Management Report:

Opportunities for Improvements in FDIC's Internal Controls and Accounting Procedures

GAO-11-23R: Published: Nov 30, 2010. Publicly Released: Nov 30, 2010.

Additional Materials:

Contact:

Steven J. Sebastian
(202) 512-3406
sebastians@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

In June 2010, we issued our report on the results of our audit of the financial statements of the Deposit Insurance Fund (DIF) and the FSLIC Resolution Fund (FRF) as of, and for the years ending December 31, 2009, and 2008, and on the effectiveness of the Federal Deposit Insurance Corporation's (FDIC) internal control over financial reporting as of December 31, 2009. We also reported our conclusions on FDIC's compliance with selected provisions of laws and regulations. During our 2009 financial audit, we identified several control deficiencies over FDIC's process for deriving and reporting estimates of losses to the DIF from financial institution resolution transactions involving loss-sharing agreements. These deficiencies led to misstatements in the draft DIF financial statements, which were ultimately corrected through adjustments to achieve fair presentation in the final financial statements. Although the net adjustments were not material to the DIF's financial statements, the nature of the control deficiencies we identified were such that a reasonable possibility existed that a material misstatement of the DIF's financial statements would not be prevented, or detected and corrected on a timely basis. Thus, these control deficiencies collectively represented a material weakness in FDIC's internal control over financial reporting related to estimated losses from loss-sharing agreements. During our 2009 financial audit, we also identified control deficiencies with respect to FDIC's information-systems security that increased the risk of unauthorized modification and disclosure of financial and other sensitive information, and disruption of critical operations. These control deficiencies, which collectively represented a significant deficiency, reduced FDIC's ability to ensure that authorized users only had the access needed to perform their assigned duties and that its systems were sufficiently protected from unauthorized access. We are issuing a separate report on the issues affecting FDIC's information systems identified during our 2009 audit, along with associated recommendations. The purpose of this report is to discuss in more detail the control deficiencies that collectively represented the material weakness in FDIC's internal control over financial reporting related to its loss-share estimation process and to discuss other internal control issues identified during our 2009 audit for which we did not have previous recommendations. Although not all of these issues were discussed in our report on the results of our 2009 financial statement audit, they all warrant FDIC management's attention and correction. This report provides 14 recommendations to address the internal control issues we identified during our 2009 audit. This report also provides the status of recommendations from prior audits we made to address previously identified internal control issues.

We identified three deficiencies in FDIC's internal control related to its process for estimating losses associated with resolutions involving loss-sharing agreements during our 2009 financial audit, which, collectively, represented a material weakness in internal control over financial reporting: (1) FDIC lacked controls in place to ensure its staff consistently applied its methodology for deriving loss rates and for preventing, or detecting and correcting, errors in calculating initial and updated loss estimates for loss-sharing agreements. As a result, more than 25 percent of FDIC's 2009 estimates contained errors. (2) FDIC lacked policies and procedures requiring documentation to (1) support the basis for assumptions contained in the complex spreadsheets used to calculate 2009 loss-share loss estimates, and (2) demonstrate management's review and approval of those assumptions. This increased the risk that critical assumptions may not provide accurate estimates of losses. (3) FDIC's review process over its calculation of the corporate-level allowance for loss for the Receivables from Resolutions, net line item reported on the DIF's balance sheet was not effective in preventing, or detecting and correcting, errors in the calculation. As a result, multiple errors or omissions were not timely identified and corrected. We identified seven other deficiencies in FDIC's internal control that individually or in the aggregate did not constitute material weaknesses or significant deficiencies, but which nonetheless require FDIC management's attention and correction: (1) FDIC lacked written policies and procedures for documenting the review and approval of payments made on loss-sharing agreements for much of 2009. As a result, evidence of review to ensure that documentation accompanying payment requests from acquiring institutions was accurate and adequately supported the payments was inconsistent or missing. (2) FDIC did not always complete reconciliations of its receivership general ledger to the receivership operating bank account statements within reasonable time frames. As a result, FDIC did not always timely identify and resolve errors and omissions during the year in its receivership general ledger records related to its receivership disbursements. (3) FDIC did not resolve unreconciled differences between the DIF's cash accounts and the records of the Federal Home Loan Bank (FHLB) of New York in a timely manner. As a result, two general ledger cash accounts for the DIF had incorrect balances as of December 31, 2009. (4) FDIC's written policies and procedures did not assign specific responsibility for processing and administering receivership disbursements and managing related liabilities. This increased the risk of inconsistency and error in processing receivership disbursements, and reduced FDIC's ability to effectively manage the associated liabilities. (5) FDIC's controls over its process for estimating potential losses to the DIF under the Debt Guarantee Program (DGP) were not fully effective in identifying and correcting errors. As a result, an error in a computer-based formula used to estimate a reasonably possible loss amount for debt that FDIC guaranteed under the DGP. (6) FDIC's procedures to monitor losses associated with the year end contingent liabilities for the DIF under the Transaction Account Guarantee (TAG) program were not consistent with its procedures for assuring the reasonableness of the year end contingent liabilities for anticipated failure of insured institutions. Because both estimates are affected by similar events, the effect of such events on both estimates should be evaluated on a consistent basis. (7) FDIC misclassified a property and equipment adjustment to the Accounts Payable and Other Liabilities line item on the DIF's statement of cash flows, causing errors in DIF's statement of cash flows that needed to be corrected prior to issuance of the financial statements.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: The Deputy to the Chairman and Chief Financial Officer should direct the appropriate FDIC officials to establish a mechanism for monitoring implementation of newly issued policies and procedures within FDIC's Division of Resolutions and Receiverships (DRR) regarding the review process for calculation of initial loss-share loss estimates to verify compliance by DRR personnel.

