Securities and Exchange Commission's Financial Statements for Fiscal Years 2009 and 2008
GAO-10-250, Nov 16, 2009
Established in 1934 to enforce the securities laws and protect investors, the United States Securities and Exchange Commission (SEC) plays an important role in maintaining the integrity of the U.S. securities markets. Pursuant to the Accountability of Tax Dollars Act of 2002, SEC is required to prepare and submit to Congress and the Office of Management and Budget audited financial statements. GAO agreed, under its audit authority, to perform the audit of SEC's financial statements to determine whether (1) the financial statements are fairly stated, and (2) SEC management maintained effective internal control. GAO also tested SEC's compliance with selected provisions of significant laws and regulations.
In GAO's opinion, SEC's fiscal years 2009 and 2008 financial statements are fairly presented in all material respects. However, in GAO's opinion, SEC did not have effective internal control over financial reporting as of September 30, 2009. Recommendations for corrective action will be included in a separate report. During this year's audit, we identified six significant deficiencies that collectively represent a material weakness in SEC's internal control over financial reporting. The significant deficiencies involve SEC's internal control over (1) information security, (2) financial reporting process, (3) fund balance with Treasury, (4) registrant deposits, (5) budgetary resources, and (6) risk assessment and monitoring processes. These internal control weaknesses give rise to significant management challenges that have reduced assurance that data processed by SEC's information systems are reliable and appropriately protected; impaired management's ability to prepare its financial statements without extensive compensating manual procedures; and resulted in unsupported entries and errors in the general ledger. As we reported last year, SEC's ability to sustain effective internal control over financial reporting was at risk due to its continued reliance on processes and systems that were not designed to provide the accurate, complete, and timely transaction-level financial information that management needs to make well-informed decisions, or to accumulate and report reliable financial information without extensive manual workarounds and compensating controls. During this year's audit, the nature of the errors and related internal control deficiencies we found indicate that SEC was unable to sustain the level of effort and resources needed to compensate for these deficient processes and systems to achieve effective internal control over financial reporting. These deficiencies are likely to continue to exist until SEC's general ledger system is either significantly enhanced or replaced, key accounting activity is fully integrated with the general ledger at the transaction level, information security controls are strengthened, and appropriate resources are dedicated to maintaining effective internal controls. In the interim, SEC will need to place greater emphasis on monitoring the current risks and vulnerabilities, along with the related compensating procedures, to determine whether these risks are being adequately mitigated on an ongoing basis. Successfully addressing these issues is critical to maintaining SEC's credibility given its important role in the financial reporting process of registrants, and is vital to achieving SEC's stated vision to be the standard against which federal agencies are measured.