the bulk of information that
directors receive to make decisions. For example, FDIC management provides
briefings to board directors on various issues as well as detailed
briefing books in advance of FDIC board meetings so that directors may ask
questions or request more information to prepare to provide input and make
decisions at board meetings. In one May 2006 board meeting, we observed
FDIC staff making brief presentations to the board highlighting various
trends and factors that they considered in developing recommended action
or inaction for several agenda items. We also reviewed board meeting
agendas that outlined substantive issues considered by the board of
directors. In one example, the Director of the Division of Supervision and
Consumer Protection provided a detailed written overview of a notice of
proposed rule making informing board members weeks before the official
board meeting. Further, directors told us that informal communication with
their deputies, other board members, and senior management occurs through
phone conversations, e-mail discussions, and impromptu meetings.

^14GAO, Standards for Internal Control in the Federal Government,
[44]GAO/AIMD-00-21 .3.1 (Washington, D.C.: November 1999).

^15The Conference Board, Corporate Governance Handbook 2005: Developments
in Best Practices, Compliance, and Legal Standards (New York, N.Y.: 2005).

Standing Committees Conduct Certain Oversight Functions to Assist the Board in
Managing FDIC

FDIC's board of directors established standing committees to conduct
certain oversight functions that assist it in managing the agency. The
board provides authority to these committees to act on certain matters or
to make recommendations to the board of directors on various matters
presented to it. Currently, the board has four standing committees: (1)
Case Review Committee, (2) Supervision Appeals Review Committee, (3)
Assessment Appeals Committee, and (4) Audit Committee. Each committee is
governed by formal rules that cover areas such as membership, functions
and duties, and other process and reporting requirements such as frequency
and scope of committee meetings and, in some cases, submission of activity
reports to the board.

The Case Review Committee is comprised of six members who adopt guidelines
for taking enforcement actions against individuals, for example, to remove
an individual from participating in the affairs of an insured depository
institution. Under authority granted to it by the board of directors, this
committee also reviews and approves the initiation of certain enforcement
actions upon determination by a designated representative of the Division
of Supervision and Consumer Protection or upon request by the chair of the
committee. The Supervision Appeals Review Committee, comprised of four
members, considers and decides appeals of material supervisory
determination made by FDIC -supervised institutions; for example, an
institution may appeal a rating in its report of examination. The
Assessment Appeals Committee is a six-member committee that considers and
decides appeals regarding assessments to insured depository institutions.
As an appellate entity, the committee is responsible for making final
determinations pursuant to regulations regarding the assessment risk
classification and the assessment payment calculation of insured
depository institutions. Last, the Audit Committee is comprised of three
members who are charged with reviewing reports of completed audits and
requesting necessary follow-up on the audit recommendations. The committee
also oversees the agency's financial reporting and internal controls,
including reviewing and approving plans for compliance with the audit and
financial reporting provisions applicable to government corporations,^16
assessing the sufficiency of FDIC's internal control structure, and
ensuring compliance with applicable laws, regulations, and internal and
external audit recommendations, all for the purpose of rendering advice to
the chairman of the board of directors.

The literature we reviewed on recommended practices for boards of
directors of publicly traded corporations states that audit committees
play a critical role in the board oversight process.^17 In most publicly
traded corporations, the primary role of an audit committee of its board
of directors is oversight of the preparation and filing of financial
statements with the appropriate regulators and exchanges.^18 However
FDIC's board directors and officials told us that FDIC's Audit Committee
does not serve the same function as an audit committee of a private sector
corporation. FDIC's Audit Committee is an advisory body that, in practice,
conducts a more limited scope of duties than what is authorized in its
formal rules. Further, as stated above, FDIC is subject to certain audit
and financial reporting provisions.^19 FDIC's board has established the
position of chief financial officer as FDIC's chief financial, accounting
and budget officer. Although FDIC is not subject to title II of the Chief
Financial Officers Act of 1990 (CFO Act), which requires 24 executive
agencies to appoint chief financial officers, FDIC's chief financial
officer's duties include implementing programs consistent with the CFO
Act.^20 Thus, FDIC's Audit Committee's responsibilities do not include
oversight of the preparation and filing of financial statements and other
activities generally conducted by private sector audit committees.
Instead, FDIC's Audit Committee's primary responsibility is ensuring that
the recommendations of FDIC's Inspector General are appropriately
implemented.^21

16See 31 U.S.C. SS 9105-9106. Sections 305 and 306 of the Chief Financial
Officers Act of 1990, Pub. L. No. 101-576, 104 Stat. 2838, 2853-54,
amended 31 U.S.C. SS 9105 and 9106 generally by, among other things,
providing for audits of government corporations by the Inspector General
of the corporation, an independent auditor, or head of the corporation,
according to accepted government auditing standards; requiring reports to
congressional committees; and authorizing audits, and reviews of audits,
by the Comptroller General. Prior to the amendments audits of government
corporations were required to be conducted by the Comptroller General at
least once every three years.

^17The Conference Board, Corporate Governance Handbook 2005: Developments
in Best Practices, Compliance, and Legal Standards (New York, N.Y.: 2005).

^18Further, recent changes in federal law and stock exchange listing
standards have increased the number and scope of the responsibilities of
audit committees of publicly traded corporations. See generally, the
Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, title III, 101 Stat. 745,
775-785 (codified, as amended, in various sections of Title 15 of the U.S.
Code).

Also, section 301 of the Sarbanes Oxley Act requires audit committees of
publicly traded corporations to be composed entirely of independent
members.^22 Although FDIC is not bound by these requirements, according to
FDIC officials, Audit Committee members are considered independent of FDIC
management because they do not have direct responsibility over any FDIC
division or office. However, in one instance, FDIC revised the composition
of the Audit Committee because there was a perception of impairment to
independence. FDIC's Chief Financial Officer was a member of the Audit
Committee because this official was also a deputy to the chairman and
therefore eligible for the senior employee position on the Audit
Committee. However, FDIC thought it was inappropriate to have the Chief
Financial Officer serve on the Audit Committee because certain Audit
Committee functions--reviewing materials related to FDIC's finances, for
example--may have had the potential to conflict with the professional
interests of the Chief Financial Officer. FDIC officials stated that
interactions between FDIC's Inspector General and the Audit Committee also
help mitigate concerns about impairments to independence and conflicts of
interest.^23 For example, officials from FDIC's Office of the Inspector
General can attend Audit Committee meetings. Audit Committee members noted
that they valued the insights provided by officials from the Office of the
Inspector General because they have an opportunity to weigh in on
instances where the Audit Committee may not be able to sufficiently
distance itself in order to provide objective oversight.

^19Codified at 31 U.S.C. SS 9105-9106.

^20Title II of the CFO Act is codified, as amended, at 31 U.S.C. SS 503,
504, 901 - 903 and 3515.

^21As required by the Inspector General Act, the FDIC has an Office of
Inspector General, which is authorized to conduct and supervise audits and
investigations relating to FDIC's programs and operations. See Pub. L. No.
95-452, 92 Stat. 1101 (1978) (codified as amended at 5 U.S.C. App. 3).
Among other things, the purpose of the Inspector General Act was to create
within designated federal agencies a means for independent units to inform
the head of the agency about problems or deficiencies relating to agency
programs and operations and the necessity for corrective action. The FDIC
Inspector General reports directly to the Chairman or, if delegated by the
Chairman, the Vice Chairman.

^22Sarbanes-Oxley changed the role and authority of audit committees of
corporations subject to the federal securities laws. Under Section 301 of
the Sarbanes-Oxley Act (codified at 15 U.S.C. 78j-1), audit committees,
among other things, must be composed entirely of independent directors,
meaning that a director "may not, other than in his or her capacity as a
member of the audit committee, the board of directors, or any other board
committee (i) accept any consulting, advisory, or other compensatory fee
from the issuer; or (ii) be an affiliated person of the issuer or any
subsidiary thereof."

Formal Procedures and Periodic Reviews Help Ensure Appropriate Delegations of
Authority

FDIC's board of directors delegates much of the agency's operational
responsibilities to various committees and offices within FDIC. These
delegations allow the board to concentrate on policy matters as opposed to
daily agency operations. FDIC's current delegations of authority were
influenced by prior events that necessitated broad delegations. According
to an FDIC official, very few activities were initially delegated to FDIC
staff. However, during the banking crisis of the 1980s and early 1990s
when FDIC resolved many institutions, there were significant transfers of
authority from the board to divisional personnel. During that period, FDIC
had over 20,000 employees and the need for sweeping delegations was
appropriate for the size of the agency and the industry's conditions. The
board was overwhelmed with making decisions stemming from the agency's
increased workload and decided to delegate many routine matters to FDIC
staff. However, there are some activities that the board cannot delegate.
For example, only the board can decide to deny an application for deposit
insurance, terminate deposit insurance, or take enforcement actions using
the board's backup authority.

According to our Standards for Internal Control in the Federal Government,
conscientious management and effective internal controls are affected by
the way in which the agency delegates authority and responsibility
throughout the organization.^24 An agency's delegations should cover
authority and responsibility for operating activities, reporting
relationships, and authorization protocols. Once the board has a full
understanding of an issue, it may allow others to make decisions
concerning that issue through delegations. FDIC officials explained that
delegations of authority are documented, and there are associated
reporting requirements. Further, FDIC has procedures for issuing,
reviewing, and amending delegations of authority within FDIC divisions and
offices. Once delegations of authority have been issued by the board,
officials who are recipients of those delegations are to observe an FDIC
directive in properly redelegating their authority.^25 The February 2004
directive to all FDIC divisions and offices formalizes policies and
procedures for issuing delegations of authority throughout the agency and
applies to all delegations issued by the board as well as redelegations
and subdelegations to FDIC managers, supervisors, and other staff.

^23The statutory duties and authorities of FDIC's Inspector General are
set forth in the Inspector General Act, Pub. L. No. 95-452, 92 Stat. 1101
(1978) (codified as amended at 5 U.S.C. App. 3).

According to the directive, the headquarters division or office issuing a
delegation of authority is to prepare its delegations, including any
revisions, in coordination with FDIC's Legal Division and submit the
delegations to FDIC's executive secretary. Further, according to the
directive, the divisions are to review delegations at least once a year
for accuracy. After each review, the Executive Secretary Section of FDIC's
Legal Division is to review submitted delegations for completeness and
compile any revisions to the delegations. The Executive Secretary Section
should also track board and other FDIC management activity, for example
corporate reorganizations and title changes, to ensure that the
delegations of authority fully reflect these changes. We reviewed FDIC
documents that track delegations of authority related to the processing of
financial institution applications, for example, applications to engage in
real estate investment activities. The document indicates changes in or
clarifications of delegations of authority from existing delegation
guidance.

Furthermore, the Executive Secretary Section is to regularly monitor,
issue periodic notices, and follow up, if necessary, with senior-level
officials to ensure that all divisions and offices comply with established
procedures and deadlines for FDIC headquarters delegations of authority.
FDIC officials told us that the annual reviews required by the directive
are undertaken to assess the technical conformity and consistency of
delegations. Although the directive only requires an annual review, FDIC
officials stated that in practice, the Executive Secretary Section works
with FDIC's divisions and offices on a continuous basis to ensure
delegations are complete, consistent, and comply with standard procedures.
The officials added that divisions appreciate having a standard format for
issuing and documenting delegations.

^24 [45]GAO/AIMD-00-21 .3.1.

^25FDIC Circular 1151.2 (Feb. 5, 2004).

In addition to the periodic reviews required by the directive, FDIC has
broadly reviewed its delegations of authority on other occasions. One
broad review of its delegations occurred during 1995 to 1997, after the
banking crisis and the merger with the Resolution Trust Corporation, which
resulted in a significant reduction in staff. A corporate delegation task
force was assembled to review existing delegations, comment on them, and
make recommendations on how they could be improved. The scope of the
review was intended to encompass all aspects of FDIC's delegations, from
those governing internal management and administration to those governing
how FDIC accomplished its mission. An FDIC official noted that it was
vital that the agency have logical, well-reasoned delegations of authority
and that they be kept current, which underlined the basis of the task
force's work. FDIC's Office of the Executive Secretary (currently the
Executive Secretary Section) coordinated the review of delegations by the
board of directors and the development of recommendations for changes that
would reduce processing time, empower employees, and promote
accountability. FDIC also completed a broad review of its delegations in
2002. At the time, FDIC rescinded a series of delegations that were
previously codified in the Code of Federal Regulations in favor of
adopting a board resolution that contained a master set of delegations.
This format made modifying the delegations more efficient. During the
consolidation process, FDIC made several changes to certain delegations,
for example, delegations related to FDIC's receivership activities were
amended to streamline the process for approving receivership-related
actions.

There were also occasions that necessitated the reexamination of specific
delegations. According to a senior FDIC official, any board member has the
right to request a review of any delegated authority. The officials stated
that it is not uncommon for a newly appointed chairman to review existing
delegations of authority to ensure they are aligned with his or her vision
and management style. In one recent instance, delegations related to the
processing of industrial loan corporation applications were rescinded and
a 6 month moratorium implemented to allow the agency, upon the request of
the current chairman, the opportunity to examine developments related to
these specialized institutions.^26 Further, the official stated that FDIC
divisions and offices can request a review of their delegations of
authority. As noted earlier, technical changes to the delegations covered
by the directive, such as position titles and division names, are
typically handled between the Executive Secretary Section and the
divisions. However, officials explained that the board would be informed
of more substantive issues that would require a board vote. In most
instances, the request for a review is related to a delegation that is
outdated or needs clarification. The board reviews the request and any
relevant information and votes to amend or rescind delegations.

