Internal Control: Improvements Needed in SEC's Accounting and	 
Financial Reporting Process (01-APR-08, GAO-08-461R).		 
                                                                 
On November 16, 2007, we issued our report on the U.S. Securities
and Exchange Commission's (SEC) fiscal years 2007 and 2006	 
financial statements and on SEC's internal control as of	 
September 30, 2007. We also reported on the results of our tests 
of SEC's compliance with selected provisions of laws and	 
regulations during fiscal year 2007. The purpose of this report  
is to present areas of SEC's internal controls identified during 
our fiscal year 2007 audit that could be improved. This report	 
contains 14 recommendations to SEC to improve these internal	 
controls and procedures. These recommendations are in addition to
those we already provided to SEC as a result of our prior audits 
of SEC's financial statements.					 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-08-461R					        
    ACCNO:   A81472						        
  TITLE:     Internal Control: Improvements Needed in SEC's Accounting
and Financial Reporting Process 				 
     DATE:   04/01/2008 
  SUBJECT:   Accountability					 
	     Accounting standards				 
	     Auditing standards 				 
	     Data integrity					 
	     Documentation					 
	     Federal regulations				 
	     Financial management				 
	     Financial management systems			 
	     Financial records					 
	     Financial statement audits 			 
	     Financial statements				 
	     Information security				 
	     Internal controls					 
	     Policy evaluation					 
	     Program evaluation 				 
	     Records management 				 
	     Reporting requirements				 
	     Reports management 				 
	     Securities 					 
	     Systems integration				 
	     Policies and procedures				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-08-461R

   

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

April 1, 2008: 

The Honorable Christopher Cox: 

Chairman: 

U.S. Securities and Exchange Commission: 

Subject: Internal Control: Improvements Needed in SEC's Accounting and 
Financial Reporting Process: 

Dear Mr. Cox: 

On November 16, 2007, we issued our report[Footnote 1] on the U.S. 
Securities and Exchange Commission's (SEC) fiscal years 2007 and 2006 
financial statements and on SEC's internal control as of September 30, 
2007. We also reported on the results of our tests of SEC's compliance 
with selected provisions of laws and regulations during fiscal year 
2007. 

The purpose of this report is to present areas of SEC's internal 
controls identified during our fiscal year 2007 audit that could be 
improved.[Footnote 2] This report contains 14 recommendations to SEC to 
improve these internal controls and procedures. These recommendations 
are in addition to those we already provided to SEC as a result of our 
prior audits of SEC's financial statements.[Footnote 3] 

Results in Brief: 

Our November 16, 2007, report concluded that SEC had a material 
weakness[Footnote 4] in internal control over its financial reporting 
process, and therefore did not maintain effective internal control over 
financial reporting as of September 30, 2007. This weakness is 
comprised of four significant deficiencies,[Footnote 5] which taken 
collectively result in more than a remote likelihood that a material 
misstatement of the financial statements will not be prevented or 
detected. These significant deficiencies concern (1) the period-end 
financial reporting process, (2) disgorgements and penalties accounts 
receivable, (3) accounting for transaction fee revenue, and (4) 
preparing financial statement disclosures. 

In addition to the material weakness discussed above, we identified 
three significant deficiencies in internal control, which although not 
material weaknesses, represent significant deficiencies in the design 
or operation of internal control. These significant deficiencies 
concern (1) information security controls, (2) property and equipment, 
and (3) accounting for budgetary resources. 

As of January 2008, SEC had taken actions to fully address 3 of the 23 
recommendations that remained open as of January 2007 from our audits 
of the agency's 2004, 2005, and 2006 financial statements. 

We also identified one other internal control weakness that although 
not considered to be a material weakness or significant deficiency, we 
believe warrants SEC management's consideration as to whether 
additional actions are warranted. This issue concerns certification of 
employees' time cards, documentation of monitoring of time card 
certification, and approval of personnel actions. 

Tables 1, 2, and 3 of enclosure I provide summary information on the 
status of recommendations from our 2004, 2005, and 2006 audits of SEC's 
financial statements, respectively.[Footnote 6] Our 14 new 
recommendations follow the sections in which the corresponding issues 
are discussed. 

In providing written comments on a draft of this report, the SEC 
Chairman expressed his commitment to remediate the control deficiencies 
this fiscal year and summarized SEC's corrective action plans to 
address GAO's recommendations. 

Scope and Methodology: 

As part of our audit of SEC's fiscal years 2007 and 2006 financial 
statements, we evaluated SEC's internal controls and tested its 
compliance with selected provisions of laws and regulations. We 
designed our audit procedures to test relevant controls over financial 
reporting, including those designed to provide reasonable assurance 
that transactions are properly recorded, processed, and summarized to 
permit the preparation of the financial statements in conformity with 
U.S. generally accepted accounting principles, and that assets are 
safeguarded against loss from unauthorized acquisition, use, or 
disposition. This report is based on the work performed during our 
audit of SEC's fiscal years 2007 and 2006 financial statements. We 
requested comments on a draft of this report from the Chairman of SEC. 
SEC's written comments are reprinted in enclosure II. We conducted our 
audit in accordance with U.S. generally accepted government auditing 
standards. Further details on our scope and methodology are included in 
our report on the results of our audit of SEC's fiscal years 2007 and 
2006 financial statements[Footnote 7] and are briefly summarized in 
enclosure III. 

Period-End Financial Reporting Process: 

SEC's financial management system does not conform to the systems 
requirements of Office of Management and Budget (OMB) Circular No. A- 
127, Financial Management Systems. Specifically, Circular No. A-127 
requires that financial management systems be designed to provide for 
effective and efficient interrelationships between software, hardware, 
personnel, procedures, controls, and data contained within the systems. 
Circular No. A-127 further states that financial systems must have 
common data elements, common transaction processing, consistent 
internal controls, and efficient transaction entry, and that reports 
produced by the systems shall provide financial data that can be traced 
directly to the general ledger accounts. 

