Financial Audit:

Federal Deposit Insurance Corporation's Internal Controls as of December 31, 1992

AIMD-94-35: Published: Feb 4, 1994. Publicly Released: Feb 4, 1994.

Additional Materials:

Contact:

Robert W. Gramling
(202) 512-9406
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a legislative requirement, GAO reviewed the Federal Deposit Insurance Corporation's (FDIC) system of internal accounting controls as of December 31, 1992, as part of its 1992 financial statement audits of the Bank Insurance Fund (BIF), the Savings Association Insurance Fund (SAIF), and the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund (FRF), to determine whether: (1) the assets of the three funds are safeguarded against loss from unauthorized use or disposition; (2) transactions related to the three funds are executed in accordance with FDIC authority and in accordance with applicable laws and regulations; and (3) transactions are properly recorded and processed in accordance with generally accepted accounting principles.

GAO found that: (1) FDIC internal control weaknesses have adversely affected FDIC ability to manage, liquidate, and report on the large volume of assets acquired from failed financial institutions; (2) weaknesses in asset servicer oversight have exposed BIF to losses and errors in recovery estimates; (3) weak controls over the FDIC asset management information system have affected data integrity; (4) untimely reconciliations have exposed funds to potential losses and reporting errors; (5) weaknesses in FDIC time and attendance processing controls could affect payroll expenditures; and (6) FDIC does not have effective controls to ensure that SAIF assessment income exit fees are properly recorded and financial reporting adjustments are properly authorized.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: During 1993, FDIC's Division of Finance (DOF) hired additional personnel and developed procedures to address this weakness. It has successfully reconciled serviced asset pool records with FDIC's system. Additionally, in 1995, FDIC effectively implemented procedures to routinely verify asset servicers' activity reports back to the servicers' detail accounting records.

    Recommendation: The Acting Chairman, FDIC, should direct the heads of the Division of Finance and the Division of Depositor and Asset Services to reconcile asset pools promptly and routinely among the servicing entities' records and the general ledger control accounts maintained on the Financial Information System (FIS).

    Agency Affected: Federal Deposit Insurance Corporation

  2. Status: Closed - Implemented

    Comments: During 1993, FDIC distributed a list that GAO had provided to the servicers' internal audit departments. The list included 12 critical audit areas that should be covered each year in audits. This list was to be incorporated into their annual audit plans. FDIC also revised its "Servicer Audit Guide" in 1994 to include requirements that these 12 critical areas be covered each year. GAO's 1995 audits found that critical audit areas are generally being covered annually.

    Recommendation: The Acting Chairman, FDIC, should direct the heads of the Division of Finance and the Division of Depositor and Asset Services to obtain adequate and timely audit coverage of all critical areas of serviced asset pool operations through the efforts of asset servicing entities' internal audit departments and FDIC visitation groups.

    Agency Affected: Federal Deposit Insurance Corporation

  3. Status: Closed - Implemented

    Comments: During 1994, FDIC's Contractor Oversight and Monitoring Branch of its Division of Depositor and Asset Services implemented revised procedures to expand the scope of review procedures when significant exceptions to GCR estimates are identified and to perform follow-up procedures to document the resolution of GCR exceptions.

    Recommendation: The Acting Chairman, FDIC, should direct the heads of the Division of Finance and the Division of Depositor and Asset Services to expand review procedures when excessive error rates in gross cash recovery (GCR) are detected and perform follow-up procedures on those assets where errors were detected to ensure the accuracy of the GCR being used in BIF allowance for losses calculation.

    Agency Affected: Federal Deposit Insurance Corporation

  4. Status: Closed - Not Implemented

    Comments: In August 1995, FDIC issued the Asset Disposition Manual (formerly Credit Manual) to FDIC field office personnel and contracted asset servicing entities. While the revised Manual contained specific instructions and procedures for updating and reporting Gross Cash Recovery (GCR) estimates, GAO's 1995 financial audits found that GCR estimates still were not always consistent with an asset's liquidation strategy. During 1996, FDIC significantly altered its process for estimating asset recoveries. The new process employs a modeling approach for valuing a statistical sample of assets and uses the results to project recovery rates to the entire population of assets. Given the drastic alteration to FDIC's asset valuation methodology, the recommendation is no longer applicable.