Although FDIC has a process for making substantive changes to delegations,
instances may arise that prompt the need for specific reviews of
delegations that are perceived as vague or ambiguous. For example, a 2006
FDIC Inspector General's report found a lack of clarity as to whether the
board could delegate the calculation of the reserve ratio to FDIC
officials.^27 According to the report, the nature, timing, and application
of a new method for estimating certain insured deposits could have had a
significant impact on the deposit insurance fund's reserve ratios. The
report concluded that the delegations to the Director of the Division of
Insurance and Research established an expectation that the Director should
communicate and advise the board on financial matters of importance to the
agency and the banking industry. However, the report found that
communication between the FDIC board and deputies on the issue of
estimated insurance deposit allocations was limited, and FDIC staff should
have more fully involved the board in the decision of whether and how to
apply a new method for estimating certain insured deposits. The report
recommended a review of the agency's existing bylaws, specifically, the
powers and duties delegated to the Chief Financial Officer and to the
Directors of the Division of Finance and the Division of Insurance and
Research, to ensure that those delegations reflect the board's intent and
expectation for the deposit insurance fund reserve ratio and assessment
determination process. The report recommended that FDIC review its
delegations related to the assessment determination process to determine
whether the delegations needed to be clarified or modified. In response to
the Inspector General's recommendations, FDIC is currently reviewing
specific delegations of authority. As of December 2006, a senior FDIC
official was in the process of preparing a proposal to present to the
Audit Committee outlining the details of the review.

^26Industrial loan corporations are state-chartered financial institutions
that emerged in the twentieth century to provide consumer credit to low
and moderate income workers who were generally unable to obtain consumer
loans from commercial banks. Over the past 10 years, these institutions
have experienced significant asset growth, and these small niche lenders
have evolved into a diverse industry. According to FDIC officials, as
these institutions grew in number and size, FDIC's board of directors
decided it wanted to review applications pertaining to the processing of
industrial loan corporations so that it would be more familiar with their
activities and be involved in related policy decisions.

^27Federal Deposit Insurance Corporation, Office of Inspector General,
FDIC Reserve Ratio and Assessment Determinations (Washington, D.C.: April
2006).

FDIC's Integrated Approach to Addressing Human Capital Issues Has Produced Key
Initiatives, but the Agency Has Not Developed Outcome-Based Performance Measures

FDIC has strengthened its human capital framework and uses an integrated
approach to align its human capital strategies with its mission and goals.
For example, interdivisional decision making, where senior executives come
together with division managers and staff from mission support divisions,
is a key component of FDIC's human capital strategy for ensuring
functional alignment of its mission critical work. Using this integrated
approach, FDIC created the Corporate Employee Program to provide a
flexible workforce and to train new employees in multiple FDIC divisions.
However, the program's effects on mission critical functions are unknown
and contributions to specific job tasks may take a number of years to
realize. FDIC's Corporate University, the agency's training and
development division, evaluates all of its training programs--including
the Corporate Employee Program--and is currently implementing a scorecard
to measure its progress toward meeting its human capital goals. The
scorecard currently includes an output performance measure for the
Corporate Employee Program; however, FDIC has not developed outcome-based
performance measures that will assist it in determining whether its key
training and development programs are effective. Without such measures,
FDIC will not be able to determine how effective its training and
development initiatives are in assisting the agency to achieve its mission
and human capital goals.

FDIC Has Taken a Number of Actions to Strengthen Its Human Capital Framework and
Align Its Human Capital Strategies with Its Mission and Goals

Effective management of human capital, where the workload can shift
dramatically depending on conditions in the economy and the banking
industry, is critical at FDIC. Therefore, FDIC has taken a number of steps
to strengthen and institutionalize certain elements of its human capital
framework. FDIC established a Human Resources Committee to help the agency
integrate human capital approaches into its overall mission planning
efforts. It also established the Corporate University, an employee
training and development division that aligns agency needs with learning
and development. Finally, in response to an FDIC Inspector General report,
the agency developed a human capital blueprint that describes the key
elements of its human capital framework.

  Human Resources Committee

FDIC established its Human Resources Committee in 2001 to integrate
strategic human capital management into the agency's planning and decision
making processes. The committee, consisting of members from several
divisions across the agency, focuses on developing and evaluating human
capital strategies with agencywide impact. The committee also coordinates
FDIC's human capital planning process. In June 2004, FDIC approved a
formal charter for the committee to ensure that future leaders and
stakeholders continue the committee's work. The committee's charter
describes its purpose, functions, responsibilities, and composition.
FDIC's Chief Human Capital Officer serves as chair of the Human Resources
Committee. FDIC appointed the Chief Human Capital Officer (CHCO) to align
the agency's human capital policies and programs to the agency's mission,
goals, and outcomes.

Because FDIC's Human Resources Committee brings together executives in the
major divisions and personnel in support divisions, it is able to develop
approaches for accomplishing the agency's mission and goals. Our prior
work on strategic human capital planning has shown that effective
organizations integrate human capital approaches into their efforts for
accomplishing their missions and goals. Such integration allows an agency
to ensure that its core processes efficiently and effectively support its
mission.^28 In April 2003, we reported that establishing entities, such as
human capital councils like FDIC's Human Resources Committee, was a key
action agencies could take to integrate human capital approaches with
strategies for achieving their missions.^29 Comprised of senior agency
officials, including both program leaders and human capital leaders, these
human capital councils meet regularly to review the progress of their
agency's integration efforts and to make certain that the human capital
strategies are visible, viable, and remain relevant. Additionally, the
groups help the agencies monitor whether differences in human capital
approaches throughout the agencies are well considered, effectively
contribute to outcomes, and are equitable in their implementation. In this
regard, FDIC's Human Resources Committee (HRC) brings together the support
functions of FDIC's Division of Administration (DOA), Division of Finance
(DOF), Legal Division, Division of Information and Technology (DIT), and
Corporate University (CU) with executives from the major line
divisions--Division of Supervision and Consumer Protection (DSC), Division
of Insurance and Research (DIR), and Division of Resolutions and
Receiverships (DRR). See figure 3.

^28GAO, A Model of Strategic Human Capital Management, [46]GAO-02-373SP
(Washington, D.C.: March 2002).

^29GAO, Human Capital: Selected Agency Actions to Integrate Human Capital
Approaches to Attain Mission Results, [47]GAO-03-446 (Washington, D.C.:
April 2003).

Figure 3: FDIC's Human Resources Committee Organizational Chart

The committee members stated that having representatives from various
divisions within the agency allows them to integrate all views into the
decision-making process. The committee meets weekly, typically for 2 or 3
hours and works to facilitate communication and consensus throughout FDIC
on human capital issues. The committee also advises senior leadership on
significant human resources issues. Human Resources Committee members told
us that they review policy recommendations and share information with
their respective division directors. Further, committee members stated
that division managers are able to bring the concerns of their subordinate
staff to the committee, and managers are able to notify their subordinate
staff of human capital initiatives that may address their concerns. For
example, staff members are able to communicate training needs to the Human
Resources Committee through their division managers. The division
representatives on the Human Resources Committee are able to communicate
information to the managers about future training programs that would meet
staff needs. According to committee members, this helps facilitate the
flow of information to and from division managers and subordinate staff.

  Corporate University

Another step FDIC took to strengthen its human capital framework was
establishing its Corporate University in 2003. Corporate University
supports the agency's mission and goals by training and developing FDIC
employees. Corporate University provides training and development
opportunities for FDIC executives, managers, supervisors, and employees in
order to help them enhance their job performance. Before establishing
Corporate University, FDIC focused and confined training within divisions;
the agency gave relatively little attention to building a corporate
culture or making employees aware of activities outside their own
divisions. However, since establishing Corporate University, FDIC's
efforts have been lauded for reflecting best practices in aligning
training functions with the agency's mission and goals. In 2005, FDIC's
Corporate University received an excellence award from the Corporate
University XChange for its organizational structure and alignment within
the agency.^30 The Corporate University XChange cited features of FDIC's
Corporate University that made it appropriately aligned within the agency,
such as the existence of a Governing Board that includes division managers
and having deans and chairs from the divisions serve on a rotational
basis.

FDIC's Corporate University works with the Human Resources Committee, the
Corporate University's Governing Board, and deans to design curriculum and
implement training programs. The structure of Corporate University is
intended to support a balance between the agency's goals and the needs of
the individual divisions. FDIC's Chief Operating Officer, Chief Financial
Officer, and division Directors work with the Chief Learning Officer to
deliver training and development programs. Corporate University also has
structures in place to facilitate the exchange of information related to
the training needs of the Division of Supervision and Consumer
Protection.^31 Two committees--the Curriculum Oversight Group and the
Training Oversight Committee--assist Corporate University in identifying
training and development needs. The Curriculum Oversight Group consists of
midlevel supervisors who meet with Corporate University staff to map out
training needs and curriculum changes that require focused strategies. The
Training Oversight Committee consists of senior managers who provide
information on skills needed within the Division of Supervision and
Consumer Protection.

^30Corporate University XChange is an educational research and consulting
firm that assists organizations in optimizing their education and training
resources. The panel that judges the applications for the award include
past award winners and other representatives of academia, government
agencies, and for-profit education organizations.

^31FDIC's Division of Supervision and Consumer Protection is Corporate
University's largest client. According to a 2005 FDIC Inspector General
audit report, the division accounted for more than 50 percent of FDIC's
staff and training dollars.

  Human Capital Blueprint

Last, in response to a 2004 FDIC Inspector General audit report, the
agency established an integrated human capital blueprint in December
2004.^32 The report recommended that FDIC develop a coherent human capital
blueprint that comprehensively describes the agency's human capital
framework and establishes a process for agency leaders to monitor the
alignment and success of human capital initiatives. The report noted that
such a blueprint would be beneficial because it would, among other things,
promote an agencywide understanding of the human capital program.
According to FDIC officials, the blueprint describes the key elements of
FDIC's human capital framework and recognizes the collective
responsibility of various FDIC divisions and offices in the success of its
strategic human capital initiatives. Figure 4 illustrates FDIC's human
capital blueprint.

^32Federal Deposit Insurance Corporation, Office of the Inspector General,
The FDIC's Strategic Alignment of Human Capital (Washington, D.C.: January
2004).

Figure 4: FDIC's Human Capital Blueprint

Note: According to FDIC, although the blueprint depicts boundaries between
certain elements of the framework, it is not meant to imply that one
process ends before another begins. In instances where overlaps and
interactions between elements of the framework or between FDIC divisions
are intrinsic to the process, the activity is shown as straddling two
groups of elements. For example, "program and policy development"
straddles the boundary between FDIC's Human Resources Committee and two
divisions within the agency.

Our previous work on strategic human capital planning suggests that human
capital professionals and line managers should share accountability for
integrating human capital strategies into the planning and decision-making
processes. Our work further states that successful organizations have
human capital professionals work with agency leaders and managers to
develop strategic and programmatic plans to accomplish agency goals.^33
This process results in agency and human capital leaders sharing
accountability for successfully integrating strategic human capital
approaches into the planning and decision making of the agency. FDIC's
human capital blueprint includes processes for agency leaders to
participate in the alignment of the agency's human capital initiatives
relative to its goals. The blueprint considers how major environmental
factors, such as the economy and the banking industry, impact the agency's
mission and goals. FDIC considers these external factors when it conducts
assessments of workload and skill requirements. These assessments
ultimately guide the FDIC's Human Resources Branch, the Human Resources
Committee, and Corporate University in developing and implementing
initiatives to address human capital needs.

FDIC Created the Corporate Employee Program to Provide a Capable and Flexible
Workforce, but Its Effects on Mission Critical Functions Are Unknown

A key part of FDIC's human capital strategy is the Corporate Employee
Program, which cross trains employees in multiple FDIC divisions with the
objective of training them to respond rapidly to shifting priorities and
changes in workload. According to FDIC officials, the Corporate Employee
Program reflects a more collaborative approach to meeting mission critical
functions. Launched in June 2005, the Corporate Employee Program provides
opportunities for employees at all levels to identify, develop, and apply
various skills through training opportunities and work assignments.
According to FDIC memoranda describing the program, the increased speed at
which changes can occur in individual insured institutions and the entire
financial industry, and hence the speed at which FDIC's workload can
change, requires FDIC to ensure that it can respond effectively and
quickly. The memoranda further state that cross-training programs and
cross-divisional mobility will provide FDIC employees with broader career
experiences and enhanced job satisfaction while allowing FDIC to have more
than enough people within the organization who have the essential training
and experience that FDIC may need to respond to significant events. The
goals of the Corporate Employee Program are to:

           o provide employees with skills needed to address significant
           spikes in workloads that may temporarily require shifting
           resources among FDIC's three main divisions,
           o promote a corporate perspective and a corporate approach to
           problem solving,
           o facilitate communication and the transfer of knowledge across
           all FDIC divisions, and
           o foster greater career opportunity and job satisfaction.

