Federal Deposit Insurance Corporation Funds' 2006 and 2005 Financial Statements
GAO-07-371, Feb 13, 2007
GAO is required to annually audit the financial statements of the Deposit Insurance Fund (DIF) and FSLIC Resolution Fund (FRF), which are administered by the Federal Deposit Insurance Corporation (FDIC). GAO is responsible for obtaining reasonable assurance about whether FDIC's financial statements for DIF and FRF are presented fairly in all material respects, in conformity with U.S. generally accepted accounting principles, and whether FDIC maintained effective internal control over financial reporting and compliance. Also, GAO is responsible for testing FDIC's compliance with selected laws and regulations. Created in 1933 to insure bank deposits and promote sound banking practices, FDIC plays an important role in maintaining public confidence in the nation's financial system. In 1989, legislation to reform the federal deposit insurance system created three funds to be administered by FDIC: the Bank Insurance Fund (BIF) and the Savings Association Insurance Fund (SAIF), which protect bank and savings deposits, and FRF, which was created to close out the business of the former Federal Savings and Loan Insurance Corporation. In accordance with subsequent legislation passed in 2006, FDIC merged the BIF and SAIF into the newly established DIF on March 31, 2006.
In GAO's opinion, FDIC fairly presented, in all material respects, the 2006 and 2005 financial statements for the two funds it administers--DIF and FRF. GAO also found that FDIC had effective internal control over financial reporting and compliance for each fund. GAO did not find reportable instances of noncompliance with the laws and regulations it tested. On February 8, 2006, the President signed into law the Federal Deposit Insurance Reform Act of 2005 (the Act). Among its provisions, the Act called for the merger of the BIF and SAIF into a single deposit insurance fund. In 2006 the former BIF and SAIF were merged. The merger resulted in a new reporting entity, and financial results of the newly formed DIF were retrospectively applied as though they had been combined at the beginning of the reporting year as well as for prior periods presented for comparative purposes. In our prior year audit, we identified a reportable condition related to FDIC's information system controls. Specifically, FDIC had implemented a new financial system and, in doing so, did not ensure that controls were adequate to accommodate its new systems environment. During 2006, FDIC corrected many of these weaknesses and implemented mitigating or compensating controls. We concluded that the remaining issues related to information systems controls did not constitute a significant deficiency as of December 31, 2006. However, continued management commitment to an effective information security program will be essential to ensure that the corporation's financial and sensitive information will be adequately protected. In light of the evolving nature of information security with new exposures and threats continuing to develop, the corporation's information security program will need to dynamically adapt to address changing information security challenges. As FDIC continues to enhance its new financial system, which is based on an integrated financial management software package, the corporation's reliance on controls implemented in the single, integrated financial system will increase. GAO noted other less significant matters involving FDIC's internal controls, including information system controls, and will be reporting separately to FDIC management on these matters.