Summary
On November 16, 2007, we issued our report on the U.S. Securities and Exchange Commission's (SEC) fiscal years 2007 and 2006 financial statements and on SEC's internal control as of September 30, 2007. We also reported on the results of our tests of SEC's compliance with selected provisions of laws and regulations during fiscal year 2007. The purpose of this report is to present areas of SEC's internal controls identified during our fiscal year 2007 audit that could be improved. This report contains 14 recommendations to SEC to improve these internal controls and procedures. These recommendations are in addition to those we already provided to SEC as a result of our prior audits of SEC's financial statements.
Our November 16, 2007, report concluded that SEC had a material weakness in internal control over its financial reporting process, and therefore did not maintain effective internal control over financial reporting as of September 30, 2007. This weakness is comprised of four significant deficiencies, which taken collectively result in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected. These significant deficiencies concern (1) the period-end financial reporting process, (2) disgorgements and penalties accounts receivable, (3) accounting for transaction fee revenue, and (4) preparing financial statement disclosures. In addition to the material weakness discussed above, we identified three significant deficiencies in internal control, which although not material weaknesses, represent significant deficiencies in the design or operation of internal control. These significant deficiencies concern (1) information security controls, (2) property and equipment, and (3) accounting for budgetary resources. As of January 2008, SEC had taken actions to fully address 3 of the 23 recommendations that remained open as of January 2007 from our audits of the agency's 2004, 2005, and 2006 financial statements. We also identified one other internal control weakness that although not considered to be a material weakness or significant deficiency, we believe warrants SEC management's consideration as to whether additional actions are warranted. This issue concerns certification of employees' time cards, documentation of monitoring of time card certification, and approval of personnel actions. In providing written comments on a draft of this report, the SEC Chairman expressed his commitment to remediate the control deficiencies this fiscal year and summarized SEC's corrective action plans to address GAO's recommendations.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director:
Team:
Phone:
Steven J. Sebastian
Government Accountability Office: Financial Management and Assurance
(202) 512-9471
Recommendations for Executive Action
Recommendation: To improve its period-end financial reporting process controls, SEC should integrate subsystems that process significant accounting data with the general ledger.
Agency Affected: United States Securities and Exchange Commission
Status: Open
Comments: We will review this recommendation during our FY2009 audit.
Recommendation: To improve its period-end financial reporting process controls, SEC should, until subsystems are fully integrated, develop and implement documented data reliability checks for data extracted from nonintegrated subsidiary systems, including spreadsheets. These data reliability checks should include supervisory review.
Agency Affected: United States Securities and Exchange Commission
Status: Open
Comments: We will review this recommendation during our FY2009 audit.
Recommendation: To improve its period-end financial reporting process controls, SEC should prepare written procedures which describe explicitly the steps required to accomplish and document each significant activity in the general ledger closing process and in the generation of the financial statements, including related disclosures.
Agency Affected: United States Securities and Exchange Commission
Status: Closed - implemented
Comments: In our fiscal year 2007 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that SEC did not have detailed written documentation of its methodologies and procedures for the general ledger closing process or generation of the financial statements, increasing the risk of inconsistency, improper reporting, and disruptions resulting from staff turnover. In our April 2008 report to SEC management concerning this weakness, we recommended that SEC prepare written procedures detailing the specific steps required to accomplish and document all significant activities in the general ledger closing process and in the generation of the financial statements, including related disclosures. In response to our recommendation, during fiscal year 2008 SEC issued procedures detailing the specific steps and documentation related to the closing process and generation of financial statements. These procedures if fully and effectively implemented, should significantly improve its internal control over the period-end financial reporting processes.
Recommendation: To improve its disgorgement and penalties accounts receivable controls, SEC should develop and implement controls over the calculation of disgorgement and penalties accounts receivable, including the reliability of data downloaded from Phoenix and the accuracy of spreadsheet cell formulas and related methodologies.
Agency Affected: United States Securities and Exchange Commission
Status: Open
Comments: We will review this recommendation during our FY2009 audit.
Recommendation: To improve its accounting for transaction fee revenue controls, SEC should establish and implement detailed written procedures for recording transaction fee revenue and the related receivable, including procedures for recognizing data received after the balance sheet date but prior to issuance of the financial statements.
Agency Affected: United States Securities and Exchange Commission
Status: Closed - implemented
Comments: In our fiscal year 2007 audit of the Securities and Exchange Commission's (SEC) financial statements, we found that SEC did not have written procedures to ensure that its estimates of amounts receivable for fees payable by self-regulatory organizations (SRO) for stock transactions were adjusted to reflect the actual volume of transactions occurring during the month of September as a routine part of its year-end financial reporting process. Specifically, SEC did not adjust its amount receivable to reflect actual transaction volume for the month of September which was reported by the SROs in October, after the balance sheet date but prior to the issuance of the financial statements. As a result, SEC's estimated receivable amount at September 30, 2007 of $100.6 million was not properly adjusted to reflect the $74.4 million of actual transactions reported by the SROs in mid-October. In our April 2008 report to SEC management concerning this weakness, we recommended that SEC establish and implement detailed written procedures for recording transaction fee revenue and the related receivable, including procedures for recognizing data received after the balance sheet date but prior to issuance of the financial statements. In response to our recommendation, during fiscal year 2008 SEC implemented detailed procedures specifying documentation requirements for recording transaction fee revenue and the related receivable and incorporated a procedure for adjusting the Section 31 Fee Receivable Balance into its year end closing schedule. If fully and effectively implemented, these new procedures should enable SEC to significantly improve its process for reporting and accounting for transaction fee revenue.