           In March 2005, FDIC began pursuing three initial strategies for
           implementing the Corporate Employee Program: a crossover program,
           voluntary rotational assignments, and new hiring. The voluntary
           crossover program, intended to integrate key skill sets across
           business lines, allows FDIC staff in the Division of Resolutions
           and Receiverships to apply for in-service training in the Division
           of Supervision and Consumer Protection which will require that
           they obtain commissioned examiner status within a specific time
           frame.^34 The voluntary rotational assignments provide current
           examiners in the Division of Supervision and Consumer Protection
           an opportunity to fulfill a more well-defined role in providing
           support to the Division of Resolutions and Receiverships. To
           fulfill this role, a number of examiners receive training and
           practical experience in resolutions and receivership functions. In
           the event of a significant increase in resolutions workload, the
           Division of Resolutions and Receiverships has first priority to
           call on these specialists when needed. FDIC has also developed
           criteria for hiring and training new employees in certain
           divisions. The divisions hire new employees to pursue commissioned
           examiner status in either risk management or compliance.^35 While
           pursuing the commissioned examiner status, new employees
           simultaneously receive training in resolution and receivership
           functions and an enhanced orientation on the broad scope of FDIC's
           operations.^36 Those who successfully complete the program are
           eligible to compete for available permanent positions in FDIC's
           three major career tracks--risk management examiners, compliance
           examiners, and resolutions and receiverships specialists.

           FDIC employees whom we spoke with told us that they believe the
           Corporate Employee Program holds great potential. For example,
           regional and field office staff told us that the program provides
           new employees with a better understanding of how the various FDIC
           divisions work together and an overview of each division's role
           within the agency. Regional and field office employees also stated
           that the program will make FDIC a better agency because the
           program helps to create a well-rounded and resourceful workforce
           that can be called upon to assist in the event of a banking
           crisis.

           However, FDIC staff in the regional and field offices we visited
           expressed a variety of concerns about the way the Corporate
           Employee Program operates. For example, we were told that
           contributions from graduates of the Corporate Employee Program may
           take a number of years to realize. Regional and field staff
           explained that the commissioning process for examiners takes 4
           years to complete. Therefore, the earliest successful Corporate
           Employee Program graduates could contribute to bank examinations
           would be 4 years from the time they began the program. For
           example, in one field office an employee explained that examiners
           cannot certify an institution's examination report until after
           they have received their commissions. Therefore, current Corporate
           Employee Program participants are unable to reduce the workload of
           the commissioned examiners until then. However, according to FDIC
           officials in headquarters, examiners hired into the Corporate
           Employee Program can contribute immediately and continuously to
           the completion of certain aspects of a bank examination during
           their training and development program, which culminates in
           attaining a "commissioned" status. FDIC headquarters officials
           also stated that while the expected commissioning time frame is
           approximately 4 years, they believe they are preparing a more
           capable future workforce. They explained that the Corporate
           Employee Program adds approximately 6 to 9 months to the
           commissioning process, while simultaneously accelerating new
           employees' understanding of FDIC's division functions and how they
           are interrelated.

           Regional and field staff we spoke with also stated that reduced
           staffing levels place greater strain on existing staff to train
           new employees in certain divisions, which is further amplified by
           their concerns about the nature and timing of the rotational
           aspect of the program. Although regional and field office staff
           thought rotations were beneficial, they expressed concern that new
           employees do not spend enough time in each division to fully grasp
           how to perform certain job duties. Also, cross-divisional
           rotations during the first year can hinder the program, according
           to regional and field office staff. Specifically, regional and
           field staff stated they have had to re-train new employees because
           they had forgotten certain skills by the time they were
           permanently placed in a specific area after their rotations were
           complete. Further, regional office employees suggested that the
           rotation in the Division of Resolutions and Receiverships be
           shortened in order for the agency to be more proactive in
           addressing any increase in troubled or failed banks. They stated
           that new employees would benefit more from gaining experience in
           ongoing supervisory activities so they are able to detect problems
           in banks, as opposed to being trained on resolving banks. Further,
           regional office staff indicated that the agency was giving a
           priority to placing new employees in the examiner commissioning
           tracks because that was where the agency had focused its hiring
           efforts; therefore, a lengthy rotation in the Division of
           Resolutions and Receiverships could be counterproductive,
           especially given the reduced staff available for training new
           employees. Officials in one regional office we visited stated that
           new employees rotating through the Division of Resolutions and
           Receiverships are not receiving detailed training because the
           agency's greatest need is currently for examiners. Further, in the
           event of an increase in troubled or failed banks, the Division of
           Resolutions and Receiverships would be more likely to pull more
           experienced employees from other divisions, not new employees.

           FDIC headquarters officials stated they have always relied on
           seasoned examiners to provide on-the-job training and guidance to
           new examiners. The on-the-job training represents a critical
           component of the commissioning process and is considered a program
           strength. The officials added that on-the-job training continues
           under the Corporate Employee Program, but does not represent a
           significant increase in training burden as compared to the former
           examiner training practices. Further, FDIC headquarters officials
           stated that the first year rotations in the Corporate Employee
           Program were intended to create baseline functionality, awareness,
           and understanding of the three primary divisions, so when the
           employees in training subsequently pursue a commissioning path,
           they have the benefit of broad agency perspective and understand
           how the work of each division benefits the work of the others. As
           such, according to headquarters officials, the timing of the
           rotational assignments is aligned with the program's desired
           outcome and intent.

           Last, regional and field office staff explained that the agency
           was not training new employees in every aspect of the examination
           process due to FDIC's risk-based approach to examinations. As a
           result, they may not be able to identify potential problems in
           areas not covered by the risk-based approach. For example, we
           interviewed examiners in one region that has experienced
           significant growth in the number of financial institutions it
           oversees. FDIC employees in that region told us they expect the
           number of new bank examinations, which require full scoping, to
           rise over the next year, and new employees will not know how to
           conduct a full scope examination because they are being trained on
           the risk-based approach. In another office, examiners stated that
           new employees are typically trained in examination procedures
           using banks that are well-capitalized and well-managed. Therefore,
           FDIC may not be preparing those employees to handle rare problems
           that could potentially occur in banks. FDIC officials in
           headquarters disagreed that new employees receive less training
           than the previous examiner processes offered. The officials stated
           that the use of risk-based examination scoping processes
           constitute "full-scope" examinations and that examination
           procedures have not changed, nor have they been eliminated from
           examiner training programs.

           The Corporate Employee Program represents a significant change in
           the way FDIC conducts its workforce planning for the future. Our
           work on organizational transformations identified key practices
           that can serve as a basis for subsequent consideration as federal
           agencies seek to transform their cultures.^37 One practice is to
           communicate shared expectations and report related progress, which
           would allow for communication to build trust and help ensure all
           employees receive a consistent message. Organizations undergoing
           significant change have found that communicating information early
           and often helps build an understanding of the purpose of planned
           changes. Also, messages to employees that are consistent in tone
           and content can alleviate uncertainties generated during times of
           large-scale change management initiatives. FDIC created brochures,
           provided briefings, and issued memoranda to communicate the
           structure and intended goals of the Corporate Employee Program.
           During our site visits, senior managers in one regional office
           stated that the development of the Corporate Employee Program was
           a combined effort of groups and individuals in field offices,
           regional offices and in headquarters. Also, some regional and
           field office employees stated they had opportunities to ask
           questions about the program as it was being developed, provided
           input into the development of the Corporate Employee Program or
           were kept abreast of developments in the program by their
           managers. However, other employees we met with stated they did not
           have an opportunity to provide input into the development of the
           Corporate Employee Program.

           The Corporate Employee Program has only recently been implemented,
           and differing opinions on the nature, intent, or benefits of such
           a new initiative may be anticipated. It is also important to note
           that FDIC has not had an opportunity to fully determine the
           potential benefits or shortfalls of the Corporate Employee Program
           due to the newness of the program and the relatively strong health
           of the banking industry. Thus, it is especially important that
           FDIC take steps to assess the benefits of the program and share
           available results with all FDIC employees. Our prior work on
           organizational transformations states that sharing performance
           information can help employees understand what the organization is
           trying to accomplish and how it is progressing in that direction
           and increase employees' understanding and acceptance of
           organizational goals and objectives.
			  
			  FDIC Has Additional Human Capital Initiatives to Address
			  Leadership Development and Professional Competence

           As noted earlier, FDIC officials estimate that 8 to 16 percent of
           the agency's remaining permanent workforce will retire over the
           next 5 years. Many of the agency's most experienced and most
           senior employees are included in the projection, and their
           retirements will further exacerbate the loss of institutional
           knowledge that occurred during the more than 10 years of agency
           downsizing. In order to address this and other issues related to
           leadership development and improving professional competence, FDIC
           is developing several new human capital initiatives. In October
           2006, the Corporate University Governing Board granted approval
           for Corporate University to proceed with the design and piloting
           of the Corporate Executive Development Program. FDIC officials are
           designing the program to address human capital issues related to
           succession planning. The purpose of the program is to prepare
           high-potential employees for executive-level responsibilities.
           Certain senior level employees and managers will be eligible to
           participate in the executive development program. Candidates will
           participate in an 18-month program consisting of experiential and
           academic learning (including a 12-month detail outside of the
           candidate's current division), and a 2- or 3-month detail tailored
           to the candidate's developmental needs. Candidates who
           successfully complete the program are eligible for noncompetitive
           promotion into executive manager positions at FDIC; however, there
           are no guarantees for placement.

           FDIC has also developed the following human capital initiatives to
           help employees develop expertise and improve professional
           competence:

           o Professional Learning Accounts: The Corporate University
           Governing Board approved Professional Learning Accounts for
           implementation in 2007. These accounts are a specified annual
           amount of money (up to $2,500) and hours (up to 48 hours) that
           employees at all career levels within the agency manage with their
           supervisors for use toward the employee's learning and development
           goals. Employees can use account funds for any training and
           development opportunity that is considered related to the work and
           mission of FDIC, regardless of the employee's current occupation.
           The accounts are voluntary and temporary, permanent, full, and
           part time employees are eligible.^38 Employees eligible for
           account funds must first complete a career development plan, which
           an employee's supervisor must approve.
           o Internal Certifications: FDIC offers additional certifications
           through the Corporate Employee Program as well as a commissioning
           track in the Division of Resolutions and Receiverships. FDIC's new
           certificate programs are intended to give employees at all career
           levels an opportunity to expand their knowledge and skills in
           areas critical to FDIC's mission while simultaneously helping to
           make FDIC more responsive to changes in the financial services
           industry. To receive a certificate, employees must complete a
           development program, have a supervisor attest to their skill
           readiness, and qualify on a knowledge assessment in the form of a
           computerized test or a performance assessment. FDIC expects the
           FDIC certificate to benefit FDIC employees in a number of ways,
           including broadened agency perspective, increased marketability,
           career mobility, personal development, and continuous learning. As
           of October 2006, FDIC had introduced two certificate programs, and
           Corporate University was working to identify and obtain evaluation
           data for these programs to measure their effectiveness.^39 FDIC is
           also working to develop a commissioning track for resolutions and
           receiverships specialists. It is expected that in the future, new
           employees will be selected into either the examiner commissioning
           track or the resolutions and receiverships commissioning track.
           o External Certifications: Corporate University has also sponsored
           opportunities targeted for midlevel career staff to receive
           external certifications in areas that align with FDIC's business
           needs. In 2005, Corporate University offered two external
           certifications to select employees. As of November 2006, Corporate
           University sponsorship included four more external certifications,
           and Corporate University planned to continue to work with FDIC's
           divisions to sponsor other external certifications, as
           appropriate.^40 
           o MBA Program: During 2005, Corporate University sponsored (on a
           pilot basis) a limited number of employees to pursue the Masters
           in Business Administration, or MBA, at the University of
           Massachusetts at Amherst. According to FDIC officials, the MBA
           program enhances the technical and leadership skills of FDIC
           employees. At the time of our review, FDIC had 10 employees
           enrolled in the first year of the program.
			  
			  Corporate University Evaluates All Training Programs, but It Has
			  Not Fully Developed Outcome-Based Performance Measures to
			  Determine Effectiveness

           Corporate University officials stated that they evaluate all of
           their training programs to determine how effective they are at
           providing the skills and expertise needed to improve job
           performance. However, certain training courses receive a more
           in-depth evaluation than others, depending on the significance of
           the training program. In March 2004, we published A Guide for
           Assessing Strategic Training and Development Efforts in the
           Federal Government, which emphasizes the importance of agencies'
           being able to evaluate their training programs and demonstrate how
           the training efforts help develop employees and improve the
           agencies' performance.^41 One commonly accepted training
           evaluation model consists of five levels of assessment.^42 The
           first level measures the participants' reaction to and
           satisfaction with the training program. The second level measures
           the extent to which learning has occurred because of the training
           effort. The third level measures the application of the learning
           to the work environment through changes in behavior that trainees
           exhibit on the job. The fourth level measures the impact of the
           training program on the agency's organizational results. Finally,
           the fifth level--often referred to as return on
           investment--compares the benefits (quantified in dollars) to the
           costs of the training program.

           According to Corporate University officials, all training programs
           receive a level one evaluation, which are the typical evaluations
           performed at the end of a course. Where appropriate, Corporate
           University conducts level two evaluations, which are similar to a
           final exam and provide a measure of how much trainees learned
           during the training program. More significant training programs,
           like the Corporate Employee Program, receive level three
           evaluations, where, according to Corporate University officials,
           employees demonstrate their learning on the job. For example,
           after every rotation or job assignment during the first year of
           the Corporate Employee Program, the employee's supervisor prepares
           a report on how well the employee performed certain job tasks.
           Corporate University officials noted that they are planning to
           conduct what they consider level four evaluations of the Corporate
           Employee Program, where they will compare the skill level and
           performance of graduates of the Corporate Employee Program to
           those who completed the previous commissioning process. According
           to Corporate University officials, this might help them determine
           whether the Corporate Employee Program produces employees with at
           least the same level of knowledge, skill, and ability as those
           employees who were trained and commissioned prior to the
           implementation of the Corporate Employee Program.