    Recommendation: The Acting Chairman, FDIC, should direct the heads of the Division of Finance and the Division of Depositor and Asset Services to require asset servicing entities to update GCR when the liquidation strategy affecting an asset has changed.

    Agency Affected: Federal Deposit Insurance Corporation

  5. Status: Closed - Not Implemented

    Comments: Between 1993 and 1995, FDIC took a number of actions to try to ensure consistency in the methodologies and cut-off dates for estimating asset recoveries between its personnel and contracted asset servicers. However, GAO's 1995 financial audit found that these actions were not fully effective in ensuring consistency between FDIC field office and contractor staff in estimating asset recoveries. However, in late 1995 and early 1996, FDIC terminated virtually all of its asset servicing contracts. This, coupled with FDIC's drastic alteration to its asset valuation methodology beginning in 1996, makes the recommendation no longer applicable.

    Recommendation: The Acting Chairman, FDIC, should direct the heads of the Division of Finance and the Division of Depositor and Asset Services to require GCR for both internally managed assets and assets serviced by outside entities to be determined based on consistent methodologies using consistent cut-off dates.

    Agency Affected: Federal Deposit Insurance Corporation

  6. Status: Closed - Implemented

    Comments: FDIC's Contractor Oversight and Monitoring Branch of its Division of Depositor and Asset Services revised its "Servicer Audit Guide" in 1994. This guide provides more guidance in planning, structuring, and performing audits conducted by servicers' internal audit departments. It also addresses standard reporting formats and due dates for report documents.

    Recommendation: The Acting Chairman, FDIC, should direct the heads of the Division of Finance and the Division of Depositor and Asset Services to develop written policies and procedures that require more standardization in the frequency and structure of audits conducted by servicing entities' internal audit departments to ensure that audit findings are completed and communicated to oversight committees in a timely manner and that the audit procedures address areas critical to ensuring the accuracy of financial reporting and safeguarding of receivership assets.

    Agency Affected: Federal Deposit Insurance Corporation

  7. Status: Closed - Not Implemented

    Comments: Despite actions taken by FDIC during 1994 and 1995, GAO's 1995 audit continued to find frequent instances of nonadherence to asset recovery estimation procedures, many of which would have been detected through an effective data integrity review and certification process. However, during 1996, FDIC significantly altered its process for estimating asset recoveries. The new process employs a modeling approach for valuing a statistical sample of assets and uses the results to project recovery rates to the entire population of assets. Consequently, asset data integrity reviews and certifications are no longer required under the new process, as new control procedures are being developed for the new process. Given the drastic alteration to FDIC's asset valuation methodology, the recommendation is no longer applicable.

    Recommendation: To address the weaknesses in Liquidation Asset Management Information System (LAMIS) data integrity, the Acting Chairman, FDIC, should direct the heads of the Division of Depositor and Asset Services and the Division of Finance to perform asset data integrity reviews and certifications in a manner that ensures a review of the data elements critical to accurately determine GCR for assets in liquidation.

    Agency Affected: Federal Deposit Insurance Corporation

  8. Status: Closed - Implemented

    Comments: During 1994, FDIC revised its "Data Integrity" directive. The revised directive requires quarterly reviews of certain data elements critical to accurately determine GCR estimates for assets in liquidation. The directive was effective in February 1994.

    Recommendation: To address the weaknesses in LAMIS data integrity, the Acting Chairman, FDIC, should direct the heads of the Division of Depositor and Asset Services and the Division of Finance to modify the timing of the semiannual reviews to coincide with the September 30 GCR report date to ensure accurate reporting of GCR submitted to the Division of Finance.