    Agency Affected: Federal Deposit Insurance Corporation: Deputy to the Chairman and Chief Financial Officer

    Status: Closed - Implemented

    Comments: To address this recommendation, FDIC chartered the Closed Bank Financial Risk Committee (FRC) to provide governance and monitoring for policies and procedures related to assumptions and controls over the Least Cost Test methodology, which includes estimating the total cost of resolving failed banks, estimating costs specific to loss-sharing agreements, and valuing failed bank assets. We reviewed the charter of the FRC during the 2010 financial audit and concluded this is an effective governance and monitoring tool.

    Recommendation: The Deputy to the Chairman and Chief Financial Officer should direct the appropriate FDIC officials to develop specific procedures for developing the loss-share worksheet, to include documenting the assumptions made in the loss-share worksheet and the rationale behind existing assumptions.

    Agency Affected: Federal Deposit Insurance Corporation: Deputy to the Chairman and Chief Financial Officer

    Status: Closed - Implemented

    Comments: To address this recommendation, FDIC established the Closed Bank Financial Risk Committee (FRC), which meets quarterly to review the methodology and assumptions used in the loss-share worksheet section of the Least Cost Test document (including loss-share). As a part of this, all new assumptions and methodologies for the Least Cost Test must be documented and explained before they are implemented and FDIC now requires them to be approved in writing by the Associate Director of the Franchise Asset Marketing Branch. We reviewed the charter of the FRC in December 2010 and concluded this is an effective governance and monitoring tool. We also concluded the additional review and approval by the Associate Director of the Franchise and Asset Marketing Branch is an effective control.

    Recommendation: The Deputy to the Chairman and Chief Financial Officer should direct the appropriate FDIC officials to develop policies and procedures to provide for and document periodic management review and approval of the loss-share worksheet, to include assumptions, and any changes in assumptions over time, used in preparing the worksheet.

    Agency Affected: Federal Deposit Insurance Corporation: Deputy to the Chairman and Chief Financial Officer

    Status: Closed - Implemented

    Comments: To address this recommendation, FDIC established the Closed Bank Financial Risk Committee (FRC), which meets quarterly to review and approve the methodology and assumptions used in the Least Cost Test (including loss-share). In addition, before new assumptions and methodologies for the Least Cost Test are implemented, they are approved in writing by the Associate Director of the Franchise Asset Marketing Branch. We reviewed the charter of the FRC in December 2010 and concluded this is an effective governance and monitoring tool. We also concluded the additional review and approval by the Associate Director of the Franchise and Asset Marketing Branch is an effective control and we will monitor FDIC compliance with that control as assumptions change.

    Recommendation: The Deputy to the Chairman and Chief Financial Officer should direct the appropriate FDIC officials to establish and document detailed procedures for Division of Finance (DOF) officials to follow in reviewing the Loan Loss Reserve (LLR) template calculations to ensure they are complete and accurate, including data requiring verification.

    Agency Affected: Federal Deposit Insurance Corporation: Deputy to the Chairman and Chief Financial Officer

    Status: Closed - Implemented

    Comments: To address this recommendation, FDIC embedded additional review checklist procedures into each Loan Loss Reserve (LLR) template to improve the review process for the LLR templates. We tested FDIC's new checklist procedure during our 2010 financial audit. Although FDIC's actions to improve its controls over the LLR template process were largely effective in preventing or detecting and correcting significant errors and omissions as of December 31, 2010, FDIC's review process did not always detect and correct errors as of year-end. In 2011, FDIC further improved the accuracy of the process by implementing a new WebFocus process to automatically import receivership information into the LLR templates. These actions addressed the intent of our recommendation.

    Recommendation: The Deputy to the Chairman and Chief Financial Officer should direct the appropriate FDIC officials to establish a mechanism to monitor the implementation of the newly issued policies and procedures pertaining to the documentation of review and approval of loss-share payment certificates.