           Our prior work on evaluating training programs states that
           assessing training and development efforts should consider
           feedback from customers, such as whether employee behaviors or
           agency processes effectively met their needs and expectations.^43
           Corporate University officials noted that they also obtain
           feedback on training courses to ensure they remain relevant, the
           emphasis remains appropriate to the job duties, and information
           being provided meets staff's needs. Based on feedback, Corporate
           University may make changes to the delivery of the course or the
           tools used in the course. Corporate University officials stated
           they made significant changes to the Corporate Employee Program
           based on feedback from the new employees and their supervisors.
           For example, Corporate University made improvements to certain
           training materials and revised certain required benchmarks to make
           them more robust and complete.

           According to our guide, not all training and development programs
           require, or are suitable for, higher levels of evaluation. It can
           be difficult to conduct higher levels of evaluation because of the
           difficulty and costs associated with data collection and the
           complexity in directly linking training and development programs
           to improved individual and organizational performance.^44
           Corporate University officials noted that they try to focus higher
           levels of evaluation on the most significant training programs
           that address key organizational objectives, involve change
           management, and are costly to the organization. For example,
           Corporate University is planning to conduct level four evaluations
           of the Corporate Employee Program because it is significant,
           costly, and highly visible. Officials added that resources are the
           biggest obstacle to conducting higher levels of evaluation. For
           example, it takes time to complete surveys and questionnaires and
           obtain productivity data. Officials told us that conducting these
           activities interrupts core mission work, so Corporate University
           conducts higher levels of evaluation in a more targeted fashion.

           Corporate University is currently developing a scorecard to
           measure its progress in meeting its human capital goals, but it
           has not fully developed outcome-based performance measures to
           determine the effectiveness of its training programs.^45
           Performance measures may address the type or level of program
           activities conducted (process), the direct products and services
           delivered by a program (outputs), or the results of those products
           and services (outcomes). Corporate University's scorecard
           development began in early spring 2005, when an FDIC management
           analyst briefed Corporate University on the scorecard concept and
           began developing a strategy for the development of the scorecard.
           By fall 2005, Corporate University had developed a draft scorecard
           and presented it to staff; Corporate University began piloting the
           draft scorecard in 2006. Corporate University's draft scorecard
           includes indicators that measure customer perspective (e.g.,
           percent of target Corporate Employee Program certificates
           awarded); internal perspective (e.g., percent of clients satisfied
           on post-project surveys); Corporate University operating
           attributes (e.g., percent of projects on schedule or completed on
           time); and financial perspective (e.g., percent of resources
           invested in high-priority areas).

           While Corporate University conducts evaluations to learn the
           benefits of its training programs and how to improve them, our
           prior work on performance measurement and evaluation shows that
           evaluations typically examine a broader range of information than
           is feasible to monitor on an ongoing basis.^46 Though evaluations
           may present this challenge, FDIC can monitor outcome-based
           performance measures on an ongoing basis to help focus on whether
           a program has achieved its objectives. Both evaluations and
           performance measurements aim to support resource allocation and
           other decisions to improve effectiveness; however, performance
           measurement, because of its ongoing nature, can serve as an early
           warning system to FDIC management and can be used as a vehicle for
           improving accountability.

           Our prior work on strategic workforce planning states high
           performing organizations recognize the importance of measuring how
           outcomes of human capital strategies help the organization
           accomplish its mission.^47 Performance measures, appropriately
           designed, can be used to gauge two types of success: (1) progress
           toward reaching human capital goals and (2) the contribution of
           human capital activities toward achieving programmatic goals.
           Periodic measurement of an agency's progress toward human capital
           goals and the extent that human capital activities contributed to
           achieving programmatic goals provides information for effective
           oversight by identifying performance shortfalls and appropriate
           corrective actions. Further, evaluating the contribution of human
           capital activities toward achieving an agency's goals may
           determine that its human capital efforts neither significantly
           helped nor hindered the agency from achieving its programmatic
           goals. These results could lead the agency to revise its human
           capital goals to better reflect their relationship to programmatic
           goals, redesign programmatic strategies, and possibly shift
           resources among human capital initiatives. However, our previous
           work showed that developing meaningful outcome-oriented
           performance goals and collecting performance data to measure
           achievement of these goals is a major challenge for many federal
           agencies.

           Corporate University officials acknowledged challenges associated
           with developing outcome-based performance measures. An official
           noted that it was difficult to develop measures that are
           meaningful to the agency. For example, the official noted that
           maintaining alignment of training and development with the
           agency's goals is important, but it was difficult to develop a
           measure for organizational alignment. Therefore, to gauge
           organizational alignment, Corporate University uses the number of
           senior level meetings to determine workforce and skill needs as a
           measure. Officials also noted that several outcome measures carry
           over into the divisions and that it is difficult to determine how
           Corporate University's training programs impact other divisional
           scorecards. However, Corporate University officials want to obtain
           outcome-based performance measures and stated that they would
           continue to refine and improve their scorecard as they gain more
           experience. While the draft scorecard currently includes an output
           performance measure for the Corporate Employee Program, it does
           not yet include outcome-based performance measures. Absent the use
           of outcome-based performance measures, especially for key
           initiatives like the Corporate Employee Program, FDIC will not
           know whether its programs are effective at achieving its mission
           and its human capital goals. Further, not having these measures
           could limit FDIC's ability to determine whether to modify or
           eliminate ineffective training programs.
			  
			  FDIC Has an Extensive Risk Assessment System and Contingency Plans
			  for Bank Failures, but It Has Not Comprehensively or Routinely
			  Evaluated Them

           FDIC, as a supervisor of banks and thrifts that evaluates safety
           and soundness, as well as the insurer of deposits, has risk
           assessment and monitoring at the core of its mission. To manage
           risk, FDIC uses information from front-line supervision of
           individual institutions and a range of activities examining trends
           and economic forces affecting the health of banks and thrifts
           generally. Following industry consolidation in recent years,
           failure of large institutions presents the most significant threat
           to FDIC's deposit insurance fund, due to the asset size of the
           institution and the complexity of its activities. Thus, if losses
           grew high enough, the insurance fund could be exhausted. FDIC has
           both broad plans and specific strategies for handling troubled
           institutions, and FDIC has evaluated a wide variety of its risk
           activities. But some of FDIC's evaluations were not done regularly
           or comprehensively. Defining clear responsibility for monitoring
           and evaluation of its risk activities could assist FDIC in
           addressing or preventing weaknesses in its evaluations.
			  
			  To Assess and Monitor Risk, FDIC Combines Supervision of
			  Individual Institutions with Analysis of Trends Affecting Banks
			  and Thrifts

           Our generally accepted standards for internal control identifies
           risk assessment as one of five key standards that both define the
           minimum level of quality acceptable for internal control in
           government as well as provide the basis against which an
           organization's internal controls are evaluated.^48 Proper internal
           control should, among other things, provide for an assessment of
           risk an agency faces from external sources. FDIC takes a dual
           approach to assessing and monitoring risk. FDIC's front-line for
           risk assessment is supervision of individual institutions, where
           it is the primary federal regulator of thousands of banks and
           thrifts. It is also the backup regulator for thousands of other
           institutions directly supervised by one of the other three federal
           regulatory agencies for banks and thrifts. In addition to its
           supervision of individual institutions, FDIC also conducts broad
           monitoring and analysis of risks and trends in the banking
           industry as a whole.
			  
			  Individual Institution Examinations are FDICï¿½s Front Line for
			  Risk Assessment

           At the individual institution level, FDIC's main risk assessment
           activity is the safety-and-soundness examination process, agency
           officials told us.^49 Like other federal banking regulators, FDIC
           must generally conduct a full-scope, on-site examination for each
           institution it regulates at least once every 12 months, although
           the agency can extend the interval to 18 months for certain small
           institutions.^50 For institutions that require additional
           attention, FDIC may supplement regularly scheduled examinations
           with more frequent examinations or visitations.^51

           Recognizing that a bank or thrift's condition can change between
           on-site examinations, FDIC officials told us the agency created
           eight risk measurement models to monitor risk from off-site, which
           often use financial information reported by the institution. The
           agency's major off-site monitoring tool is the Statistical CAMELS
           Off-site Rating system (SCOR), which helps FDIC identify
           institutions that have experienced significant financial
           deterioration.^52 The SCOR off-site monitoring system attempts to
           identify institutions that received a rating of 1 (no cause for
           supervisory concern) or 2 (concerns are minimal) on their last
           examination--the top two grades available on the five-point CAMELS
           scale--but whose financial deterioration may cause a rating of 3
           or worse (cause for supervisory concern and requires increased
           supervision to remedy deficiencies) at the next examination.^53
           The significance of the 3 rating is that once a banking regulator
           rates an institution as 3 or worse, FDIC monitors it more closely.
           The SCOR system uses a statistical model that compares examination
           ratings with financial ratios of a year earlier and attempts to
           forecast future ratings.^54 As discussed later in this report,
           evaluations of the SCOR system determined that the system is
           informative, but does not always produce accurate results.

           Owing to the potential for larger losses to the insurance fund,
           FDIC officials told us the agency also puts special emphasis on
           monitoring the nation's largest financial institutions, based on
           asset size. For example, FDIC's Large Insured Depository
           Institution program gives heightened scrutiny to institutions with
           assets of $10 billion or more. For those with $25 billion in
           assets or more, managers submit quarterly assessments.^55 For
           those with $50 billion or more in assets, FDIC also requires risk
           assessment plans that address risk the institution presents from
           the perspectives of supervision, insurance, and resolution.
           Further, FDIC maintains examiners on-site at the six largest
           institutions. While FDIC is not the primary regulator of these
           institutions, it is nevertheless responsible for insuring them.
           For the largest institutions for which FDIC is the primary
           regulator, the agency uses what it calls a continuous supervision
           process for examinations, which provides ongoing examination and
           surveillance of institutions with assets greater than $10 billion.
           Four institutions are now receiving such scrutiny.

           Additionally, FDIC has in recent years made significant changes to
           its examination process. It has adopted the MERIT program (Maximum
           Efficiency, Risk-focused, Institution Targeted examinations),
           which seeks to tailor examinations to risks presented by
           individual institutions. Under this approach, safer institutions
           should receive less attention, while riskier institutions should
           receive more regulatory scrutiny. FDIC officials stated that the
           MERIT program is more efficient, allowing examiners to spend less
           time on-site at well-rated institutions, while providing an
           opportunity to redirect examination resources to institutions
           posing higher risks. For example, if an institution maintains what
           examiners decide is an effective asset review program, the
           examiners will significantly reduce the time spent reviewing
           individual credits. Today, banks or thrifts that meet certain
           criteria are eligible for the MERIT program.^56
			  
			  Broad Assessment and Monitoring is the Second Part of FDICï¿½s Risk
			  Strategy

           In addition to its oversight of individual institutions, FDIC
           conducts a wide range of other activities to monitor and assess
           risk at a broader level, from a regional perspective on up to a
           national view (fig. 5).

^33 [48]GAO-02-373SP . See also GAO, Human Capital: A Self-Assessment
Checklist for Agency Leaders, [49]GAO/OCG-00-14G (Washington, D.C.:
September 2000).

^34A commissioned examiner is an individual designated to conduct
financial institution examinations or inspections on behalf of FDIC.

^35Risk management examiners primarily focus on assessing the financial
condition of an institution. Compliance examiners assess the institution's
practices against applicable laws. FDIC uses the terms "risk management
examiners" and "safety and soundness examiners" interchangeably. For the
purpose of this report, we use the term "risk management examiners" when
referring to this type of examiner, unless otherwise noted.

^36After successful completion of one of the two initial examiner
commissioning programs, new employees are eligible to pursue the other
examiner commission.

^37GAO, Results-Oriented Cultures: Implementation Steps to Assist Mergers
and Organizational Transformations, [50]GAO-03-669 (Washington, D.C.: July
2003).

^38Temporary employees with less than 6 months remaining in their
appointments, employees pursuing a commission, and student interns are not
eligible for Professional Learning Accounts.

^39At the time of our review, FDIC's Corporate University was piloting two
certificate programs in the areas of: (1) Risk Management--Bank Secrecy
Act and Anti-Money Laundering and (2) Resolutions and
Receiverships--Claims.

^40The Certified Anti-Money Laundering Specialist and Certified
Information Systems Auditor external certifications were offered in 2005.
As of November 2006, Corporate University's external certification
sponsorship also included: (1) Chartered Financial Analyst, (2) Certified
Regulatory Compliance Manager, (3) Financial Risk Manager, and (4)
Certified Fraud Examiner.

^41GAO, Human Capital: A Guide for Assessing Strategic Training and
Development Efforts in the Federal Government, [51]GAO-04-546G
(Washington, D.C.: March 2004).

^42Donald L. Kirkpatrick (author of Evaluating Training Programs: The Four
Levels) conceived a commonly recognized four-level model for evaluating
training and development efforts. The fourth level is sometimes split into
two levels with the fifth level representing a comparison of costs and
benefits quantified in dollars.

^43 [52]GAO-04-546G .

^44 [53]GAO-04-546G .

