This is the accessible text file for GAO report number GAO-14-455R entitled 'Management Report: Improvements Needed in CFPB's Internal Controls and Accounting Procedures' which was released on May 2, 2014. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. GAO-14-455R: United States Government Accountability Office: GAO: 441 G St. N.W. Washington, DC 20548: May 2, 2014: The Honorable Richard Cordray: Director: Bureau of Consumer Financial Protection: Management Report: Improvements Needed in CFPB's Internal Controls and Accounting Procedures: Dear Mr. Cordray: On December 16, 2013, we issued our report containing our opinion on fiscal years 2013 and 2012 financial statements of the Bureau of Consumer Financial Protection, known as the Consumer Financial Protection Bureau (CFPB).Our report also included (1) our opinion on the effectiveness of CFPB's internal control over financial reporting as of September 30, 2013, and our evaluation of CFPB's compliance with selected provisions of laws, regulations, contracts, and grant agreements during fiscal year 2013,[Footnote 1] and (2) two significant deficiencies[Footnote 2] we identified in CFPB's internal control over financial reporting related to year-end accounts payable accruals[Footnote 3] and recorded property and equipment amounts. The purpose of this report is to present additional information regarding the two significant deficiencies we identified along with related new recommendations. Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act,[Footnote 4] referred to as the Consumer Financial Protection Act of 2010, created CFPB. The act charged CFPB with the responsibility of regulating the offering and provision of consumer financial products or services under the federal consumer financial laws. The act also requires CFPB to annually prepare financial statements and GAO to audit these statements.[Footnote 5] The Full-Year Continuing Appropriations Act of 2011 also requires that GAO audit CFPB's financial statements. Results in Brief: During our audit of CFPB's fiscal years 2013 and 2012 financial statements, we identified control weaknesses that we determined collectively constituted two significant deficiencies in CFPB's internal control over financial reporting as of September 30, 2013. Specifically, we found that CFPB did not effectively design or implement: * internal control over its year-end accrual process to ensure accounts payable amounts recorded were complete and accurate and: * controls to ensure accurate and complete recording of its property and equipment transactions. These deficiencies increase the risk that CFPB may not detect and correct errors in time to prevent misstatement of the financial statements. At the end of our discussion of each of these issues in the sections that follow, we present our related recommendations for strengthening CFPB's internal controls. We are making four new recommendations that are intended to improve management's oversight and controls in these areas and reduce the risk of misstatements in CFPB's accounts and financial statements. In commenting on a draft of this report, CFPB stated that it agreed with the recommendations we made in our report and has implemented or is in the process of implementing actions to address the issues we identified. CFPB's response is reprinted in its entirety in enclosure I. Scope and Methodology: As part of our audit of CFPB's fiscal years 2013 and 2012 financial statements, we evaluated CFPB's internal controls and tested its compliance with selected provisions of laws, regulations, contracts, and grant agreements. We designed our audit procedures to test relevant controls over financial reporting, including those designed to provide reasonable assurance that (1) transactions are properly recorded, processed, and summarized to permit the preparation of CFPB's financial statements in conformity with U.S. generally accepted accounting principles, and that assets are safeguarded against loss from unauthorized acquisition, use, or disposition, and (2) transactions are executed in accordance with laws governing the use of budget authority and with other applicable laws, regulations, contracts, and grant agreements that could have a direct and material effect on the financial statements. As part of our audit, we evaluated the work performed and conclusions reached by CFPB management in its internal control assessment.[Footnote 6] A full discussion of our scope and methodology is included in our December 2013 report on our audit of CFPB's fiscal years 2013 and 2012 financial statements. [Footnote 7] We performed our audit of CFPB's fiscal years 2013 and 2012 financial statements in accordance with U.S. generally accepted government auditing standards. We believe that our audit provides a reasonable basis for our conclusions in this report. Significant Deficiency over Year-End Accounts Payable Accruals: During our fiscal year 2013 audit, we found that while CFPB had policies and procedures that specify the criteria to be used in accruing costs, these procedures were not effectively designed or consistently implemented to ensure that accounts payable amounts recorded were complete and accurate at fiscal year-end. As a result, we found that CFPB did not record or erroneously recorded approximately $4.2 million in accounts payable transactions, resulting in a net understatement of accounts payable, assets, and expenses of approximately $1.8 million, $1.7 million, and $0.1 million, respectively.