SEC's period-end financial reporting process for recording 
transactions, maintaining account balances, and preparing financial 
statements and disclosures is supported to varying degrees by a 
collection of automated systems that are not integrated or compatible 
with its general ledger system. These automated systems' lack of 
integration and compatibility require that extensive compensating 
manual and labor-intensive accounting procedures, involving large 
spreadsheets and numerous posting and routine correcting journal 
entries, dominate SEC's period-end financial reporting process. Some of 
SEC's subsidiary systems, such as those for property and equipment and 
for disgorgements and penalties, do not share common data elements and 
common transaction processing with the general ledger system. 
Therefore, intermediary information processing steps, including 
extensive use of spreadsheets, manipulation of data, and manual journal 
entries, are needed to process the information in SEC's general ledger. 
For example, at period end, SEC personnel must extract the period's 
transactions from each subsidiary system and forward these data, in 
various formats, to accountants in the Financial Statements Preparation 
Branch, who use them to develop the journal vouchers (JV) necessary to 
include these transactions in period-end balances. These JVs are 
uploaded in batches to the core financial management system and posted 
to the general ledger. Once the general ledger is thus updated, a trial 
balance is created from which the accountants prepare the financial 
statements. 

While the accounting staff make extensive use of desktop applications 
and workstations to perform calculations and to store the data used to 
prepare JVs and financial statements, little of the data processing 
that takes place during SEC's financial reporting cycle is fully 
automated. The information security controls necessary to prevent or 
recover from any inadvertent data corruption or to permit independent 
verification of the processing that has taken place have not been 
established for period-end accounting and reporting. SEC has developed 
a standard voucher template and a standardized review form for JVs, 
which were used to prepare the final fiscal 2007 financial statements. 
However, SEC's current period-end closing process taken as a whole 
complicates review of the transactions and greatly increases the risk 
that the transactions are not recorded completely, properly, or 
consistently, ultimately affecting the reliability of the data 
presented in the financial statements. Our identification this year of 
errors in SEC's calculation of disgorgement and penalty accounts 
receivable, discussed below, illustrates this risk. 

The risk to data reliability is further increased because basic 
controls over electronic data, such as worksheet and password 
protection, change history, and controls over data verification, such 
as control totals and record counts, were not consistently used during 
the data processing between the source systems and the general ledger. 
In addition, currently, SEC's general ledger has several unconventional 
posting models and other limitations that prevent proper recording of 
certain transactions. As a result, SEC's year-end reporting process 
requires extensive routine correcting journal entries to correct errors 
created by incorrectly posted transactions in its general ledger. We 
also noted that SEC's documentation used to crosswalk individual 
accounts to the financial statement line items contained an incorrect 
routing to a line item on SEC's Statement of Budgetary Resources for 
SEC's year-end financial statement preparation process, which caused a 
material error in SEC's draft financial statements for 2007. 

Also, SEC did not have detailed written documentation of its 
methodologies and processes for preparing financial statements and 
disclosures, increasing the risk of inconsistent and improper reporting 
and the risk that disruptions and error may arise when staff turnover 
occurs. Specifically, SEC did not have current written policies and 
procedures for over 15 areas, including investments, property and 
equipment, accounts receivable, other liabilities, and for the 
preparation of JV uploads into SEC's financial management system. 

Recommendations: 

We recommend that SEC take the following actions to improve its period- 
end financial reporting process controls: 

1. Integrate subsystems that process significant accounting data with 
the general ledger. 

2. Until subsystems are fully integrated, develop and implement 
documented data reliability checks for data extracted from 
nonintegrated subsidiary systems, including spreadsheets. These data 
reliability checks should include supervisory review. 

3. Prepare written procedures which describe explicitly the steps 
required to accomplish and document each significant activity in the 
general ledger closing process and in the generation of the financial 
statements, including related disclosures. 

Disgorgements and Penalties Accounts Receivable: 

As part of its enforcement responsibilities, SEC issues orders and 
administers judgments ordering, among other things, disgorgements, 
civil monetary penalties, and interest against violators of federal 
securities laws.[Footnote 8] SEC recognizes a receivable when SEC is 
designated in an order or a final judgment to collect the assessed 
disgorgements, penalties, and interest. At September 30, 2007, the 
gross amount of disgorgements and penalties accounts receivable was 
$330 million, with a corresponding allowance of $266 million resulting 
in a net receivable of $64 million. 

SEC's Phoenix system, which maintains financial data pertaining to 
disgorgements and penalties, is not integrated with SEC's general 
ledger system. To determine disgorgement and penalty receivable 
amounts, SEC downloads the data from Phoenix into a spreadsheet, 
manipulates selected data, and uses cell formulas to determine balance 
totals. This manual process for determining disgorgement and penalty 
balances presents high inherent risk in SEC's financial reporting 
process and demands effective compensating controls to ensure the 
accuracy and proper recording of related financial statement amounts, 
including effective supervisory review. 

In our reviews of the interim June 30, 2007, and year-end September 30, 
2007, balances of accounts receivable for disgorgements and penalties, 
we found errors in SEC's spreadsheet formulas resulting in 
overstatements of these receivable balances for both periods. 
Specifically, for the interim balance as of June 30, 2007, the 
spreadsheet formula did not reduce the disgorgement receivable for 
offset amounts that had already been paid by debtors to a non-SEC 
entity. SEC subsequently detected and corrected the June 30 errors, but 
then made different spreadsheet calculation errors in the year-end 
balances as of September 30, 2007, which we detected as part of our 
audit and which SEC corrected prior to the issuance of the financial 
statements. For example, SEC incorrectly included in its disgorgement 
receivable balance at September 30, 2007, amounts that had been 
terminated. 

The main cause of these errors was the breakdown this year in the 
manual controls that were intended to compensate for the lack of an 
integrated accounting system for disgorgements and penalties, as 
discussed above. 

Although SEC reviewed the journal entries posting the amounts to the 
general ledger, this review did not extend to the preparation of the 
spreadsheet SEC used to document the accounts receivable calculation at 
June 30 and September 30, 2007, and therefore, was not sufficient to 
detect significant spreadsheet formula errors. For example, the review 
did not include (1) reviewing the detailed manual process of 
downloading data from Phoenix, (2) determining which Phoenix data 
elements to use and the rationale used in selecting those data 
elements, (3) reviewing the manipulation of selected data, and (4) 
reviewing the accuracy of the spreadsheet cell formulas used in 
calculating the accounts receivable balance. 