^45The scorecard concept employs a simple grading system common in many
businesses: green for success, yellow for mixed results, and red for
unsatisfactory. Scorecards track how well divisions and offices are
executing their respective goals and objectives.

^46GAO, Performance Measurement and Evaluation: Definitions and
Relationships, [54]GAO-05-739SP (Washington, D.C.: May 2005).

^47GAO, Human Capital: Key Principles for Effective Strategic Workforce
Planning, [55]GAO-04-39 (Washington, D.C.: December 2003).

^48 [56]GAO/AIMD-00-21 .3.1. The Committee of Sponsoring Organizations of
the Treadway Commission (COSO) has also published similar guidance on
internal control standards. See Committee of Sponsoring Organizations of
the Treadway Commission, Enterprise Risk Management--Integrated Framework
(September 2004). COSO is a voluntary private sector organization whose
purpose is to help businesses and other entities assess and enhance their
internal control systems. COSO includes representatives from the Institute
of Internal Auditors, American Accounting Association, American Institute
of Certified Public Accountants, Financial Executives International, and
Institute of Management Accountants.

^49In this process, FDIC examiners conduct on-site evaluations of an
institution's activities in the key areas assessed by the banking
regulators' CAMELS rating system--capital, asset quality, management,
earnings, liquidity, and sensitivity to market risk. FDIC conducts these
examinations through its Division of Supervision and Consumer Protection.

^50See 12 U.S.C. S 1820 (d). The 18-month rule generally applies to
well-capitalized, well-managed community institutions that are not subject
to enforcement actions or any change in control during the 12-month period
in which a full-scope, on-site examination would be required. Until
recently, the provision applied to institutions with less than $250
million in assets. Section 605 of the Financial Services Regulatory Relief
Act of 2006, Pub. L. No. 109-351, 120 Stat. 1966, 1981 (2006), raised the
asset threshold to include institutions with total assets of less than
$500 million. Required examinations may also be conducted on an
alternating basis with state banking regulators.

^51In 2005, FDIC says it conducted 2,399 legally required safety and
soundness examinations. For a complete description of FDIC's examination
policies, see DSC Risk Management Manual of Examination Policies,
available at www.fdic.gov/regulations/safety/manual/index_pdf.html
(accessed Jan. 8, 2007).

^52For details of the SCOR system, see Collier, et al., "The SCOR System
of Off-Site Monitoring: Its Objectives, Functioning, and Performance,"
FDIC Banking Review, volume 15, number 3, 2003.

^53The CAMELS score is a numerical rating assigned to reflect an
assessment of the overall financial condition of an institution. The score
takes on integer values ranging from 1 (best) to 5 (worst). CAMELS ratings
are based on examiners' assessments of six factors: capital, asset
quality, management, earnings, liquidity, and sensitivity to market risk.

^54Financial ratios are statistical measures of an institution's condition
or performance, focusing on such areas as earnings, level of capital,
quality of loans and many other areas.

^55Case managers oversee the work product of field examiners, monitoring
such things as consistency of product, preparation of off-site materials,
and preparation of permanent records.

^56To be eligible, an institution must be judged well-capitalized and
well-managed, have loan grading systems, and have total assets of $1
billion or less.

Figure 5: FDIC's Risk Assessment and Monitoring Process

    Regional Risk Committees

In 2003, FDIC formed Regional Risk Committees in each of FDIC's six
regional offices. The Regional Risk Committees review and evaluate
regional economic and banking trends and risks and determine whether the
agency should take any action in response.^57 Comprised of senior regional
executives plus relevant staff members, the committees meet semi-annually,
and consider a wide range of risk factors-- such as economic conditions
and trends, credit risk, market risk and operational risk--as a prelude to
identifying a level of concern, a level of exposure, and supervisory
strategy. Strategy options include such tools as publishing research or
circulating relevant information to the banking community, making the risk
factor a priority in on-site examinations, or highlighting the factor for
off-site monitoring activities. In FDIC's San Francisco Regional Office,
we observed a meeting of the western region's Regional Risk Committee.
These FDIC regional officials had compiled detailed research on a
comprehensive range of potential risk factors that could affect the health
of the region's banks and thrifts. The FDIC regional risk committees
prepare reports of their results and distribute them to the National Risk
Committee.

    National Risk Committee

The National Risk Committee, comprised of senior FDIC officials, meets on
a monthly basis to identify and evaluate the most significant external
business risks facing FDIC and the banking industry, according to FDIC
officials.^58 For example, recent committee work has focused on the effect
of recent hurricanes on Gulf Coast institutions, the trend in number of
problem institutions, and bank and thrift vulnerability to rising interest
rates. Where necessary, the committee develops a coordinated response to
these risks, including strategies for both FDIC-supervised and -insured
institutions. Among other things, the National Risk Committee receives the
Regional Risk Committee reports filed from across the country.

^57Regional Risk Committee members are: the Division of Supervision and
Consumer Protection (DSC) regional director, who serves as chair; DSC
deputy regional directors for risk management and compliance; DSC area
directors for risk management; Division of Insurance and Research regional
managers; and the Division of Resolutions and Receiverships regional
resolutions and closing manager. The regional counsel attends as a
non-voting legal advisor. Regional staff, field staff, staff from other
agencies, and staff from other divisions and offices also attend as
necessary.

^58National Risk Committee members are: the chief operating officer, who
serves as chair; the directors of the Divisions of Supervision and
Consumer Protection, Insurance and Research, and Resolutions and
Receiverships; the chief financial officer; the special advisor to the
chairman; and the general counsel, who is an advisory member.

    Risk Analysis Center

The Risk Analysis Center (RAC) is an interdivisional forum for discussing
significant, cross-divisional, risk-related issues. FDIC officials use the
Risk Analysis Center as a vehicle to bring together managers from across
major FDIC divisions, in an effort to coordinate and provide relevant
information to FDIC decision-makers. The Risk Analysis Center provides
reports and analyses to the National Risk Committee. The National Risk
Committee and regional risk committees also contribute ideas to the Risk
Analysis Center on issues for discussion. Recent examples of the center's
work include response to Hurricane Katrina, when the center's management
committee met to discuss deployment of FDIC offices and personnel to the
relief effort, and work following the August 2003 blackout in the
Northeast and Midwest, when officials assembled shortly after the power
failure in order to discuss its possible impact on the banking system.^59
One key product of the Risk Analysis Center is the "RAC Dashboard"-- a
group of graphically displayed statistics that identify key banking and
economic trends. For example, the center's national dashboard features
trend lines charting economic conditions, large bank risk, credit risk,
market risk, supervisory risk, and financial strength. FDIC officials told
us these indicators allow comparison of current conditions to historical
extremes and have the ability to identify areas where risks may be
increasing. A Risk Analysis Center web site has a variety of risk-related
information, including FDIC publications and presentations available for
supervisors, field examiners, and others. The site offers guidance on
topics such as concentration in real estate lending, interest rate risk
management, and best practices for maintaining operations during natural
disasters.

    Division of Insurance and Research

FDIC's Division of Insurance and Research also plays a significant role in
FDIC's risk activities. The division has a leading role in preparing a key
set of reports delivered to FDIC's board of directors twice each year. The
board uses these reports as a basis for setting the deposit insurance
fund's premium schedule; thus, the reports undergird FDIC's basic mission
of protecting insured deposits. One of these reports, known as the "Risk
Case," summarizes national economic conditions and banking industry
trends, plus discusses emerging risks in banking. The second of the two
reports, known as the "Rate Case," recommends a premium schedule based on
an analysis including likely losses to the fund from failures of
individual institutions; expenses of resolving failed institutions;
insurance fund operating expenses; growth of insured deposits; investment
income; and the effect of premiums on the earnings and capital of insured
institutions. The division also conducts pertinent research on specific
topics or more general issues. For example, FDIC officials told us that
when interest rates recently started upward, the division evaluated what
the effect might be nationally, then conducted stress tests on certain
institutions to see how the increase might affect them. More broadly, the
division has compiled a history of the banking crisis of the 1980s and
early 1990s.^60 In the last 2 years, FDIC has tried to enhance its
research capability, through its Center for Financial Research. Officials
told us they want stronger ties to academia, and believe better research
leads to better policy.

^59FDIC officials concluded the power failure would have little impact on
the banking system.

    Financial Risk Committee

On a quarterly basis, FDIC's Financial Risk Committee recommends an amount
for the deposit insurance fund's contingent loss reserve--the estimated
probable losses attributable to failure of insured institutions in the
coming 12 months. Because the size of the reserve reflects beliefs about
risk facing the insurance fund, the committee's recommendations are an
important part of the risk function. The Financial Risk Committee consists
of senior representatives from major FDIC divisions.^61 In addition to
internal deliberations, FDIC staff members also meet with other banking
regulators to discuss problem institutions for which a reserve may be
necessary.

^60Federal Deposit Insurance Corporation, History of the Eighties--Lessons
for the Future, a 1997 study prepared by FDIC's (former) Division of
Research and Statistics, which is available at
http://www.fdic.gov/bank/historical/history/index.html (accessed Dec.
21, 2006).

^61The Financial Risk Committee is chaired by the associate director of
the financial risk management branch of the Division of Insurance and
Research (DIR), and has as its members: from DIR, the deputy director for
financial risk management and research, the associate director for
financial risk management, and the associate director for research; from
the Division of Finance, the deputy director for accounting and reporting;
from the Division of Resolutions and Receiverships, the deputy director
for franchise and asset marketing, and the assistant director for
marketing; and from the Division of Supervision and Consumer Protection,
the deputy director for risk management, and the associate director for
supervision and applications.

Various parts of the FDIC organization also work together to carry out
their risk assessment and monitoring functions. For example, the National
Risk Committee recently directed the Risk Analysis Center to investigate
possible risks associated with collateralized debt obligations.^62 The
Chicago Regional Office Regional Risk Committee produced a presentation
for the National Risk Committee on housing and banking conditions in
southeast Michigan, where business difficulties of the U.S. automobile
industry have hurt the local economy and with it, the fortunes of local
financial institutions. Similarly, an examiner with commercial real estate
experience recently visited the Florida panhandle and nearby Alabama,
reviewing bank files and visiting larger condominium developments. The
examiner's findings were presented at the Risk Analysis Center to
representatives from FDIC's main divisions--the Divisions of Insurance and
Research, Supervision and Consumer Protection, and Resolutions and
Receiverships. There, officials judged the information important enough to
send up to the National Risk Committee. Division managers in the Risk
Analysis Center also discuss the Risk Case before it is presented to the
National Risk Committee. Meanwhile, the Division of Insurance and Research
has managers in regional offices, where they monitor conditions locally
and consult with examiners in the Division of Supervision and Consumer
Protection who are working in individual institutions. Information these
managers gather is sent to the Risk Analysis Center and the National Risk
Committee.

Notwithstanding its own activities, FDIC officials told us that
cooperation with other federal banking regulators is an important part of
their risk management efforts as well. Toward that end, the agency engages
in a number of activities with the other regulators. One program is the
Shared National Credit Program. Established in 1977, the program is a
cooperative effort among four federal banking regulators to perform a
uniform credit analysis of loans of at least $20 million that three or
more supervised financial institutions share. With $1.9 trillion in credit
commitments to more than 4,800 borrowers, these loans have the potential
for significant impact on the banking system and the national economy. The
program's 2006 annual report showed that as the volume of syndicated
credits has risen rapidly, the percentage of commitments adversely rated
has held steady and remains well below a recent peak in 2002 to 2003. In
addition to the Shared National Credit Program, FDIC is involved in other
interagency risk management activities, such as:

^62A collateralized debt obligation is an asset-backed security whose
underlying collateral is typically a portfolio of bonds or bank loans. In
a January 2006 report to the National Risk Committee, the Risk Analysis
Center warned of a heightened risk of bond defaults.

           o FDIC participates in the Federal Financial Institutions
           Examination Council with the other federal banking regulatory
           agencies. This program prescribes uniform examination standards
           and makes recommendations to promote uniformity in financial
           institution supervision.
           o FDIC exchanges examination reports with the other federal
           banking regulators and state banking authorities.
           o FDIC officials told us that they regularly attend interagency
           meetings, both formal and informal, at the field, regional, and
           headquarters office levels, on topics ranging from
           institution-specific to industrywide issues. For example, FDIC
           consults with staff from the other agencies in preparing the Risk
           Case report described earlier.
           o The agencies jointly issue examination and industry guidance on
           risk-related topics. Recent work includes guidance on
           nontraditional mortgage risks, to clarify how institutions can
           offer nontraditional mortgage products in a safe and sound manner,
           and developing guidance on risks of concentration in commercial
           real estate lending.
           o FDIC told us that they frequently invite officials from the
           other banking agencies to participate in Risk Analysis Center
           presentations on a variety of issues.