Recommendation: To improve its financial statement disclosure preparation controls, SEC should establish and implement detailed written procedures for the preparation and review of the financial statement disclosures, including the comparison of financial statement disclosure amounts to related information presented in the current and previous year financial statements and Management's Discussion and Analysis.
Agency Affected: United States Securities and Exchange Commission
Status: Closed - implemented
Comments: In our fiscal year 2007 audit of the Securities and Exchange Commission's (SEC) financial statements, we identified numerous errors in SEC's year-end draft financial statement footnote disclosures, including misstated amounts, improper breakout of line items, and amounts incorrectly brought forward as beginning balances. We also found SEC did not have a documented timeline and process for completing the fiscal year 2007 financial statements and disclosures, including provisions for review of the disclosures. The lack of such an established process prevented SEC finance staff from scheduling sufficient time to carry out thorough and complete reviews of the disclosures and still meet the reporting deadline. In our April 2008 report to SEC management concerning this weakness, we recommended that SEC establish and implement detailed written procedures for the preparation and review of the financial statement disclosures, including the comparison of disclosure amounts to the related information presented in the financial statements and Management's Discussion and Analysis. In response to our recommendation, during fiscal year 2008 SEC established and implemented documented procedures for the preparation of financial statement footnotes. If fully and effectively implemented, these new procedures should enable SEC to significantly improve financial reporting controls over its process for preparing financial statement footnotes.
Recommendation: To improve its property and equipment controls, in addition to GAO's previous recommendations in this area, SEC should establish and implement controls over invoiced property costs and dates to ensure that property and equipment acquisitions are accurately recorded in the relevant subsidiary ledgers for personal property, leasehold improvement, and software.
Agency Affected: United States Securities and Exchange Commission
Status: Open
Comments: We will review this recommendation our FY2009 audit.
Recommendation: To improve its property and equipment controls, in addition to GAO's previous recommendations in this area, SEC should establish and implement controls to ensure proper calculation of depreciation and amortization of additions to existing items over the remaining useful lives of the associated items.
Agency Affected: United States Securities and Exchange Commission
Status: Closed - implemented
Comments: In our fiscal year 2007 audit of the Securities and Exchange Commission's (SEC) financial statements, we identified formula errors in SEC's spreadsheet used to calculate depreciation and amortization related to property acquisitions or improvements. In our April 2008 report to SEC management concerning this weakness, we recommended that SEC establish and implement controls to ensure proper calculation of depreciation and amortization of property additions. In July 2008, in response to our recommendation, and as part of the new integrated property and equipment subsidiary ledger, SEC established standard depreciation schedules within its core financial system for the automatic depreciation and amortization of its capitalized assets. Based on our recalculation of accumulated depreciation and amortization of balances at September 30, 2008, we concluded that SEC has established effective controls over such calculations. This automated calculation capability significantly improved property and equipment financial reporting reliability, including controls to assure the accurate calculation of depreciation and amortization of property and equipment additions.
Recommendation: To improve its budgetary accounting controls, SEC should correct general ledger system configurations to properly account for upward and downward adjustments of prior-years' undelivered orders in accordance with the U.S. Standard General Ledger.
Agency Affected: United States Securities and Exchange Commission
Status: Open
Comments: We will review this recommendation during our FY2009 audit.
Recommendation: To improve its budgetary accounting controls, SEC should establish and implement controls over obligation-related entries (including original obligations, corrections, and deobligations) to ensure the use of correct U.S. Standard General Ledger accounts and the recording of correct amounts.
Agency Affected: United States Securities and Exchange Commission
Status: Open
Comments: We will review this recommendation during our FY2009 audit.
Recommendation: To improve its budgetary accounting controls, SEC should clarify administrative control of funds guidance and document the responsibilities of the staff performing obligation-related activities with regard to recording obligations in accordance with the recording statute.
Agency Affected: United States Securities and Exchange Commission
Status: Open
Comments: We will review this recommendation during our FY2009 audit.
Recommendation: To improve its budgetary accounting controls, SEC should establish and implement controls to ensure that SEC staff adheres to existing policies and procedures to prevent violations of the recording statute.
Agency Affected: United States Securities and Exchange Commission
Status: Open
Comments: We will review this recommendation during our FY2009 audit.
Recommendation: To improve its payroll controls, in addition to GAO's previous recommendations in this area, SEC should establish and implement procedures for documenting evidence of monitoring of time card certifications and include procedures to document any identified exceptions.
Agency Affected: United States Securities and Exchange Commission
Status: Open
Comments: We will review this recommnendation during our FY2009 audit.
Recommendation: To improve its payroll controls, in addition to GAO's previous recommendations in this area, SEC should segregate key responsibilities over the approval of personnel actions so that no one individual approves his own personnel action.
Agency Affected: United States Securities and Exchange Commission
Status: Open
Comments: We will review this recommendation during our FY2009 audit.