Recommendations: 

We recommend that SEC take the following action to improve its 
disgorgement and penalties accounts receivable controls: 

4. Develop and implement controls over the calculation of disgorgement 
and penalties accounts receivable, including the reliability of data 
downloaded from Phoenix and the accuracy of spreadsheet cell formulas 
and related methodologies. 

Accounting for Transaction Fee Revenue: 

As one of its sources of revenue, SEC collects securities transaction 
fees paid by self-regulatory organizations (SRO) to SEC for stock 
transactions. SRO transaction fees are payable to SEC twice a year - in 
March for the previous months September through December, and in 
September for the previous months January through August. SEC 
calculates the fees due and bills the SROs based on actual transaction 
volume reported on a monthly basis by the SROs to SEC. Since the SROs 
are not required to report the actual volume of transactions until 10 
business days after the end of each month, SEC estimates and records an 
amount receivable for fees payable by the SROs to SEC for activity 
during the month of September. At September 30, 2007, SEC estimated 
this receivable amount at $100.6 million based on previous months' 
transaction volume. Based on information SEC received from the SROs in 
mid-October concerning the actual volume of transactions, the amount of 
claims receivable at September 30, 2007, for activity during the month 
of September should have been $74.4 million. In addition, also in mid- 
October, one of the SROs submitted amended transaction volume to SEC 
for the months March, April, May, and June 2007, reflecting an 
additional receivable amount of approximately $75,000. In previous 
years, SEC made adjustments to reflect the actual volume of 
transactions; however, SEC does not have written procedures to help 
ensure that these adjustments are made as a routine part of its year- 
end financial reporting process. We proposed, and SEC posted, the 
necessary audit adjustments to correct the amount of transaction fee 
revenue and related receivable for fiscal year 2007. 

Statement on Auditing Standards No.1, Codification of Auditing 
Standards and Procedures, which explains the accounting requirements 
for subsequent events, requires that events or transactions that 
existed at the date of the balance sheet and affect the estimates 
inherent in the process of preparing financial statements should be 
considered for adjustment to or disclosure in the financial statements 
through the date that the financial statements are issued. In addition, 
the concept of consistency in financial reporting provides that 
accounting methods, including those for determining estimates, once 
adopted, should be used consistently from period to period unless there 
is good cause to change. 

Recommendations: 

We recommend that SEC take the following action to improve its 
accounting for transaction fee revenue controls: 

5. Establish and implement detailed written procedures for recording 
transaction fee revenue and the related receivable, including 
procedures for recognizing data received after the balance sheet date 
but prior to issuance of the financial statements. 

Preparing Financial Statement Disclosures: 

In our review of SEC's year-end draft financial statement disclosures, 
we noted numerous errors including misstated amounts, improper breakout 
of line items, and amounts from fiscal year-end 2006 incorrectly 
brought forward as beginning balances for fiscal year 2007. For 
example, in its disclosure for Custodial Revenues and Liabilities, SEC 
improperly excluded approximately $320 million in collections. In 
another example, for its disclosure on Fund Balance with Treasury, SEC 
misclassified approximately $90 million into incorrect line items. 
Also, in its disclosure for Fiduciary Assets and Liabilities, SEC's 
beginning balances for Fund Balance with Treasury and for Liability for 
Fiduciary Activity were each misstated by $8.9 million due to errors in 
carrying forward ending balances from September 30, 2006. We also noted 
numerous instances in which amounts reported in the footnote 
disclosures were not consistent with amounts presented in the financial 
statements or Management's Discussion and Analysis. SEC revised the 
financial statement disclosures to correct the errors that we noted in 
its final year-end financial statements for fiscal year 2007. However, 
correction of these errors required multiple revisions before all 
errors were properly corrected. 

We believe that these and numerous other errors in the disclosures were 
due mainly to the lack of a documented timeline and process for 
completing the fiscal year 2007 financial statements and disclosures, 
including review of the disclosures. In addition, the cumbersome and 
complicated nature of SEC's financial reporting process discussed above 
did not allow SEC finance staff sufficient time to carry out thorough 
and complete reviews of the disclosures in light of the November 15 
reporting deadline.[Footnote 9] 

Recommendations: 

We recommend that SEC take the following action to improve its 
financial statement disclosure preparation controls: 

6. Establish and implement detailed written procedures for the 
preparation and review of the financial statement disclosures, 
including the comparison of financial statement disclosure amounts to 
related information presented in the current and previous year 
financial statements and Management's Discussion and Analysis. 

Property and Equipment: 

SEC's property and equipment consists of general-purpose equipment used 
by the agency; capital improvements made to buildings leased by SEC for 
office space; and internal-use software development costs for projects 
in development and production. SEC acquired approximately $27 million 
dollars in property and equipment during fiscal year 2007. Similar to 
our last year's audit, during the course of testing fiscal year 2007 
additions, we noted numerous instances of inaccuracies in recorded 
acquisition dates and costs for property and equipment purchases, as 
well as unrecorded property and equipment purchases. We also identified 
an internal control deficiency related to SEC's property receipt 
function and errors in amounts capitalized and amortized for internal- 
use software projects. 

In 21 of the 53 unique personal property, leasehold improvement, and 
software items we reviewed, SEC recorded items in subsidiary ledgers or 
systems with incorrect acquisition dates which affected depreciation 
calculations. In 12 instances, the incorrect acquisition dates were 
related to software items SEC recorded on a quarterly basis, rather 
than in the month of acquisition. SEC has since changed from quarterly 
to monthly recording of software items. In the remaining 9 instances, 
SEC recorded items using the incorrect acquisition dates due to 
administrative errors. In addition to the 21 errors we identified, 
there were 5 instances for which SEC lacked reliable documentation of 
receipt date. 