           Because FDIC insures many institutions for which it is not the
           primary federal regulator, information-sharing among federal
           banking regulators is a concern to FDIC. FDIC officials told us
           that working relationships with the other regulators are good and
           better than ever before. In 2002, the agencies reached an
           information-sharing agreement, which provides FDIC information and
           access to selected large institutions and others presenting a
           heightened risk to the deposit insurance fund. Two important
           drivers of this cooperative effort are to avoid sending
           potentially mixed signals to the regulated entities and the public
           about regulators' supervisory activities and to reinforce that it
           is critical for FDIC, as the potential receiver for failed
           institutions, to understand well what is happening in non-FDIC
           regulated institutions, especially large ones. While this
           agreement represents a positive step, a senior FDIC official told
           us that the current information-sharing provisions are not
           adequate. As institutions grow more complex, it becomes harder,
           without more complete information on their activities, for FDIC to
           properly price insurance coverage as well as to work out assets
           during resolution, according to the official. One way FDIC is
           currently seeking to address such issues is through an advanced
           notice of proposed rulemaking in which FDIC sought comments on
           options to modernize its deposit insurance determination process
           by requiring the largest banks and thrifts to modify their deposit
           account systems to speed depositors' access to funds in the event
           of a failure.^63 Today, institutions do not track the insurance
           status of their depositors, the agency says, yet if there is a
           failure, FDIC must make deposit insurance coverage determinations.
           Industry consolidation, and the emergence of larger, more complex
           institutions with millions of deposit accounts raise concerns
           about current methods for handling failures, according to FDIC.

           FDIC officials also told us they coordinate internationally with
           entities to share information on issues relevant to financial
           institutions, regulatory agencies, and insurers of financial
           institutions in the U.S. and abroad. For example, the officials
           participate on the Basel Committee, a forum for regular
           cooperation on banking supervisory matters. The Basel Committee is
           composed of senior officials responsible for banking supervision
           or financial stability issues from 13 countries including Belgium,
           Italy, Japan, and the United Kingdom. In particular, FDIC
           officials stated they participate three times per year in meetings
           of the Accord Implementation Group, a subgroup of the Basel
           Committee.
			  
			  FDIC Has Broad Plans and Specific Strategies for Handling an
			  Increase in Troubled or Failed Institutions

           To address the possibility of a large-scale bank failure, FDIC has
           developed broad plans and specific strategies. According to FDIC
           officials, the biggest dangers to the deposit insurance fund are
           large-scale bank failures. The FDIC Inspector General has warned
           that the banking industry's significant increase in consolidation
           could result in large losses to the deposit insurance fund if a
           so-called megabank failed.^64 FDIC officials told us credit risk
           continues to be the most important factor that could cause large
           banks, or a large number of banks, to fail. A sudden failure would
           most likely stem from rapid, widespread loss of confidence in an
           institution, which would generate a liquidity crisis.^65

           FDIC's Resolutions Policy Committee is responsible for developing
           plans to handle potential or actual failure of the largest insured
           institutions. The committee, comprised of senior FDIC officials
           from across the agency, has developed a 12-part plan for dealing
           with such difficulties.^66 In handling a failed institution,
           FDIC's primary objective is to protect insured depositors.
           Generally, FDIC seeks to minimize the overall cost to the
           insurance fund. The agency also seeks to prevent uninsured
           depositors, creditors, and shareholders from receiving more than
           their legally entitled amounts.^67 Overall, FDIC attempts to
           minimize the time an institution is under government control,
           while maximizing returns to creditors. In general, according to
           the plan, the resolution strategy for a large bank failure will
           depend on facts of the particular situation, such as
           characteristics of the bank, the nature and extent of the problem
           causing the failure, the condition of the industry and relevant
           financial markets, and the cost to the insurance fund. For a
           resolution that does not pose a systemic risk--that is, larger
           repercussions for the industry or national economy--FDIC will most
           likely choose between paying off insured deposits or establishing
           a bridge bank. A bridge bank is a new, temporary bank chartered to
           carry on the business of a failed institution until a permanent
           solution can be implemented. Bridge banks preserve the value of
           the institution until a final resolution can be accomplished. A
           key aim following failure is to preserve the value of an
           institution and business continuity through a bridge bank can be
           important for maintaining value and hence, a marketable franchise.

           In addition to the work of the agencywide Resolutions Policy
           Committee, FDIC's Division of Resolutions and Receiverships--the
           unit most directly responsible for handling failures--has created
           a detailed blueprint for managing failure of a large
           institution.^68 The blueprint includes strategies for establishing
           a bridge bank, which FDIC officials stated that in most cases was
           the least costly and most effective option for handling a sudden
           large bank failure. The plan seeks to minimize failure costs,
           contain the risk of troubles spreading beyond a failed bank or
           thrift, ensure prompt access to depositor funds, and preserve the
           FDIC insurance fund in the face of losses that could exhaust it.
           Some of these objectives, according to the plan, will conflict;
           most notably, tension between the least-cost approach and the
           potential systemic risk implications of a large-scale failure.^69
           The least-cost approach adheres to a principle of not providing
           FDIC insurance to uninsured depositors and also focuses on
           maintaining the franchise of the failed institution, because the
           value of the failed bank's franchise will mitigate the overall
           failure cost. Most, but not all, large banks will have a valuable
           franchise at the point of failure, according to FDIC officials.^70
           The agency says it is doubtful FDIC will have the opportunity to
           find an acquirer for a troubled large bank prior to failure. FDIC
           cites several reasons for this. Failure or near-failure of a large
           bank could happen very quickly with relatively little prior
           warning; as a result, there could be very limited opportunity to
           gather and analyze information about an institution's operations
           prior to failure. Also, extensive negotiations with potential
           acquirers would be required, and it is likely such activity would
           become publicly known, which could spark a liquidity crisis.

           As discussed earlier, FDIC has sharply reduced its workforce,
           which today is down 80 percent since its peak in the early 1990s
           during the banking crisis. FDIC headquarters officials maintain
           that the smaller staff has not hurt the agency's ability to
           monitor and assess risk--because as FDIC has shrunk, so too has
           the number of institutions through industry consolidation. The
           officials do acknowledge that industry troubles could require
           additional resources. As a result, FDIC has created a three-part
           strategy for dealing with an increase in troubled or failed
           institutions:

           o developing workforce flexibility, such as that provided by the
           Corporate Employee Program, where both newer and more experienced
           employees previously cross-trained in several areas of FDIC
           resolutions and receiverships operations would be temporarily
           reassigned from other divisions to handle failure and resolution
           duties;
           o recalling FDIC retirees for temporary duty;^71 and
           o hiring contractors for temporary duty.^72

           Overall, FDIC officials told us they do not believe there is any
           scenario for banking troubles that the agency would be unable to
           handle. But they acknowledge there could be two significant
           issues: if losses grew large enough, the insurance fund could be
           exhausted, requiring the Treasury Department to issue debt; and if
           sufficiently large institutions failed, there could be so many
           deposit claims that payoffs would be delayed. However, the
           agency's goal is to manage any institution failure to avoid these
           events.
			  
			  FDIC Reviews Some of Its Risk Assessment Activities, but Some
			  Evaluations Were Incomplete and Responsibility for Overseeing
			  Evaluations Is Unclear

           FDIC officials told us that evaluation and monitoring of its risk
           assessment activities are critical parts of the agency's mission
           and that such activities are ingrained in the organization. In
           addition to identifying risk assessment as a key internal control,
           our internal control standards also detail how an effective
           internal control system should include continuous monitoring and
           evaluation as an integral part of the agency's operations. This
           monitoring includes regular management and supervisory activities,
           comparisons, and reconciliations, among other activities. An
           example of continuous monitoring is FDIC's "continuous
           supervision" process for large institutions, as described earlier.
           FDIC officials also told us that they rely on us and the FDIC
           Inspector General to conduct such reviews, and our internal
           control standards acknowledge that evaluations may be performed by
           the Inspector General or an external auditor. However, the
           standards also say that organizations should themselves undertake
           internal evaluations that form "a series of actions and activities
           that occur throughout an entity's operations and on an ongoing
           basis."

           Our review of the evaluations and monitoring that FDIC provided to
           us indicates that FDIC has not comprehensively evaluated the full
           range of its risk activities in a routine way that is part of
           ongoing agency operations. When we reviewed several evaluations
           that FDIC provided, we found that though FDIC has evaluated or is
           in the process of evaluating a wide variety of risk activities,
           some of the evaluations appeared to be incomplete or were not
           conducted on a regular basis. The following examples illustrate
           these weaknesses:

           o When we asked FDIC officials for any evaluation of a recent, key
           change in risk management strategy--specifically, FDIC's adoption
           of risk-focused supervisory examinations under the MERIT program
           discussed earlier--officials cited two reports by the Inspector
           General's office. These reports were mostly favorable, although
           they reviewed only portions of the MERIT
           program, not its overall scope.^73 However, MERIT is a program
           that FDIC itself should comprehensively review because of the
           program's relative newness and its core role in identifying areas
           of risk. Also, some examiners to whom we spoke in FDIC field
           offices voiced concerns that the streamlined examinations under
           the MERIT program may fail to detect significant problems. Though
           FDIC officials in headquarters thought this concern may have been
           exaggerated, regular reporting of evaluations and monitoring could
           address these concerns.^74 Recently, FDIC's Regional Office in
           Atlanta completed a draft report on the MERIT examination
           approach, which recommended further study of MERIT as part of a
           broader review of examination programs.

           o When we asked for evaluations of FDIC's eight off-site
           monitoring systems discussed earlier, FDIC provided documentation
           showing one-time evaluations of the accuracy of two off-site
           monitoring systems. One of these evaluations reviewed the
           Statistical CAMELS Off-site Rating (SCOR) system, which, as noted
           earlier, is the agency's major off-site monitoring tool and is
           used to identify institutions that have experienced significant
           financial deterioration. In the evaluation of the SCOR
           system--completed in 2003--FDIC found it performed poorly.^75 Such
           a finding and FDIC's limited evaluation of its other off-site
           monitoring systems underscores the need for more regular reviews.
           FDIC officials stated they were reviewing and seeking to improve
           the agency's off-site monitoring systems. The plan for this
           effort, however, shows a considerable amount of work yet to be
           done with no scheduled completion date.
           o FDIC has conducted simulations designed to test its plans for
           addressing a key risk--increase in troubled and failed large
           institutions. In some cases, we found these simulations to have
           well-conceived elements that examined important changes FDIC has
           made in recent years, but in other cases we determined that the
           simulations were not comprehensive in following FDIC's own
           guidance on planning for large bank failures. For example, in 2002
           FDIC conducted a simulation of the hypothetical failure of a
           regional bank with $60 billion in assets. However, the Division of
           Resolutions and Receiverships did not develop its current
           large-bank failure plan until 2004. The 2002 simulation, which was
           FDIC's largest failure test by asset size, excluded consideration
           of systemic risk, which the 2004 plan emphasizes as a key issue.
           Thus the 2002 simulation did not test the current plan, nor did it
           include the type of risk FDIC identifies as significant. FDIC
           officials told us they did not intend to include systemic risk in
           this exercise. However, the guidance on planning for large bank
           failures underscores the importance of systemic risk, stating that
           "the collapse of a large bank could have profound implications for
           other insured depository institutions and/or elements of the
           economy." Thus, this exercise--FDIC's largest big bank failure
           scenario to date--excluded systemic risk. Additionally, a 2004
           simulation of a $30 billion regional bank was to highlight risks
           in operating a bridge bank--a bank established to temporarily take
           over operations of a failed institution. But the simulation did
           not include an investigation into major decisions on how to
           establish the bridge bank and thus did not fully reflect processes
           that FDIC's guidance says are critical to the successful opening
           and operation of a bridge bank.^76 Finally, a test addressing
           workforce flexibility provided 3 months' advance notice of the
           hypothetical closing of this large bank, while FDIC guidance says
           the agency should plan for failure with little or no warning. FDIC
           has acknowledged the value of regular testing, but officials from
           FDIC's Division of Resolutions and Receiverships told us that they
           were stretched
           for resources and that simulations and tests, which take time and
           resources, would have to be set aside if there were an increase in
           troubled bank activity.

           o Other evaluations that FDIC provided appeared to be
           comprehensive reviews of the specific risk activity and led to
           some changes, but these reviews did not appear to be done on a
           regular basis. For example, in 2006, a team of executives from
           FDIC's major divisions reviewed the effectiveness of the Regional
           Risk Committees. Recommendations included better reporting and
           wider consideration of risk and use of video teleconferences to
           discuss relevant issues before and after Regional Risk Committee
           meetings. An FDIC directive, issued in the summer of 2006,
           implemented these recommendations. A team of FDIC officials in the
           agency's Senior Executive Leadership Program also recently
           evaluated the workings of a committee that runs the Risk Analysis
           Center. The evaluation included recommendations on changes in the
           center's mission, structure, the way it communicates with FDIC
           employees, and the design of its internal Web site. FDIC officials
           stated that the most notable change to emerge from the process was
           to establish a three-person standing committee to coordinate the
           Risk Analysis Center, replacing what had been a group with
           rotating membership. However, officials also told us there were no
           formal efforts to evaluate the center's effectiveness.

           Some risk activities appear to be regularly evaluated in a broader
           review of FDIC operations conducted by the Division of Supervision
           and Consumer Protection but are not intended to comprehensively
           review the effectiveness of the risk activities. The division
           conducts a review of its operations of each of its six regional
           offices every 2 years. Based on documents provided by FDIC, we
           found that these reviews include reviews of the
           safety-and-soundness examinations FDIC performs as the primary
           federal regulator of designated banks and thrifts; enforcement
           actions taken to maintain institutions' financial health; off-site
           reviews of institutions' health; and operation of FDIC's large
           institution oversight program. These reviews, however, vary by
           office and cover only selected areas of the activities. The
           reviews also tend to emphasize compliance with policies and
           procedures, rather than effectiveness of the risk activities.