    Agency Affected: Federal Deposit Insurance Corporation

  9. Status: Closed - Not Implemented

    Comments: In August 1995, FDIC issued the Asset Disposition Manual (formerly Credit Manual) to FDIC field office personnel and contracted asset servicing entities. While the Manual contained specific instructions and procedures for updating and reporting GCR estimates, GAO's 1995 financial audits found that GCR estimates still were not always consistent with an asset's liquidation strategy, and frequently were not revised for more current information. During 1996, FDIC significantly altered its process for estimating asset recoveries. The new process employs a modeling approach for valuing a statistical sample of assets and uses the results to project recovery rates for the entire population of assets. Consequently, given the drastic alteration to FDIC's asset valuation methodology, the recommendation is no longer applicable.

    Recommendation: To address the weaknesses in LAMIS data integrity, the Acting Chairman, FDIC, should direct the heads of the Division of Depositor and Asset Services and the Division of Finance to direct account officers and managing liquidators to perform timely updates of asset recovery estimates to reflect the most current information available.

    Agency Affected: Federal Deposit Insurance Corporation

  10. Status: Closed - Implemented

    Comments: FDIC made significant progress during 1993 to identify and resolve differences between the book values of receivership and corporate-owned assets recorded in its financial information and asset management information systems. Additionally, FDIC developed a nationally based system to compare the book values of assets in its financial information and asset management information systems.

    Recommendation: To address the weaknesses in LAMIS data integrity, the Acting Chairman, FDIC, should direct the heads of the Division of Depositor and Asset Services and the Division of Finance to promptly investigate and resolve differences in receivership asset information between FIS and LAMIS and adjust the balances in each system accordingly.

    Agency Affected: Federal Deposit Insurance Corporation

  11. Status: Closed - Implemented

    Comments: FDIC has developed a standardized format to track and age differences in the book values reported by its financial information and asset management information systems. This system ages any differences between the two systems, identifies disposition responsibilities, and significantly improves management's oversight capabilities.

    Recommendation: To address the weaknesses in LAMIS data integrity, the Acting Chairman, FDIC, should direct the heads of the Division of Depositor and Asset Services and the Division of Finance to implement a uniform system for tracking and aging all differences between FIS and LAMIS that identifies all differences by asset type and responsibility center and enables management to determine whether the differences have a direct impact on the financial reporting process.

    Agency Affected: Federal Deposit Insurance Corporation

  12. Status: Closed - Implemented

    Comments: In April 1994, FDIC revised its procedures to address the weaknesses in its computerized information systems security controls. Specifically, FDIC revised procedures to restrict access to sensitive financial and operating system programs and files. As a result, FDIC's general controls over its EDP systems, as revised, should adequately preclude unauthorized access to or modification of data files and programs.

    Recommendation: To address the weaknesses identified in general controls over FDIC computerized information systems, the Acting Chairman, FDIC, should direct the head of the Division of Information Resources Management to implement the recommendations of the inspector general and the independent contractor, particularly with respect to: (1) regulating access to the systems and establishing policies and procedures to investigate unauthorized access attempts and security violations; (2) fully monitoring programmer changes and addressing system exposures; and (3) improving existing practices for administering the automated building and data center physical security system.

    Agency Affected: Federal Deposit Insurance Corporation

  13. Status: Closed - Implemented

    Comments: During 1993, FDIC's Division of Finance established the Contractor Oversight Accounting Group to provide accounting guidance to asset servicing entities for recording serviced asset pool transactions. The Division of Finance also developed "Servicer Operations and Accounting Procedures" manual to provide further guidance for recording transactions of serviced asset pools.

    Recommendation: To address the inconsistencies in the use of standard receivership collection accounts, the Acting Chairman, FDIC, should direct the head of the Division of Finance to establish: (1) centralized leadership within the Division of Finance to provide accounting guidance to the regional offices tasked with the responsibility of accounting for transactions associated with the serviced asset pools; and (2) a standard accounting policy manual to assist in the application of consistent accounting procedures for these pools.

    Agency Affected: Federal Deposit Insurance Corporation

  14. Status: Closed - Implemented

    Comments: During 1993, FDIC significantly improved its process for reconciling exit fee reports. This improved reconciliation successfully identified material discrepancies, and all adjustments arising out of audits of exit fees were properly recorded in the general ledger during 1993.