Also during our testing, we noted eight instances in which SEC 
incorrectly recorded property costs. SEC incorrectly recorded costs 
based on contracts or purchase orders rather than invoices. We also 
identified approximately $200,000 in unrecorded additions to SEC's 
telephone system. This omission from SEC's property ledger is in 
addition to approximately $2.5 million in telephone equipment which we 
identified in our previous audit and SEC failed to record during fiscal 
year 2006 or to correct during fiscal year 2007. 

Contributing to the cause of these errors is that SEC does not have a 
formalized, documented process for comparing quantity and type of item 
received against the corresponding order for property purchases. Seven 
of the 23 personal property items we reviewed did not have sufficient 
evidence of this comparison. SEC's draft Property Management Manual, 
scheduled for implementation during calendar year 2008, calls for the 
Assistant Property Management Officer to "ensure that receipts are 
matched against Purchase Orders as a condition of acceptance and 
payment." However, SEC's guidance does not prescribe a standardized 
form to document this review. A lack of standardized, documented review 
procedures increases the risk that SEC will accept, pay for, and record 
property not yet received. 

SEC's property subsidiary system is not integrated with the general 
ledger. SEC uses a spreadsheet to calculate depreciation and 
amortization related to additions to existing property items. We found 
formula errors in these calculations, which we communicated to SEC in 
September 2007. SEC subsequently corrected these systemic errors, but 
this situation highlights the risks associated with the lack of an 
integrated financial management system and the need for additional 
compensating control procedures. 

Overall, these systemic errors did not materially affect the balances 
reported for property and equipment or the corresponding depreciation 
and amortization expense amounts in SEC's financial statements for 
fiscal year 2007. However, these conditions evidence a significant 
deficiency in control over the recording of property and equipment that 
affects the reliability of its recorded balances for property and 
equipment. Further, SEC's lack of an integrated financial management 
system for accounting for property and equipment, as discussed above, 
requires compensating procedures, which were not effective, to ensure 
that manual calculations, such as those for depreciation and 
amortization, are accurate. Until it has a systemic process that 
incorporates effective controls over receiving, recording, 
capitalizing, and amortizing property and equipment purchases, SEC will 
not have sufficient assurance over the accuracy and completeness of its 
reported balances for property and equipment. 

Recommendations: 

We recommend that SEC, in addition to our previous recommendations in 
this area which are included in enclosure I, take the following actions 
to improve its property and equipment controls: 

7.. Establish and implement controls over invoiced property costs and 
dates to ensure that property and equipment acquisitions are accurately 
recorded in the relevant subsidiary ledgers for personal property, 
leasehold improvement, and software. 

8. Establish and implement controls to ensure proper calculation of 
depreciation and amortization of additions to existing items over the 
remaining useful lives of the associated items. 

Accounting for Budgetary Resources: 

For fiscal year 2007, SEC incurred $877 million in obligations, which 
represents legal liabilities against funds available to SEC to pay for 
goods and services ordered. At September 30, 2007, SEC reported that 
the amount of budgetary resources obligated for undelivered orders was 
$255 million, which reflects obligations for goods or services that had 
not been delivered or received as of that date. In our testing of 
undelivered order transactions for this year's audit, we identified 
several concerns over SEC's accounting for obligations and undelivered 
orders. Specifically, we found numerous instances in which SEC (1) 
recorded obligations prior to having documentary evidence of a binding 
agreement for the goods or services, (2) recorded invalid undelivered 
order transactions due to an incorrect posting configuration in SEC's 
general ledger, and (3) made errors in recording new obligations and 
deobligations due to the use of incorrect accounts and by posting 
incorrect amounts in the general ledger. 

During our interim and year-end testing of obligation activity we 
identified 12 instances in which SEC recorded obligations prior to the 
signing execution of a written contract. We also found one instance 
where funds were obligated with the expectation that a contract would 
be ratified, but the ratification request was later denied. SEC does 
not have policies or internal controls to prevent recording of 
obligations that are not valid. Recording obligations prior to having 
documentary evidence of a binding agreement for the goods and services 
is a violation of the recording statute,[Footnote 10] and may result in 
funds being reserved unnecessarily and therefore made unavailable for 
other uses should the agreement not materialize. Early recording of 
obligations also may result in charging incorrect fiscal year funds for 
an agreement executed in a later fiscal year. 

We noted approximately $76 million in general ledger posting errors, 
including both upward and downward adjustments to prior-year 
undelivered orders. Due to a system error, deobligations of funds in 1- 
year Treasury Account Fund Symbols (TAFS) did not process correctly, 
materially overstating both the upward and downward adjustment 
accounts. This process results in the need to routinely correct 
entries. Extensive reviews of the adjusting journal entries are needed 
to compensate for the system limitations. This process unnecessarily 
complicated transaction processing and caused SEC to misstate various 
line items on the Statement of Budgetary Resources. While SEC 
identified and manually corrected this error for fiscal year 2007, 
there is a risk that, if the error is not corrected in the financial 
management system, SEC could materially misstate its Statement of 
Budgetary Resources in future periods. 

In addition to the systemic posting errors, we noted several additional 
errors impacting SEC's budgetary accounting. SEC incorrectly recorded 
new obligations by posting incorrect amounts in the general ledger. For 
example, in 8 of the 147 items we tested, SEC recorded obligations at 
incorrect amounts, due to either recording obligations early using the 
requisition amounts instead of the final contract amounts or making 
administrative errors. In addition, SEC made errors in recording 
deobligations due to administrative errors in posting amounts to the 
incorrect accounts. We identified approximately $1 million in net 
errors in which SEC's financial management system did not properly 
process downward adjustments of prior-year funds in no-year TAFS. SEC's 
financial management system improperly treats all budget years 
maintained in this fund as current-year funds, thereby understating 
downward adjustments for those years. 

Overall, the majority of exceptions related to these issues were 
corrected by SEC through adjusting journal entries. While the remaining 
uncorrected amounts did not materially affect the balances on the 
Statement of Budgetary Resources at September 30, 2007, ineffective 
processes that caused these errors constitute a significant deficiency 
in SEC's internal control over recording and reporting of obligations, 
and put SEC at risk that the amounts recorded in the general ledger and 
reported on SEC's Statement of Budgetary Resources are misstated. 