           Although FDIC conducts some evaluations of its risk assessment
           activities, our work indicates that FDIC's risk assessment
           framework does not clearly define how it will ensure that the
           evaluations of risk-related activities are thorough and conducted
           on a regular basis. FDIC maintains an Office of Enterprise Risk
           Management, but the office's activities are more internally
           focused and generally do not involve external risk assessment
           activities of FDIC's major operating divisions. FDIC officials
           told us that the agency's chief operating officer is ultimately in
           charge of the risk assessment process. At the same time, FDIC
           officials told us the agency's three main divisions--Supervision
           and Consumer Protection, Resolutions and Receiverships, and
           Insurance and Research--share external risk responsibilities
           through an interwoven structure of committees and
           management-directed activities. This unclear line of
           responsibility could be contributing to the weaknesses we
           identified in some of FDIC's evaluations of its risk activities.

           Our internal control standards state that an effective and
           positive internal control environment requires an agency's
           organizational structure to clearly define key areas of authority
           and responsibility and establish appropriate lines of reporting.
           Further, in implementing control standards, management is
           responsible for developing the detailed policies, procedures, and
           practices to fit the agency's operations and to ensure that the
           policies, procedures, and practices become an integral part of
           operations. According to insurance industry officials we spoke
           with, there are a variety of approaches to assigning
           responsibility for overseeing risk assessment activities. Some
           organizations have a Chief Risk Officer or a committee of
           senior-level officials while others delegate specific
           responsibilities to an existing office or officials. FDIC would be
           more likely to address or prevent some of the weaknesses we
           identified by designating official(s) or an office or establishing
           procedures, to ensure that evaluation and monitoring of risk
           activities are conducted regularly and comprehensively. For
           example, such an office or process could address employee concerns
           about MERIT by ensuring there are regular reviews and also
           identify and address potential resource constraints that can limit
           the number and breadth of large-bank failure simulations. By not
           clearly providing for oversight of monitoring and evaluating
           risk-related activities, FDIC is vulnerable to the risk of gaps or
           inefficiencies in its risk assessment process and will not know
           whether all parts of its risk management framework are effective.
			  
			  Conclusions

           Our limited observations of the interactions between FDIC's board
           of directors, their deputies, and senior management within the
           agency suggests that FDIC's board of directors is engaged in the
           agency's operations and effectively uses the information provided
           to the directors to assist in its oversight of the agency. The
           board has also established a clear and transparent relationship
           between the board of directors and the organization's management
           by delegating a wide range of activities to FDIC divisions. These
           delegations have been broadly reviewed on certain occasions and
           limited changes have been made to delegations granted by the
           board, both through a formal process and upon request by board
           members or FDIC divisions. These review processes help ensure that
           FDIC's delegations are appropriate and that FDIC employees are not
           making decisions that should be made by the board or more senior
           officials.

           FDIC has undertaken a number of activities to strengthen its human
           capital framework and also evaluates many of its human capital
           strategies. Specifically, FDIC's Corporate University is
           implementing a scorecard to monitor progress of training and
           development initiatives toward meeting agency goals. Although this
           effort is commendable, the scorecard does not yet include fully
           developed, outcome-based performance measures that would help
           determine the effectiveness of FDIC's training and development
           initiatives at achieving the agency's human capital goals. Though
           developing outcome-based performance measures is difficult, they
           are nevertheless important for ensuring that FDIC has information
           to determine whether to modify or redesign existing training
           programs or eliminate ineffective programs. At a minimum,
           identifying outcome-based performance measures will ensure that
           FDIC can begin collecting appropriate information that will help
           in determining how key initiatives--such as the Corporate Employee
           Program, a relatively new program designed to train and develop
           FDIC's future workforce--contribute to the agency's mission and
           goals. Evaluating and measuring the effectiveness of the Corporate
           Employee Program is especially important given the differences in
           opinion we observed between regional and headquarters officials on
           the relative merits of the program. Such differences reinforce the
           need for conducting evaluations of the effectiveness of key human
           capital initiatives, developing performance measures to determine
           whether the initiatives assist in achieving the agency's mission
           and human capital-related goals, and communicating the results to
           employees at all levels within the agency.

           FDIC has developed an extensive system for managing risk and has
           developed structures and processes to ensure that the various
           parts of the agency are working together to address key risks
           facing the agency. However, our review identified some weaknesses
           in FDIC's evaluations and monitoring of its risk assessment
           activities. Though FDIC has conducted reviews of many parts of its
           risk assessment activities, it has not developed a process for
           more routine evaluations and assessments, and its risk management
           structure does not clearly define how monitoring and evaluation of
           risk assessment activities are overseen. Clearly defining how the
           agency will monitor and evaluate its risk activities could assist
           FDIC in addressing or preventing weaknesses in its evaluations.
			  
			  Recommendations for Executive Action

           Based on our review of human capital and risk assessment programs
           at FDIC, we are making the following two recommendations to the
           Chairman of FDIC:

           o To ensure that it can measure the contribution that key human
           capital initiatives make toward achieving agency goals, FDIC
           should take steps to identify meaningful, outcome-based
           performance measures to include in its training and development
           scorecard and communicate available performance results to all
           FDIC employees.
           o To strengthen the oversight of its risk assessment activities,
           FDIC should develop policies and procedures clearly defining how
           it will systematically evaluate and monitor its risk assessment
           activities and ensure that required evaluations are conducted in a
           comprehensive and routine fashion.
			  
			  Agency Comments and Our Evaluation

           We provided a draft of this report to FDIC for review and comment.
           In written comments (see app. II), FDIC generally agreed with the
           report and the recommendations. FDIC stated it was committed to
           building and maintaining a knowledgeable and flexible workforce
           and is in the process of developing a comprehensive set of
           outcome-based performance measures to assist in determining the
           effectiveness of key training and development programs. FDIC also
           described its plans to conduct extensive evaluations of two of its
           human capital initiatives, the Corporate Employee Program and
           Professional Learning Accounts. These evaluations are intended to
           utilize outcome-based performance measures in order to provide
           FDIC with information on the extent to which the programs' goals
           are achieved. FDIC also agreed that the agency would benefit from
           a review of its risk management activities to ensure they are
           comprehensive, appropriate to the agency's mission, and fully
           evaluated. Accordingly, the agency has assembled a committee to
           perform an in-depth review of its current risk assessment
           activities and evaluation procedures. The committee will make
           recommendations for strengthening the agency's risk assessment
           framework and FDIC executive management will establish a plan for
           implementing the committee's recommendations. FDIC also provided
           technical comments that we incorporated as appropriate.

^63See Large-Bank Deposit Insurance Determination Modernization Proposal,
71 Fed. Reg. 74857 (2006) (advance notice of proposed rulemaking);
Large-Bank Deposit Insurance Determination Modernization Proposal, 70 Fed.
Reg. 73652 (2006) (advance notice of proposed rulemaking).

^64Federal Deposit Insurance Corporation, Office of Inspector General,
Follow-up Audit of the FDIC's Use of Special Examination Authority and
DOS's Efforts to Monitor Large Bank Insurance Risks (Washington, D.C.:
February 2002).

^65A liquidity crisis is the inability to obtain funds at a reasonable
price, within a reasonable time period, to meet obligations as they become
due. According to section 6.1 of FDIC's Risk Management Manual of
Examination Policies, "because liquidity is critical to the ongoing
viability of any bank, liquidity management is among the most important
activities that a bank conducts."

^66Resolutions Policy Committee members are: the chief operating officer,
who serves as chair; the chief financial officer; the directors of the
Divisions of Supervision and Consumer Protection, Insurance and Research,
and Resolutions and Receiverships; and the general counsel.

^67FDIC refers to this process as "preserving market discipline."

^68The formal name of the plan is: "Management of Large Financial
Institution Failure Strategy and Action Plan."

^69Ordinarily, FDIC must pursue the least costly strategy for resolution,
but the agency is freed of this obligation if it is determined that
systemic risk is present. A systemic risk determination is considered when
the least costly resolution strategy "would have serious adverse effects
on economic conditions or financial stability," and an alternative
resolution "would avoid or mitigate such adverse effects." A systemic risk
determination is made by the Secretary of the Treasury, in consultation
with the President, upon the recommendation of two-thirds votes of the
FDIC Board of Directors and the Board of Governors of the Federal Reserve
System. (Federal Deposit Insurance Act, S 13 (c)(4)(G)(i) (codified as
amended at 12 U.S.C. S 1823 (c)(4)(G)(i)).

^70An exception, according to FDIC, would be specialty banks with no core
deposit franchise, such as credit card institutions.

^71To facilitate this, FDIC received approval from the federal Office of
Personnel Management in October 2005 for "waiver of dual
compensation"--that is, so that it can hire retirees without the retirees
having pension payments reduced as a result. FDIC officials said no
program details have yet been implemented, including: number of
participants, required skills, methods for recall and deployment,
management responsibility, and plans to evaluate program effectiveness.

^72Specifically, FDIC told us it has taken steps to have contingency
contracts in place for, among other things, call center services; asset
valuation and management; marketing and sale of loans; residential,
commercial and industrial loan servicing; investigation; and credit card
securitization.

^73One report examined the Division of Supervision and Consumer
Protection's process for determining eligibility for the MERIT program's
streamlined safety and soundness examinations. See Federal Deposit
Insurance Corporation, Office of the Inspector General, Maximum
Efficiency, Risk-focused, Institution Targeted (MERIT) Eligibility Process
(Washington, D.C.: July 2005). It found the screening process for
determining MERIT program eligibility to be adequate. The other report
addressed evaluation of MERIT procedures on the extent to which an
institution's loan portfolio is reviewed during an examination. See
Federal Deposit Insurance Corporation, Office of the Inspector General,
DSC's Process for Tracking and Evaluating the Impact of the MERIT
Guidelines (Washington, D.C.: March 2005). The Inspector General said the
division could benefit from monitoring that evaluates, from a risk
perspective, a reduced level of loan review that results from the MERIT
process. Such monitoring--either at the institutional level, or the
regional or national level--would assist the division in determining
whether recommended loan review ranges under the MERIT program are
commensurate with risk found in various types of loan portfolios in
low-risk institutions.

^74FDIC officials said that according to FDIC guidance, examiners can--and
do--remove an institution from MERIT procedures, and instead conduct a
fuller, non-MERIT examination if there are concerns about an institution
eligible for consideration under the MERIT approach.

^75A paper in the FDIC Banking Review (Vol. 15, No. 3, 2003) stated:
"Clearly, the accuracy of the model has declined substantially, and
performance has been especially weak since 1993." Since 1993, the system
had identified only 16 percent of banks that subsequently were downgraded
in their supervisory ratings, FDIC researchers said. While "not extremely
accurate," they said, the system nevertheless "is informative."

^76For example, the process of separating insured deposits from uninsured
deposits, according to FDIC guidance, is potentially the most challenging
aspect of establishing a bridge bank, and treatment of deposits before the
bridge bank opening would have a broad effect on its operation.

           We are sending copies of this report to the Chairman of the
           Federal Deposit Insurance Corporation, interested congressional
           committees, and other interested parties. We will also make copies
           available to others upon request. In addition, the report will be
           available at no charge on the GAO Web site at
           http://www.gao.gov .

           If you or your staff have any questions concerning this report,
           please contact me at (202) 512-2717 or at [email protected] .
           Contact points for our Office of Congressional Relations and
           Public Affairs may be found on the last page of this report. Key
           contributors to this report are listed in appendix III.

           Yvonne D. Jones
			  Director, Financial Markets and Community
           Investment
			  
			  Appendix I: Objectives, Scope, and Methodology

           This report responds to a mandate included in the Federal Deposit
           Insurance Reform Conforming Amendments Act of 2005 requiring the
           Comptroller General to report on the appropriateness of FDIC's
           organizational structure. Specifically, this report focuses on
           three areas that influence the effectiveness of FDIC's
           organizational structure and reflect key internal controls: (1)
           mechanisms used by the FDIC board of directors to oversee and
           manage the agency; (2) FDIC's human capital strategies and how
           training and development programs are evaluated; and (3) FDIC's
           process for monitoring and assessing risks to the industry and the
           deposit insurance fund and how that process is overseen and
           evaluated.