[Footnote 8] CFPB's accounts payable consists primarily of amounts owed for goods and services received related to contracts and property and equipment acquisitions that have not yet been paid. As of September 30, 2013, CFPB's accounts payable (including both intragovernmental amounts and amounts due to the public) amounted to approximately $32 million. CFPB's Office of the Chief Financial Officer (OCFO) is responsible for the year-end accrual process. CFPB's established procedures state that the OCFO will send a report containing all open obligations to the contracting officer representative (COR) of each division or program office and ask each to provide and document the estimated dollar amount of services provided or goods received through the end of the fiscal year for which CFPB has not yet received an invoice.[Footnote 9] The COR is then responsible for estimating an amount for each contract, purchase order, or interagency agreement that should be accrued as of the end of the fiscal year. The OCFO reviews all input from the CORs and approves the amounts to be accrued as accounts payable at fiscal year-end. However, during our audit we found multiple instances where the CORs did not properly identify and estimate amounts that should be recorded as accounts payable and OCFO did not properly review and record the estimates. For example, the CORs did not identify and report accruals for seven invoices relating to goods and services received during fiscal year 2013. As a result, the OCFO understated accounts payable, assets, and expenses by approximately $2.5 million, $2.2 million, and $0.3 million, respectively. These invoices were related to goods received or services provided in fiscal year 2013 that had not been paid or accrued as of September 30, 2013. OCFO also incorrectly recorded accounts payable transactions for other goods and services received from seven different vendors, resulting in an overstatement of approximately $1.2 million and an understatement of $0.5 million in total accounts payable. These errors also resulted in overstatements of assets and expenses of approximately $0.8 million and $0.4 million, respectively, as well as understatements of assets and expenses of approximately $0.2 million and $0.3 million, respectively. Specifically, we found instances in which (1) the COR calculated accrual amounts incorrectly, which the OCFO did not detect in its reviews, and (2) the OCFO recorded accrual amounts in the wrong accounting period. For example, when reviewing the supporting documentation provided, we found accrual calculations that contained formula errors. Further, we found an erroneous accrual in fiscal year 2013 for services provided in fiscal year 2014. These errors occurred because (1) CORs did not have a formal methodology for identifying and estimating the amount owed for goods and services that should be accrued as of September 30 and (2) while OCFO reviewed the estimates, the reviews were not in sufficient detail to reasonably ensure that the amounts recorded were complete and accurate. Specifically, the OCFO did not provide detailed guidance or adequate training to the CORs on how to identify and estimate accruals, taking into consideration the accounting period cutoff. While CFPB's accrual policies and procedures require the OCFO to review and approve the CORs' lists of accruals before recording them in the financial statements, the procedures do not specify how the accruals are reviewed to ensure completeness and accuracy. As a result, we found that the OCFO did not perform procedures such as a variance analysis or comprehensively review obligating documents and invoices as well as the CORs' accrual calculations to help ensure that amounts provided by the CORs were complete and accurate before recording them in the financial statements. Standards for Internal Control in the Federal Government provides that agencies should have controls in place to provide reasonable assurance that their financial transactions are recorded completely and accurately.[Footnote 10] The standards indicate that these controls should be designed to ensure that ongoing monitoring occurs in the course of normal operations, such as managerial reviews of financial transactions and activities. Further, federal accounting standards provide that when an entity accepts title to goods, whether the goods are delivered or in transit, the entity should recognize a liability for the unpaid amount of the goods. The entity should also recognize in its accounting records the full cost of the goods or services it receives as an expense or, if appropriate, as an asset, depending on the nature of the transaction. If invoices for those goods are not available when financial statements are prepared, the amounts owed should be estimated.