Recommendations: 

We recommend that SEC take the following actions to improve its 
budgetary accounting controls: 

9. Correct general ledger system configurations to properly account for 
upward and downward adjustments of prior-years' undelivered orders in 
accordance with the U.S. Standard General Ledger. 

10. Establish and implement controls over obligation-related entries 
(including original obligations, corrections, and deobligations) to 
ensure the use of correct U.S. Standard General Ledger accounts and the 
recording of correct amounts. 

11. Clarify administrative control of funds guidance and document the 
responsibilities of the staff performing obligation-related activities 
with regard to recording obligations in accordance with the recording 
statute. 

Establish and implement controls to ensure that SEC staff adheres to 
existing policies and procedures to prevent violations of the recording 
statute. 

Other Issues: 

Although not considered to be a significant deficiency, the following 
weaknesses warrant management's consideration. 

Certification of Employees' Time Cards, Documentation of Monitoring of 
Time Card Certification, and Approval of Personnel Actions: 

We identified three internal control issues with regard to payroll 
transactions. Specifically, these issues concern the certification of 
employees' time cards, the documentation of monitoring procedures over 
time card certification, and the approval of personnel actions. 

During our fiscal year 2007 audit, we noted nine instances in which 
time cards were improperly certified by lower-level employees. We 
previously noted concerns with administrative officers approving time 
cards for higher-level employees on a regular basis during fiscal year 
2006. 

SEC time and attendance (T&A) policies instruct that each organization 
designate timekeepers who are responsible for initiating time cards and 
designate supervisors or managers as certifiers who have responsibility 
for reviewing the accuracy of time cards. The T&A instructions state 
that administrative officers may certify time cards for higher-level 
officials for emergency situations only. 

As noted above, during our fiscal year 2006 audit, we found cases in 
which administrative officers improperly certified time cards of higher-
level employees on a regular basis. We communicated this finding to SEC 
officials in August 2006. In response to our finding, SEC's Office of 
Human Resources (OHR) began to actively monitor the level of employees 
certifying time cards to determine compliance with its current stated 
policy. During our fiscal year 2007 audit, we observed SEC's monitoring 
of time card certifications for a particular pay period. However, SEC 
did not document when, or what, they were monitoring or the results of 
what they found. Lack of documentation of these control procedures may 
delay or prevent SEC management from becoming aware that monitoring of 
time card certifications has ceased or that there are instances of 
employees certifying higher-level officials' time cards on an other 
than emergency basis. 

Consistent with GAO's Standards for Internal Control in the Federal 
Government,[Footnote 11] internal control should be clearly documented, 
and the documentation readily available for examination. According to 
SEC's OHR, development of this documentation will be undertaken after 
determining how best to document its monitoring of time card 
certifications. 

Also, during our interim testing of payroll, we compared selected 
personnel actions on the employee roster against Standard Form-50 
("Notification of Personnel Action") documentation and identified one 
employee who approved a valid personnel action for an increase in his 
own salary without evidence of additional review from another level of 
management. According to GAO's Standards for Internal Control in the 
Federal Government, "key duties and responsibilities need to be divided 
or segregated among different people to reduce the risk of error, 
waste, or fraud." In addition, "no one individual should control all 
key aspects of a transaction or event." Because one individual 
performed incompatible duties regarding his own personnel actions, 
there is a risk of fraud. 

Recommendations: 

We recommend that SEC, in addition to our previous recommendations in 
this area which are included in enclosure I, take the following actions 
to improve its payroll controls: 

13. Establish and implement procedures for documenting evidence of 
monitoring of time card certifications and include procedures to 
document any identified exceptions. 

14. Segregate key responsibilities over the approval of personnel 
actions so that no one individual approves his own personnel action. 

Agency Comments: 

In providing written comments on a draft of this report, the SEC 
Chairman stated his commitment to remediate the control deficiencies 
this fiscal year. The SEC Chairman reported several actions SEC has 
already taken to address financial reporting processes, documentation, 
and controls, and summarized SEC's Corrective Action Plan (CAP) to 
address GAO's recommendations. The Chairman cited developing a fully 
integrated financial management system as the keystone of SEC's CAP to 
remediate the deficiencies relative to system integration, 
noncompliance with U.S. Standard General Ledger (SGL) at the 
transaction level, and compensating controls. The Chairman noted that 
remediation strategies are presented in the CAP in terms of both short- 
term solutions that are expected to be achieved this fiscal year and 
long-term solutions that will achieve greater efficiency, 
effectiveness, and risk mitigation by minimizing reliance on detective 
controls. Specifically, the short-term strategies are to develop or 
improve process documentation; overlay manual processes with additional 
compensating controls as needed; implement SGL-compliant posting 
models; and implement process improvements to enhance efficiencies and 
effectiveness of internal controls and monitor performance. The long- 
term strategies are to automate integration of financial management 
systems and to comply with the SGL at the transaction level. We will 
evaluate SEC's actions and initiatives during our fiscal year 2008 
audit. 

SEC's written comments are reprinted in enclosure II of this report. 

This report contains recommendations to you. The head of a federal 
agency is required by 31 U.S.C. ï¿½ 720 to submit a written statement on 
actions taken on the recommendations to the Senate Committee on 
Homeland Security and Governmental Affairs and the House Committee on 
Oversight and Government Reform not later than 60 days from the date of 
this report. A written statement also must be sent to the House and 
Senate Committees on Appropriations with agency's first request for 
appropriations made more than 60 days after the date of this report. 

This report is intended for use by management of SEC. We are sending 
copies of this report to the Chairman and Ranking Members of the Senate 
Committee on Banking, Housing, and Urban Affairs; the Senate Committee 
on Homeland Security and Governmental Affairs; the House Committee on 
Financial Services; and the House Committee on Oversight and Government 
Reform. We are also sending copies to the Secretary of the Treasury, 
the Director of the Office of Management and Budget, and other 
interested parties. In addition, this report will be available at no 
charge on our Web site at [hyperlink, http://www.gao.gov]. 

