Other Matters Identified During GAO's 1998 FDIC Financial Statement Audits
AIMD-99-275R: Published: Aug 24, 1999. Publicly Released: Aug 24, 1999.
Pursuant to a legislative requirement, GAO provided information on internal control weaknesses identified during GAO's audits of the Federal Deposit Insurance Corporation's (FDIC) 1998 financial statements.
GAO noted that: (1) FDIC calculates loss allowances on receivables from resolution of troubled and failed financial institutions, and on assets acquired from assisted financial institutions and terminated receiverships; (2) to calculate these loss allowances, FDIC relies on both mainframe and personal computer-based programs; (3) in 1998, GAO found an internal control weakness in the data processing associated with calculating these loss allowances that resulted in immaterial errors in the financial statements that were not detected by FDIC; (4) GAO found that some data relating to the calculation of the loss allowance on assets acquired was erroneously included in the calculation of the loss allowance for receivables from resolutions; (5) GAO suggests that FDIC reconcile the book value of the assets acquired used in the calculation of the loss allowance on assets acquired from assisted financial institutions and terminated receiverships to the liquidation general ledger balances; (6) FDIC has stated that it is correcting these situations; (7) the Financial Information Processing Control Unit (FIPCU) within FDIC's Division of Finance (DOF) is responsible for entering changes to the Financial Information Management System (FIMS) account maintenance tables and for granting transaction privileges to users; (8) during GAO's testing of FIMS, GAO found that although separate duties were assigned, all 11 employees of FIPCU could grant user transaction privileges, perform FIMS account maintenance, and enter transactions to FIMS; (9) GAO suggests that FDIC analyze its staffing resources and duties within FIPCU and institute appropriate and effective segregation of duties; (10) FDIC uses electronic funds transfer (EFT) to pay many vendors for goods and services; (11) the Vendor File Maintenance Group in DOF has the responsibility for maintaining an electronic file that contains the needed EFT related data for each vendor; (12) GAO found that the Vendor File Maintenance Group has the ability to modify data in the vendor maintenance table without independent review or verification and without confirmation with the vendor; (13) accordingly, unauthorized or incorrect changes to EFT data could be made and not be timely detected by FDIC; and (14) GAO suggests that all EFT related data changes be verified by an independent individual who does not have the capability to change the data.