[Footnote 11] Although CFPB corrected most of the errors identified during our fiscal year 2013 audit once we brought them to its attention, these deficiencies increase the risk that future errors may not be detected and corrected in time to prevent misstatement of the financial statements. Recommendations for Executive Action: We recommend that you direct the Chief Financial Officer to do the following. * Develop detailed guidance and provide training for CORs to further assist them in identifying and estimating accruals, including examples of expenses that should and should not be accrued at the end of an accounting period and how to calculate amounts to be accrued. * Strengthen the design and implementation of control procedures regarding the review of the accounts payable estimates to include variance analysis of calculations and comprehensive review of obligating documents, invoices, and the CORs' accrual calculations. Significant Deficiency over Recording of Property and Equipment: During our fiscal year 2013 audit, we found that while CFPB had designed policies and procedures that specify the criteria to be used to capitalize costs and the review procedures to be performed, these procedures were not effectively designed and implemented to ensure accurate and complete recording of its property and equipment transactions in the general ledger. As a result, we found that CFPB erroneously recorded approximately $7 million in property and equipment transactions, resulting in a net overstatement of $133,000 to its property and equipment balance. CFPB's property and equipment balance increased significantly from $5.8 million in fiscal year 2012 to $27.7 million in fiscal year 2013, a net change of approximately 380 percent. CFPB's property and equipment consists primarily of information technology equipment, furniture, internally developed software, and leasehold improvements. CFPB policy requires capitalizing property and equipment with estimated useful lives of 2 years that meet the following criteria: leasehold improvements and equipment acquisitions, including furniture, of $50,000 or more; bulk purchases of $250,000 or more of similar items; and internal-use software purchased or developed of $750,000 or more. Other property items, normal repairs, and maintenance are charged to expense as incurred. In addition, the capitalization policy stipulates that on a quarterly basis, the OCFO review property and equipment acquisitions and goods and services transactions of $50,000 and greater to ensure that purchased items and costs associated with internal-use software are appropriately classified as capitalized assets or operating expenses. However, we found instances in which the OCFO did not capitalize property and equipment transactions according to its policy. For example, we found instances in which CFPB did not capitalize costs associated with leasehold improvements and furniture acquisitions above $50,000 and laptop bulk purchases above $250,000. These resulted in an understatement to total assets of $3.4 million. In addition, we found that CFPB capitalized certain software maintenance and operating costs that should have been expensed. Specifically, CFPB capitalized transactions that were not within the software development stage. Federal accounting standards provide that capitalized costs for internal-use software should include the full cost incurred during the software development stage.[Footnote 12] We also found capitalized software licenses that did not meet the minimum useful life threshold of 2 years. In total, the errors we found in capitalized costs that should have been expensed resulted in an overstatement to assets and understatement to expenses of $3.5 million. These errors occurred because there was a lack of (1) coordination between the OCFO, the Office of Procurement, and other program offices [Footnote 13] and (2) thorough OCFO review of supporting documentation, such as invoices and obligating documents, to determine which costs met the capitalization criteria. Specifically, OCFO did not have a mechanism to track the development stage for internal-use software, based on feedback from the Office of Procurement and other program offices, to determine whether amounts invoiced represented costs associated with preliminary design, software development, or post implementation services. While CFPB subsequently developed a tracking schedule to monitor the stage of internal-use software, this schedule went through numerous revisions and had not been formally incorporated into CFPB's capitalization policy at the end of our fiscal year 2013 audit. While CFPB's capitalization policies and procedures require the OCFO to review contracts to ensure proper classification of property and equipment transactions before recording them in the financial statements, the procedures do not require the review of invoices, which also contain additional information to help determine whether an amount should be capitalized or expensed. As a result, we found that during its quarterly reviews, the OCFO did not review supporting documents, including invoices, in detail to determine whether the amounts owed represented bulk purchases above $250,000, equipment acquisitions above $50,000, or any other type of good or service meeting the capitalization criteria. Standards for Internal Control in the Federal Government provides that agencies should have controls in place to provide reasonable assurance that their financial transactions are recorded completely and accurately.