We acknowledge and appreciate the cooperation and assistance provided 
by SEC management and staff during our audit of SEC's fiscal years 2007 
and 2006 financial statements. If you have any questions about this 
report or need assistance in addressing these issues, please contact me 
at (202) 512-9471 or by e-mail at [email protected]. Contact points for 
our Offices of Congressional Relations and Public Affairs may be found 
on the last page of this report. 

Sincerely yours, 

Signed by: 

Jeanette M. Franzel: 

Director: 

Financial Management and Assurance: 

Enclosures - 3: 

Enclosure I: 

Table 1: Recommendations from 2004 Audit Reported as Open at Conclusion 
of 2006 Audit: 

Audit area/recommendation: Disgorgements and penalties: 1. Implement a 
system that is integrated with the accounting system or that provides 
the necessary input to the accounting system to facilitate timely, 
accurate, and efficient recording and reporting of disgorgement and 
penalty activity; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Disgorgements and penalties: 2. Implement 
controls so that the ongoing activities involving disgorgements and 
penalties are properly, accurately, and timely recorded in the 
accounting system; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X.

Audit area/recommendation: Disgorgements and penalties: 3. Develop and 
implement written policies covering the procedures, documentation, 
systems, and responsible personnel involved in recording and reporting 
disgorgement and penalty financial information. The written procedures 
should also address quality control and managerial review 
responsibilities and documentation of such a review; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Financial statement preparation and 
reporting: 4. Consider a "formal closing" of all accounts at an interim 
date(s), which will reduce the level of accounting activity and 
analysis required at year end. The formal closing entails ensuring that 
all transactions are recorded in the proper period through month's end; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Financial statement preparation and 
reporting: 5. Develop or acquire an integrated financial management 
system to provide timely and accurate recording of financial data for 
financial reporting and management decision making; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Property and equipment leases: 6. Review all 
existing leases for property and equipment to determine if they should 
be capitalized or expensed and make any necessary adjustments to the 
related general ledger balances; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X.  

Audit area/recommendation: Property and equipment leases: 7. Develop 
policies and procedures to properly account for future property and 
equipment leases on an ongoing basis; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Closing recommendation to address Federal 
Managers' Financial Integrity Act weaknesses: 8. Require documented 
support and review of SEC's corrective actions to provide evidence that 
actions taken in response to audit recommendations fully correct 
identified deficiencies prior to closing out the audit issues in the 
tracking system; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Source: GAO. 

Note: Recommendations made in GAO-05-691R and GAO-05-693R. 

[End of table] 

Table 2: Recommendations from 2005 Audit Reported as Open at Conclusion 
of 2006 Audit: 

Audit area/recommendation: Financial statement preparation and 
reporting: 1. Determine cutoff dates for significant account balances 
that are both appropriate and practical to facilitate interim financial 
reporting and meeting year-end financial reporting deadlines; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Disgorgements and penalties: Develop, 
document in writing, and implement comprehensive policies, procedures, 
and controls over disgorgement and penalty transactions that include 
the following (see items 2-5): 

Audit area/recommendation: Disgorgements and penalties: 2. An 
accounting policy for disgorgements and penalties that will provide SEC 
management with reasonable assurance that the subsidiary ledger for 
disgorgement/penalty receivables is accurate and complete; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Disgorgements and penalties: 3. The type of 
documentation and procedures needed to record the termination or waiver 
of a debt and the proper notification and communication for approved 
terminations and waivers, such that management has assurance that only 
valid and approved terminations are recorded; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Disgorgements and penalties: 4. The 
recording of activity by case for fiduciary balances, including monthly 
reconciliations and management review, to ensure that balances by case 
are accurate; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Disgorgements and penalties: 5. The 
initiation, recording, and monitoring of investments, including the 
monthly reconciliation of investment activity, to provide assurance 
that these fiduciary amounts are accurate and complete; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X.  

Audit area/recommendation: Responsibilities of contracting officer's 
technical representative (COTR): 6. Clarify guidance regarding policies 
and procedures (as described in SECR 10-8 and SECR 10-15) for the 
COTR's responsibilities and take actions to help ensure existing 
policies and procedures are being followed consistently; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X.  

Audit area/recommendation: Internal review of filing fee calculations: 
7. Take action to help ensure that its policy on recalculating fee- 
bearing filing amounts is consistently followed; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X.  

Audit area/recommendation: Internal review of filing fee calculations: 
8. Take action to help ensure that the recalculation of the required 
filing fees is clearly documented; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X.  

Audit area/recommendation: Compliance with Prompt Payment Act: 9. Take 
action to help ensure that the policy requiring the timely return of 
improper invoices to the vendor to allow for timely payment is 
followed; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Source: GAO. 

Note: Recommendations from GAO-06-459R. 

[End of table] 

Table 3: Recommendations from 2006 Audit: 

Audit area/recommendation: Property and equipment: 1. Include, in its 
updated property management policies, detailed procedures for recording 
proper acquisition costs and dates in its asset-tracking system, and 
take steps to ensure that these procedures are being consistently 
implemented; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X.  

Audit area/recommendation: Property and equipment: 2. Implement 
procedures requiring periodic comparisons of related details in 
disbursement and property/equipment subsidiary records to identify any 
unrecorded purchases that satisfy established capitalization criteria; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X.  

Audit area/recommendation: Property and equipment: 3. Implement 
procedures to ensure that internal use software project managers have a 
complete and consistent understanding of the requirements that should 
govern compilation of cost data submitted for capitalization, including 
consideration of joint Office of Information Technology and Office of 
Financial Management (OFM) training to software project managers on the 
requirements of applicable generally accepted accounting principles; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X.  

Audit area/recommendation: Property and equipment: 4. Implement 
procedures whereby OFM staff routinely review capitalized amounts for 
software projects against supporting documentation to provide 
additional assurance that the recorded amounts are accurate and 
complete; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X.  

Audit area/recommendation: Payroll system access, approval of time and 
attendance records, and process documentation: 5. Evaluate the overall 
effectiveness of its actions taken in response to our findings 
regarding payroll and personnel action processing, when fully 
implemented, to determine whether any modifications, additional 
actions, or both are needed; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X.  