           To describe how FDIC's board of directors oversees and manages the
           agency, we reviewed FDIC's enabling legislation, bylaws, and other
           governance documents to understand the legal authority, oversight
           responsibilities, and structure of FDIC and its board of directors
           and standing committees. We also reviewed our reports and
           literature on characteristics of boards of directors to identify
           management issues and common practices among boards of directors.
           We met with knowledgeable academicians and researchers to gain a
           better understanding of management practices at organizations
           overseen by boards of directors. To obtain more information on how
           FDIC's board manages and oversees the agency, we conducted
           interviews with members of FDIC's current board of directors and
           the board's Audit Committee members. We developed a standardized
           interview guide, and used the same set of questions for each
           interview session.^1 To obtain independent views from board
           members, we met with each board member separately; each board
           member's deputies or other senior staff also participated in the
           interviews. We also attended two FDIC board meetings and held
           additional interviews with former FDIC officials to gain a broader
           understanding of governance at FDIC. To gain a better
           understanding of one mechanism for managing the agency,
           delegations of authority, we interviewed officials in FDIC's Legal
           Division and reviewed FDIC's master set of delegations to FDIC
           divisions and officers as well as a directive describing the
           process for issuing delegations. We also consulted our Standards
           for Internal Control in the Federal Government to determine how
           delegations of authority affect an agency's internal control
           environment.^2

           To describe FDIC's human capital strategies, we gathered and
           analyzed information from a variety of sources. We reviewed our
           guidance and reports on federal agencies' workforce planning and
           human capital management efforts to identify recommended strategic
           workforce planning principles for high performing organizations.
           We reviewed relevant work of FDIC's Office of the Inspector
           General and obtained documentation of certain findings from
           previous Inspector General reports related to FDIC's human capital
           strategic planning. We interviewed FDIC officials on the Human
           Resources Committee, senior managers in various FDIC divisions,
           and officials in Corporate University to obtain information on how
           critical skill needs and skill gaps are addressed and how FDIC
           develops and implements human capital initiatives, including
           training and development programs. We also obtained and reviewed
           documentation of FDIC's human capital goals and how FDIC's primary
           divisions track their progress toward meeting those goals. To
           determine how FDIC evaluates its training and development
           programs, we interviewed Corporate University officials and
           obtained relevant documentation. We also consulted our report,
           Human Capital: A Guide for Assessing Strategic Training and
           Development Efforts in the Federal Government, to obtain
           information and criteria on evaluating training programs.^3

           To examine the extent to which FDIC monitors, assesses, and plans
           for risks facing banks and thrifts, the industry as a whole, and
           the deposit insurance fund, we interviewed FDIC officials in
           divisions directly responsible for risk-related activities, such
           the Divisions of Supervision and Consumer Protection and
           Resolutions and Receiverships. We obtained and reviewed written
           and testimonial information on FDIC's risk management activities,
           plans for addressing the biggest dangers to the industry and
           insurance fund, and FDIC's methods for evaluating its risk
           management activities. We examined research reports and papers
           describing the implications of financial institution failures,
           documentation of the agency's examination procedures, and various
           documents related to the work of FDIC's Risk Analysis Center,
           National Risk Committee, and Resolutions Policy Committee. We also
           attended a presentation of the Risk Analysis Center to understand
           its role and function as part of FDIC's risk management activities
           and observed a meeting of one of FDIC's six Regional Risk
           Committees. In addition, we examined our own guidance, including
           our Standards for Internal Control in the Federal Government, to
           determine how risk monitoring and assessment activities help
           provide effective internal controls.^4

           Finally, to address all three objectives in this report, we
           conducted site visits to FDIC regional and field offices in three
           states (California, Georgia, and Texas). The purpose of the site
           visits was to obtain more in-depth information on the FDIC board
           of directors' management and oversight responsibilities; issues
           related to human capital, workforce planning, and training and
           development; FDIC's methods for identifying, assessing, and
           monitoring risk; and FDIC's methods of evaluating its progress
           toward meeting agency goals. In each state, we conducted
           interviews with senior managers from FDIC's three main divisions
           and the Human Resources Branch; analysts and economists in the
           Division of Insurance and Research; case managers in the Division
           of Supervision and Consumer Protection; and financial institution
           examiners in the Division of Supervision and Consumer Protection.
           ^5 Additionally, in Dallas, Texas, we interviewed staff within
           FDIC's Division of Resolutions and Receiverships because the
           Dallas office is where resolutions and receiverships activities
           are centered. We developed a standardized interview guide for each
           group of employees we interviewed, and used the same set of
           questions for each interview session.^6 To encourage open
           communication, we met with each group of employees separately, and
           except in one instance, subordinate employees were interviewed
           separately from their managers.^7 We judgmentally selected the
           states based on the following characteristics: staffing levels in
           each regional and field office; the number and size of
           FDIC-supervised institutions located in a particular region;
           regional and field office structure; geographic dispersion;
           recommendations of officials from FDIC's Office of Inspector
           General; and proximity of the field office to the regional office
           coupled with time and travel resources.

           To assess the reliability of the employment data presented and
           discussed in the background section of this report, we (1)
           reviewed existing information about the data and the system that
           produced them and (2) interviewed agency officials knowledgeable
           about the data. For FDIC data on overall employment from
           1991-2006, we performed some basic reasonableness checks of the
           data against data from the Office of Personnel Management's
           Central Personnel Data File (CPDF).^8 When we found discrepancies,
           such as considerable differences between data from the two
           sources, we brought them to the agency's attention and worked with
           a data analyst at FDIC to understand the discrepancies before
           conducting our analyses. For employment trends by occupation, FDIC
           was unable to provide accurate data for years prior to 2001 due to
           the integration of several legacy systems and databases.
           Therefore, we used data from the CPDF to approximate employment
           data by occupation. Although FDIC officials noted certain
           limitations of the CPDF data, they stated that the data were
           accurate within a sufficient margin of error for reporting of
           governmentwide workforce demographics and trends. After reviewing
           possible limitations in FDIC's overall employment data and CPDF
           data by occupation, we determined that all data provided were
           sufficiently reliable for the purposes of this report.

           We conducted our work in California, Georgia, Texas, and
           Washington, D.C., from May 2006 through January 2007 in accordance
           with generally accepted government auditing standards.
			  
^1We made minor revisions, such as wording clarifications, to the
interview guide after the first interview and used the revised interview
guide during subsequent interviews.

^2 [67]GAO/AIMD-00-21 .3.1.

^3 [68]GAO-04-546G .

^4 [69]GAO/AIMD-00-21 .3.1.

^5In the Dallas, Texas regional office, we only interviewed managers in
the Division of Resolutions and Receiverships when we met with senior
management. Also, we did not interview staff in the Division of Insurance
and Research.

^6We made minor revisions, such as wording clarifications, to the
interview guides after the first site visit and used the revised interview
guides during subsequent site visits.

^7In the one instance noted above, responses obtained from interview
participants were largely similar to those obtained at other interviews
during the site visits.

^8The Central Personnel Data File is an automated information system
containing individual records for most federal civilian employees. The
system's primary objective is to provide a readily accessible database for
meeting the workforce information needs of the White House, the Congress,
the Office of Personnel Management, other federal agencies, and the
public.
		  
			  Appendix II: Comments from the Federal Deposit Insurance Corporation
			  
			  Appendix III: GAO Contact and Staff Acknowledgments
			  
			  GAO Contact

           Yvonne D. Jones (202) 512-2717 or [email protected]
			  
			  Staff Acknowledgments

           In addition to the individual named above, Kay Kuhlman, Assistant
           Director; Kenrick Isaac, Jamila Jones, Alison Martin, David
           Pittman, Omyra Ramsingh, and Christopher Schmitt made key
           contributions to this report.
			  
			  GAOï¿½s Mission

           The Government Accountability Office, the audit, evaluation and
           investigative arm of Congress, exists to support Congress in
           meeting its constitutional responsibilities and to help improve
           the performance and accountability of the federal government for
           the American people. GAO examines the use of public funds;
           evaluates federal programs and policies; and provides analyses,
           recommendations, and other assistance to help Congress make
           informed oversight, policy, and funding decisions. GAO's
           commitment to good government is reflected in its core values of
           accountability, integrity, and reliability.
			  
			  Obtaining Copies of GAO Reports and Testimony

           The fastest and easiest way to obtain copies of GAO documents at
           no cost is through GAO's Web site ( www.gao.gov ). Each
           weekday, GAO posts newly released reports, testimony, and
           correspondence on its Web site. To have GAO e-mail you a list of
           newly posted products every afternoon, go to www.gao.gov and
           select "Subscribe to Updates."
			  
			  Order by Mail or Phone

           The first copy of each printed report is free. Additional copies
           are $2 each. A check or money order should be made out to the
           Superintendent of Documents. GAO also accepts VISA and Mastercard.
           Orders for 100 or more copies mailed to a single address are
           discounted 25 percent. Orders should be sent to:

           U.S. Government Accountability Office 441 G Street NW, Room LM
           Washington, D.C. 20548

           To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax:
           (202) 512-6061
			  
			  To Report Fraud, Waste, and Abuse in Federal Programs

           Contact:

           Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail:
           [email protected] Automated answering system: (800) 424-5454 or
           (202) 512-7470
			  
			  Congressional Relations

           Gloria Jarmon, Managing Director, [email protected] (202)
           512-4400 U.S. Government Accountability Office, 441 G Street NW,
           Room 7125 Washington, D.C. 20548
			  
			  Public Affairs

           Paul Anderson, Managing Director, [email protected] (202)
           512-4800 U.S. Government Accountability Office, 441 G Street NW,
           Room 7149 Washington, D.C. 20548

(250290)

www.gao.gov/cgi-bin/getrpt?GAO-07-255 .

To view the full product, including the scope
and methodology, click on the link above.

For more information, contact Yvonne D. Jones at (202) 512-2717 or
[email protected].

Highlights of [71]GAO-07-255 , a report to congressional committees

February 2007

FEDERAL DEPOSIT INSURANCE CORPORATION

Human Capital and Risk Assessment Programs Appear Sound, but Evaluations
of Their Effectiveness Should Be Improved

The Federal Deposit Insurance Reform Conforming Amendments Act of 2005
requires GAO to report on the effectiveness of Federal Deposit Insurance
Corporation's (FDIC) organizational structure and internal controls. GAO
reviewed (1) mechanisms the board of directors uses to oversee the agency,
(2) FDIC's human capital strategies and how its training initiatives are
evaluated, and (3) FDIC's process for monitoring and assessing risks to
the banking industry and the deposit insurance fund, including its
oversight and evaluation. To answer these objectives, GAO analyzed FDIC
documents, reviewed recommended practices and GAO guidance, conducted
interviews with FDIC officials and board members, and conducted site
visits to FDIC regional and field offices in three states.

[72]What GAO Recommends

GAO recommends that FDIC (1) develop outcome-based performance measures
for key human capital initiatives and make available such performance
results to all employees and (2) develop policies and procedures that
define how it will systematically and comprehensively evaluate its risk
assessment activities.

FDIC generally agreed with the report and the recommendations, and has
plans underway to improve evaluations of key training programs and risk
assessment activities.

FDIC's five-member board of directors is responsible for managing FDIC.
Information and communication channels have been established to provide
board members with information on the agency's operations and to help them
oversee the agency. The board also has four standing committees for key
oversight functions. For example, the audit committee primarily oversees
the agency's implementation of FDIC Inspector General audit
recommendations. Finally, because the board cannot oversee all day-to-day
operations, the board delegates certain responsibilities to senior
management. FDIC has procedures for issuing and revising its delegations
of authority, which help ensure that the delegations are appropriate for
its current structure and banking environment. FDIC has reviewed specific
delegations on occasion at the request of a board member, management, and
more recently in response to an Inspector General report's recommendation.

Management of human capital is critical at FDIC because the agency's
workload can shift dramatically depending on the financial condition of
the banking industry. FDIC uses an integrated approach, where senior
executives come together with division managers, to develop human capital
initiatives, and the agency has undertaken activities to strengthen its
human capital framework. FDIC created the Corporate Employee Program to
develop new employees and provide training in multiple disciplines so they
are better prepared to serve the needs of the agency, particularly when
the banking environment changes. Some FDIC employees thought the program
had merit, but they expressed concerns about whether certain aspects of
the program could slow down the development of expertise in certain areas.
FDIC, through its Corporate University, evaluates its training programs,
and officials are developing a scorecard that includes certain output
measures showing progress of key training initiatives towards its goals.
Officials told us that they would like to have outcome measures showing
the effectiveness of their key training initiatives but have faced
challenges developing them. However, outcome measures could help address
employee concerns and ensure that the Corporate Employee Program achieves
the agency's goals.

FDIC has an extensive system for assessing and monitoring external risks.
FDIC's system includes supervision of individual financial institutions
and analysis of trends affecting the health of financial institutions.
FDIC has also developed contingency plans for handling the greatest
dangers to the deposit insurance fund--particularly the failure(s) of
large institutions. In addition to risk assessment, a key internal control
is monitoring risk assessment activities on an ongoing basis. FDIC has
evaluated several of its risk activities, but most of the evaluations we
reviewed were not conducted regularly or comprehensively. For example,
some simulations of its plans for handling large bank failures were either
out of date or inconsistent with FDIC's guidance. Developing policies and
procedures and clearly defining how it will monitor and evaluate its risk
activities could assist FDIC in addressing or preventing weaknesses in its
evaluations.

References

Visible links
  39. http://www.gao.gov/cgi-bin/getrpt?GAO-02-373SP
  40. http://www.gao.gov/cgi-bin/getrpt?GAO-04-546G
  41. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21.3.1
  44. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21.3.1
  45. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21.3.1
  46. http://www.gao.gov/cgi-bin/getrpt?GAO-02-373SP
  47. http://www.gao.gov/cgi-bin/getrpt?GAO-03-446
  48. http://www.gao.gov/cgi-bin/getrpt?GAO-02-373SP
  49. http://www.gao.gov/cgi-bin/getrpt?GAO/OCG-00-14G
  50. http://www.gao.gov/cgi-bin/getrpt?GAO-03-669
  51. http://www.gao.gov/cgi-bin/getrpt?GAO-04-546G
  52. http://www.gao.gov/cgi-bin/getrpt?GAO-04-546G
  53. http://www.gao.gov/cgi-bin/getrpt?GAO-04-546G
  54. http://www.gao.gov/cgi-bin/getrpt?GAO-05-739SP
  55. http://www.gao.gov/cgi-bin/getrpt?GAO-04-39
  56. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21.3.1
  67. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21.3.1
  68. http://www.gao.gov/cgi-bin/getrpt?GAO-04-546G
  69. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21.3.1
  71. http://www.gao.gov/cgi-bin/getrpt?GAO-07-255
*** End of document. ***