[Footnote 14] The standards indicate that these controls should generally be designed to assure that ongoing monitoring occurs in the course of normal operations, such as managerial reviews of financial transactions, activities, comparisons, reconciliations, and other actions in the processing of financial transactions. While CFPB corrected most of the errors we identified in our fiscal year 2013 audit after we brought them to its attention, ineffective supervisory review and coordination as well as a lack of continuous monitoring of financial transactions increase the risk that future errors may not be detected and corrected in time to prevent misstatement of the financial statements. Recommendations for Executive Action: We recommend that you direct the Chief Financial Officer to do the following. * Strengthen the design and implementation of control procedures to require, as part of OCFO's quarterly review procedures, review of underlying supporting documents, including tracking schedules, invoices, and obligating documents, to ensure that property and equipment transactions are properly identified and capitalized or expensed as appropriate. * Design and implement control procedures that require coordination between the Office of Procurement and other program offices at the time of capitalization to ensure that property and equipment costs, including costs associated with internal-use software, are properly capitalized or expensed as appropriate. Agency Comments: In its written comments, reprinted in enclosure I, CFPB stated that it agreed with the recommendations we made in our report and has implemented or is in the process of implementing actions to address the issues we identified. CFPB cited a number of related remediating efforts under way, including providing training for contracting officer representatives on accrual estimations, improving coordination among offices regarding capitalized asset activity, and enhancing the review and oversight of the accrual and capitalization processes by the OCFO. CFPB emphasized its dedication to upholding its fiscal responsibilities and ensuring that proper management oversight and controls are implemented to minimize risk. We will evaluate CFPB's actions for addressing the deficiencies identified in this report as part of our fiscal year 2014 audit. This report contains recommendations to you. The head of a federal agency is required by 31 U.S.C. § 720 to submit a written statement on actions taken on these recommendations. You should submit your statement to the Senate Committee on Homeland Security and Governmental Affairs and the House Committee on Oversight and Government Reform within 60 days of the date of this report. A written statement also must be sent to the House and Senate Committees on Appropriations with your agency's first request for appropriations made more than 60 days after the date of this report. Furthermore, to ensure that we have accurate, up-to-date information on the status of CFPB's actions on our recommendations, we request that you also provide us with a copy of CFPB's statement of actions taken on open recommendations. Please send your statement of actions to J. Lawrence Malenich, Director, at malenichj@gao.gov. This report is intended for use by CFPB management. We are sending copies of this report to the Chairmen and Ranking Members of the Senate Committee on Banking, Housing, and Urban Affairs; the Senate Committee on Appropriations; the House Committee on Financial Services; and the House Committee on Appropriations, and to the Secretary of the Treasury, the Director of the Office of Management and Budget, and other interested parties. In addition, the report is available at no charge on the GAO website at [hyperlink, http://www.gao.gov]. We acknowledge and appreciate the cooperation and assistance provided by CFPB management and staff during our audit of CFPB's fiscal years 2013 and 2012 financial statements. If you have any questions about this report or need assistance in addressing these issues, please contact me at (202) 512-3406 or malenichj@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff members who made key contributions to this report are listed in enclosure II. Sincerely yours, Signed by: J. Lawrence Malenich: Director, Financial Management and Assurance: Enclosures - 2: [End of section] Enclosure I: Comments from the Consumer Financial Protection Bureau: CFPB: Consumer Financial Protection Bureau: 1700 G Street, NW: Washington, DC 20552: April 24, 2014: Mr. J. Lawrence Malenich: Director: ; Financial Management and Assurance: U. S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Mr. Malenich, We have received a copy of your draft Management Report: Improvements Needed in CFPB 's Internal Controls and Accounting Procedures, covering the Consumer Financial Protection Bureau's (CFPB) financial statement audit as of September 30, 2013. We appreciate the cooperation of the Government Accountability Office (GAO) during the CFPB's annual financial statement