Audit area/recommendation: Comparison of furniture and equipment 
received and ordered: 6. Retain, in its updated property management 
policy, a procedure to document comparison of quantity and type of item 
received with the corresponding purchase order, and take actions to 
ensure that the comparisons are being consistently documented; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X.  

Source: GAO. 

Note: Recommendations made in GAO-07-482R. 

[End of table] 

Enclosure II: 

Comments from the Securities and Exchange Commission: 

Christopher Cox: 
Chairman: 
Headquarters: 
100 F Street, Ne: 
Washington, Dc 20549: 

Regional Offices: 
Atlanta, Boston, Chicago: 
Denver. Fort Worth: 
Los Angeles, Miami, New York: 
Philadelphia, Salt Lake City: 
San Francisco: 

United States: 
Securities And Exchange Commission: 

March 21, 2008: 

Ms. Jeanette M. Franzel: 
Director: 
Financial Management and Assurance: 
Government Accountability Office: 
441 G Street N.W.: 
Washington, DC 20548: 

Dear Ms. Franzel:

Thank you for the opportunity to review and comment on the draft report 
of the Government Accountability Office (GAO) entitled Internal 
Control: Improvements Needed in SEC's Accounting and Financial 
Reporting Process, GAO-08-461 R. The report presents recommendations 
for improvements to internal control as identified in the GAO's 
financial statement audit of the Securities and Exchange Commission 
(SEC) for fiscal years 2007 and 2006. 

I am pleased that the GAO's FY 2007 audit found that the SEC's 
financial statements and notes were presented fairly, in all material 
respects, in conformity with U.S. generally accepted accounting 
principles. However, the GAO found that the SEC did not maintain 
effective internal control over financial reporting as of September 30, 
2007. Because no material weakness is acceptable, we are committed to 
remediating the control deficiencies this fiscal year. 

The SEC takes its responsibility for financial reporting very 
seriously. As the GAO found in the FY 2007 audit report, the SEC 
improved its controls over the accuracy, timeliness, and completeness 
of the disgorgement and penalty data and used a much improved database 
for the initial recording and tracking of these data. The GAO also 
noted that the SEC continued to make progress in resolving deficiencies 
in information security. In 2007, the SEC took the opportunity afforded 
by significant turnover in senior financial positions to fully review 
and evaluate existing financial reporting policies and procedures. 
During fiscal year 2007, the SEC committed extensive resources to 
improving financial reporting processes, documentation and controls. 
The SEC began the evaluation of manual processes and controls used to 
integrate subsidiary data sources with the General Ledger and initiated 
systematic improvements to those processes and controls. This review of 
policies and procedures and completion of related documentation will 
continue in fiscal year 2008. 

In order to fully remediate the control deficiencies this fiscal year, 
we have prepared a comprehensive Corrective Action Plan (CAP) which 
builds on the efforts initiated in fiscal year 2007. On February 7, 
2008, the SEC provided your office with the draft FY 2008 Corrective 
Action Plan for Remediation of Internal Control Deficiencies. Work has 
already begun on several fronts. The plan specifically addresses 
the recommendations made by GAO. We welcome your feedback regarding any 
aspect of this plan and its completeness in addressing the concerns 
outlined by GAO. 

Developing a fully integrated financial management system is the 
keystone of the SEC's Corrective Action Plan to remediate the 
deficiencies identified by the GAO. Fully integrated financial 
management systems and compliance with the U.S. Standard General 
Ledger (SGL) at the transaction level are fundamental requirements for 
federal financial management systems. The SEC's lack of automated 
system integration is the underlying cause of the system non-
conformance reported. Currently, data is manually entered at a 
summary level; however, compliance with SGL is required at the 
transaction, or detail, level. The deficiencies in internal control 
over financial reporting are attributable to ineffective compensating 
controls over the manual processes and spreadsheets supporting 
financial statement balances that, in the desired state, will be 
replaced by fully automated integration.

We have developed remediation strategies to address the deficiencies 
found relative to system integration, non-compliance with SGL at the 
transaction level, and compensating controls. The strategies are 
presented in the Corrective Action Plan in terms of both long-term and 
short-term solutions. The short-term strategies represent improvements 
that are expected to be achieved this fiscal year. We are confident 
that these additional compensating controls will be successful in 
mitigating the risk associated with manual processes. The long-term 
solution will achieve greater efficiency, effectiveness and risk 
mitigation by minimizing reliance on detective controls. 

The short-term strategies are to develop or improve process 
documentation; overlay manual processes with additional compensating 
controls as needed; implement SGL compliant posting models; and 
implement process improvements to enhance efficiencies and 
effectiveness of internal controls and monitor performance. In FY 2008, 
the SEC will continue to take a risk-based approach to ensure that 
process and procedural documentation is in place, as discussed above. 
The documentation will be comprehensive enough that management and 
auditors can clearly ascertain who is performing the control 
activities, the frequency of the control activities and how they are 
performed and evidenced. The SEC's first quarter 2008 financial 
statements were prepared using the newly documented methodologies. 

In addition, the SEC is eliminating manual data handling and the use of 
multiple labor-intensive spreadsheets by automating the generation of 
financial statements. The implementation of a central data repository 
for financial statement preparation and analysis will mitigate the risk 
and the internal control deficiencies identified by the GAO. The 
automated tool has been run in parallel with the existing process for 
preparation of the monthly statements since December. The SEC will 
fully implement the tool beginning with the second quarter statements.

The long-term strategies are to automate integration of financial 
management systems to eliminate manual processes and comply with SGL at 
the transaction level. System integration will eliminate the need for 
the bulk of the manual data manipulation and entry currently required, 
resulting in enhanced timeliness, accuracy and reliability of 
the data, while reducing the need to maintain redundant schedules. The 
ability to fully comply with the SGL at the transaction level is 
dependent on SEC's ability to integrate or interface all transactional 
activity with Momentum, which is currently being upgraded to 
accommodate the necessary integration. Nonetheless, substantial 
compliance may be demonstrated in the short-term through eliminating 
use of unconventional posting models and other limitations that prevent 
proper recordation as discussed above. 