    Recommendation: To address weaknesses in controls over recording SAIF exit fees, the Acting Chairman, FDIC, should direct the head of the Division of Finance to routinely reconcile the general ledger control accounts used for exit fees to supporting activity reports.

    Agency Affected: Federal Deposit Insurance Corporation

  15. Status: Closed - Implemented

    Comments: During 1993, FDIC significantly improved its process for reconciling exit fee reports and ensuring that all adjustments arising from internal verification of exit fees are properly reflected in the general ledger. During 1993, all adjustments arising out of audits of exit fees were properly recorded in the general ledger.

    Recommendation: To address weaknesses in controls over recording SAIF exit fees, the Acting Chairman, FDIC, should direct the head of the Division of Finance to promptly and accurately record all adjustments resulting from internal verification procedures in the general ledger.

    Agency Affected: Federal Deposit Insurance Corporation

  16. Status: Closed - Implemented

    Comments: During 1993, FDIC developed written procedures governing the processing of financial reporting adjustments. The requirements of these procedures, if adhered to, appear adequate to address the concerns GAO reported.

    Recommendation: To address weaknesses in controls over financial reporting adjustments, the Acting Chairman, FDIC, should direct the head of the Division of Finance to establish written procedures for approving post-closing adjustments to the financial statements which would include guidance regarding the appropriate level of supervisory approval required for adjustments.

    Agency Affected: Federal Deposit Insurance Corporation

  17. Status: Closed - Implemented

    Comments: During 1993, FDIC developed an automated report to identify differences between the systems of its performing commercial and residential loan servicer and FDIC's financial information and asset management information systems. This report enables FDIC to more efficiently identify and resolve out-of-balance conditions between the systems on a timely basis.

    Recommendation: To address the weaknesses in reconciliations between FDIC and its principal performing loan servicer, the Acting Chairman, FDIC, should direct the heads of the Division of Finance and the Division of Depositor and Asset Services to monitor reconciliation activity between the servicer's loan system and LAMIS and FIS to ensure that delinquent reconciliations are promptly completed and any adjustments to the receivership asset balances are promptly made.

    Agency Affected: Federal Deposit Insurance Corporation

  18. Status: Closed - Implemented

    Comments: During 1993, FDIC established a systematic ongoing process for conducting audits of assessments due SAIF. This control should ensure that FDIC receives all appropriate assessment revenue and that this assessment revenue is accurately applied to the specific fund.

    Recommendation: To address weaknesses in controls over recording SAIF assessment income, the Acting Chairman, FDIC, should direct the head of the Division of Finance to routinely perform detailed reviews of all insured institutions' certified statements to ensure that these institutions properly calculate their insurance assessments and record any adjustments resulting from these reviews in SAIF financial statements in the period in which the assessments were earned.

    Agency Affected: Federal Deposit Insurance Corporation

  19. Status: Closed - Implemented

    Comments: During 1993, FDIC developed an automated report to identify differences between the systems of its performing commercial and residential loan servicer and FDIC's financial information and asset management information systems. This report enables FDIC to more efficiently identify and resolve out-of-balance conditions between the systems on a timely basis.

    Recommendation: To address the weaknesses in reconciliations between FDIC and its principal performing loan servicer, the Acting Chairman, FDIC, should direct the heads of the Division of Finance and the Division of Depositor and Asset Services to automate the reconciliation process between the servicer's loan system and LAMIS and FIS to assist in the timely and accurate preparation of reconciliations of receivership asset balances.

    Agency Affected: Federal Deposit Insurance Corporation

 

Explore the full database of GAO's Open Recommendations »

Jul 25, 2016

Jul 5, 2016

May 6, 2016

Apr 21, 2016

Apr 18, 2016

Apr 12, 2016

Mar 28, 2016

Mar 8, 2016

Feb 16, 2016

Jan 27, 2016

Looking for more? Browse all our products here