audit, and we recognize the significant work you are doing to help us improve the performance, transparency and accountability of the Bureau. The CFPB is proud that we received an "unmodified" or "dean" opinion of the financial statements. GAO however identified two significant deficiencies in CFPB's internal control: year-end accounts payable accruals and recording of property and equipment. GAO also provided recommendations for each deficiency. We concur with the draft recommendations from GAO intended to improve management's oversight and controls as well as to minimize risk to the Bureau. Since the conclusion of the audit in December 2013, CFPB has implemented or is in the process of implementing actions that address issues identified by GAO during the audit, which are further detailed in the recommendations in the report. Such actions include hosting training for and working closely with our contracting officer representatives on approved methodologies for estimating accruals; improving coordination amongst various offices regarding capitalized assets; and enhancing the review and oversight of the accruals and capitalization processes by the Office of the Chief Financial Officer. We will continue to implement corrective actions to resolve and mitigate the significant deficiencies identified. The CFPB is dedicated to upholding our fiscal responsibilities and ensuring that proper management oversight and controls are implemented to minimize risk to the Bureau. We have found that the GAO audit process is especially helpful and important to our work in this area. Thank you again for the opportunity to comment on the draft report and for the valuable work that you and your staff are doing with us. Sincerely, Signed by: Richard Cordray: Director: [End of section] Enclosure II: GAO Contact and Staff Acknowledgments: GAO Contact: J. Lawrence Malenich, (202) 512-3406 or malenichj@gao.gov: Staff Acknowledgments: In addition to the contact named above, Jessica Boucher and Nina M. Rostro made key contributions to this report. [End of section] Footnotes: [1] GAO, Financial Audit: Bureau of Consumer Financial Protection's Fiscal Years 2013 and 2012 Financial Statements, [hyperlink, http://www.gao.gov/products/GAO-14-170R] (Washington, D.C.: Dec. 16, 2013). [2] A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. A material weakness is a deficiency, or combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected, on a timely basis. A control deficiency exists when the design or operation of a control does not allow management or employees in the normal course of performing their assigned functions to prevent, or detect and correct, misstatements on a timely basis. [3] Under accrual accounting, entities record the effects of transactions, events, and circumstances in the periods in which they occur rather than only in the periods in which cash is received or paid by the entity. [4] Pub. L. No. 111-203, Title X, 124 Stat. 1376, 1955-2113 (2010). [5] 12 U.S.C. § 5497(a)(5). [6] CFPB's internal control over financial reporting is based on criteria established under 31 U.S.C § 3512(c), commonly known as the Federal Managers' Financial Integrity Act, and applicable sections of the Office of Management and Budget (OMB) Circular A-123, Management's Responsibility for Internal Control. OMB Circular A-123 defines management's responsibility for internal control in federal agencies and establishes requirements for documenting, testing, and making an assessment of the effectiveness of internal controls. [7] [hyperlink, http://www.gao.gov/products/GAO-14-170R]. [8] Each understatement or overstatement to accounts payable resulted in a corresponding understatement or overstatement to operating expenses or property and equipment, depending on the goods or services purchased. [9] The OCFO relies on the CORs to perform critical acquisition and technical functions. The CORs are responsible for tracking goods and services that have been received or rendered, approving vendor invoices for payment, and calculating amounts to be accrued for contract line items, while the OCFO is responsible for the accounting for and recording of CFPB's financial transactions. [10] GAO, Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: November 1999). [11] Statement of Federal Financial Accounting Standards No. 1, Accounting for Selected Assets and Liabilities, March 30, 1993, as amended through June 30, 2013, and Statement of Federal Financial Accounting Standards No. 4, Managerial Cost Accounting Standards and Concepts, July 31, 1995, as amended through June 30, 2013. [12] Statement of Federal Financial Accounting Standards No. 10, Accounting for Internal Use Software, October 9, 1998, as amended through June 30, 2013. [13] CFPB's Office of Procurement and the program offices initiate requests for goods and services. The Office of Procurement also oversees the overall procurement process, which includes preparing solicitations, evaluating proposals, and awarding contracts. [14] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO's actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO's website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, DC 20548. [End of document]