As Chairman, I take the SEC's responsibility over financial reporting 
very seriously. I remain committed to improving the SEC's financial 
integrity and operational efficiencies so that the agency can lead by 
example when it comes to establishing and maintaining effective 
internal control over financial reporting. I appreciate your support 
of these efforts and look forward to continuing our productive dialogue 
during the course of this year's audit. 

Thank you again for the opportunity to comment on this report. If you 
have any questions relating to our response, please contact our Chief 
Financial Officer, Kristine Chadwick, at 202-551-7840. 

Sincerely,

Signed by: 

Christopher Cox: 
Chairman: 

cc: Diego Ruiz 
Kristine Chadwick: 

[End of section] 

Enclosure III: 

Summary of Audit Scope and Methodology: 

To fulfill our responsibilities as auditor of the financial statements 
of the Securities and Exchange Commission (SEC), we did the 
following1[Footnote 12]: 

* Examined, on a test basis, evidence supporting the amounts and 
disclosures in the financial statements. 

* Assessed the accounting principles used and significant estimates 
made by SEC management. 

* Evaluated the overall presentation of the financial statements. 

* Obtained an understanding of SEC and its operations, including its 
internal control related to financial reporting and compliance with 
laws and regulations. 

* Obtained an understanding of the recording, processing, and 
summarizing of performance measures as reported in Management's 
Discussion and Analysis. 

* Tested relevant internal controls over financial reporting and 
compliance with applicable laws and regulations, and evaluated the 
design and operating effectiveness of internal control. 

* Considered SEC's process for evaluating and reporting on internal 
control and financial management systems under the Federal Managers' 
Financial Integrity Act of 1982. 

* Tested compliance with selected provisions of the following laws and 
their related regulations: the Securities Exchange Act of 1934, as 
amended; the Securities Act of 1933, as amended; the Antideficiency 
Act; laws governing the pay and allowance system for SEC employees; the 
Prompt Payment Act; and the Federal Employees' Retirement System Act of 
1986. 

We requested comments on a draft of this report from the Chairman of 
SEC. We received written comments from SEC and summarized the comments 
in our report. We conducted our audit in accordance with U.S. generally 
accepted government auditing standards. 

[End of section] 

Footnotes: 

[1] GAO, Financial Audit: Securities and Exchange Commission's 
Financial Statements for Fiscal Years 2007 and 2006, GAO-08-167 
(Washington, D.C.: Nov. 16, 2007). 

[2] The internal control issues concerning information security are 
discussed in a separate report: GAO, Information Security: Securities 
and Exchange Commission Needs to Continue to Improve Its Program, GAO- 
08-280 (Washington, D.C.: Feb. 29, 2008). 

[3] We made recommendations in our internal control reports issued as 
part of our fiscal years 2004, 2005, and 2006 SEC financial statement 
audits: GAO, Material Internal Control Issues Reported in SEC's Fiscal 
Year 2004 Financial Statement Audit Report, GAO-05-691R (Washington, 
D.C.: July 27, 2005); Management Report: Opportunities for Improvements 
in SEC's Internal Controls and Accounting Procedures, GAO-05-693R 
(Washington, D.C.: Aug. 12, 2005); Internal Control: Improvements 
Needed in SEC's Accounting and Financial Reporting Procedures, GAO-06- 
459R (Washington, D.C.: Apr. 21, 2006); and GAO, Internal Control: 
Improvements Needed in SEC's Accounting and Operational Procedures, GAO-
07-482R (Washington, D.C.: Apr. 3, 2007). 

[4] A material weakness is a significant deficiency or combination of 
significant deficiencies that results in more than a remote likelihood 
that a material misstatement of the financial statements will not be 
prevented or detected. 

[5] A significant deficiency is a control deficiency, or combination of 
deficiencies, that adversely affects the entity's ability to initiate, 
authorize, record, process, or report financial data reliably in 
accordance with generally accepted accounting principles such that 
there is more than a remote likelihood that a misstatement of the 
entity's financial statements that is more than inconsequential will 
not be prevented or detected. 

[6] GAO-05-691R, GAO-05-693R, GAO-06-459R, and GAO-07-482R. 

[7] GAO-08-167. 

[8] A disgorgement is the repayment of illegally gained profits (or 
avoided losses) for distribution to harmed investors whenever feasible. 
A penalty is a monetary payment from a violator of securities law that 
SEC obtains pursuant to statutory authority. A penalty is fundamentally 
a punitive measure, although penalties occasionally can be used to 
compensate harmed investors. 

[9] OMB directs executive branch agencies to issue their audited 
financial statements by November 15 for the preceding fiscal year 
ending on September 30. OMB Circular No. A-136, Financial Reporting 
Requirements, ï¿½ I.5 (rev. June 27, 2007). 

[10] An amount shall be recorded as an obligation of the U.S. 
Government only when supported by documentary evidence of a binding 
agreement between an agency and another person (including an agency) 
that is in writing and executed before the end of the period of 
availability for obligation of the appropriation. 31 U.S.C. ï¿½ 
1501(a)(1). Under the plain terms of the statute, an oral agreement may 
not be recorded as an obligation. See GAO, Principles of Federal 
Appropriations Law, vol. 2, 3RD ed., GAO-06-382SP (Washington, D.C.: 
February 2006), page 7-15. 

[11] GAO, Standards for Internal Control in the Federal Government, 
GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999). 

[12] [1] For further, more detailed, explanation of our audit scope and 
methodology, see the discussion in our related financial audit report 
(GAO-08-167). 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability.  

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates."  

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to:  

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548:  

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061:  

To Report Fraud, Waste, and Abuse in Federal Programs:  

Contact:  

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: [email protected]: 
Automated answering system: (800) 424-5454 or (202) 512-7470:  

Congressional Relations:  

Ralph Dawn, Managing Director, [email protected]: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548:  

Public Affairs: 

Chuck Young, Managing Director, [email protected]: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: 

*** End of document. ***