    Agency Affected: Federal Deposit Insurance Corporation: Deputy to the Chairman and Chief Financial Officer

    Status: Closed - Implemented

    Comments: To address this recommendation, FDIC created a Loss Share Certificate and Data Checklist that is included in the loss-share payment voucher package along with the payment voucher, acquiring institution filed asset certificates, and asset loss schedules. The entire payment voucher package is reviewed and approved by management. We tested FDIC's new checklist process in December 2010 and found it to be working effectively.

    Recommendation: The Deputy to the Chairman and Chief Financial Officer should direct the appropriate FDIC officials to establish a monitoring process to ensure that reconciliations between the receivership general ledger and the receivership operating bank account are timely prepared and differences arising from these reconciliations are timely identified, researched, and resolved.

    Agency Affected: Federal Deposit Insurance Corporation: Deputy to the Chairman and Chief Financial Officer

    Status: Closed - Implemented

    Comments: To address this recommendation, in July 2010, FDIC established a written weekly reporting process to monitor whether receivership operating bank account reconciliations are prepared timely. We tested FDIC's implementation of its new process late in 2010 and found it to be working effectively.

    Recommendation: The Deputy to the Chairman and Chief Financial Officer should direct appropriate FDIC officials to establish a process to monitor the corporation's adherence to its procedures to complete reconciliations of the DIF's cash account balances, to timely resolve any unreconciled differences, and to identify and address any obstacles that would preclude the completion of such reconciliations.

    Agency Affected: Federal Deposit Insurance Corporation: Deputy to the Chairman and Chief Financial Officer

    Status: Closed - Implemented

    Comments: To address this recommendation, FDIC established written procedures for reconciling the Deposit Insurance Fund's cash account balances. FDIC has also coordinated with Federal Home Loan Bank of New York's check processing servicing company (FISERV) to receive check presentments in a time frame that allows FDIC to promptly reject previously voided checks. We tested FDIC's new procedures at the end of 2010 and found them to be working effectively.

    Recommendation: The Deputy to the Chairman and Chief Financial Officer should direct the appropriate FDIC officials to develop and implement written policies and procedures that prescribe specific actions required for assigning responsibility and detailing actions required to effectively review and approve payment vouchers, enter and verify payment vouchers in the accounts payable system, and generate receivership payments whether through check, wire, or electronic funds transfers (EFT).

    Agency Affected: Federal Deposit Insurance Corporation: Deputy to the Chairman and Chief Financial Officer

    Status: Closed - Implemented

    Comments: To address this recommendation, FDIC updated its policies and procedures to include assigning responsibility and giving guidance for approving payment vouchers and related activities.

    Recommendation: The Deputy to the Chairman and Chief Financial Officer should direct the appropriate FDIC officials to develop and implement written policies and procedures that prescribe specific actions required for reviewing receivership liabilities, including assigning responsibility and detailing actions required for performing oversight reviews and the frequency for performing such reviews.

    Agency Affected: Federal Deposit Insurance Corporation: Deputy to the Chairman and Chief Financial Officer

    Status: Closed - Implemented

    Comments: To address this recommendation, FDIC assigned a contractor to monitor receivership liabilities. Additionally, FDIC updated its policies and procedures and provided support showing how to perform a reconciliation of receivership liabilities. The updated procedures assigned responsibilities and provided guidance for approving receivership payment vouchers and related activities. FDIC's action to address our recommendation decreases the risk that liabilities are not paid promptly or are not accurately accounted for.

    Recommendation: The Deputy to the Chairman and Chief Financial Officer should direct the appropriate FDIC officials to develop and implement written policies and procedures that prescribe specific actions required for reviewing and canceling stale checks, including assigning specific responsibility, stating the frequency in which stale checks should be reviewed and cancelled, and detailing the manner in which banks are to be notified to cancel stale checks.

    Agency Affected: Federal Deposit Insurance Corporation: Deputy to the Chairman and Chief Financial Officer

    Status: Closed - Implemented

    Comments: To address this recommendation, FDIC updated its policies and procedures to include a policy that governs the frequency in which stale checks should be reviewed and cancelled.

    Recommendation: The Deputy to the Chairman and Chief Financial Officer should direct appropriate FDIC personnel to establish written procedures to provide for the periodic review of the computer program used in the DGP loss estimation process, how such reviews should be conducted, and documentation evidencing the review.

    Agency Affected: Federal Deposit Insurance Corporation: Deputy to the Chairman and Chief Financial Officer

    Status: Closed - Implemented

    Comments: To address this recommendation, FDIC developed written procedures to provide for periodic review of the computer program used in the Debt Guarantee Program loss estimation process, how such reviews should be conducted, and documentation evidencing the review. During our 2010 financial audit, we verified that these procedures were documented and implemented.

    Recommendation: The Deputy to the Chairman and Chief Financial Officer should direct the appropriate FDIC personnel to revise procedures to review and analyze the effect of institution failures that occur subsequent to year-end, but prior to the issuance of the DIF's financial statements, on the year-end contingent liabilities for TAG in a manner consistent with that performed for the contingent liability for anticipated failures.

    Agency Affected: Federal Deposit Insurance Corporation: Deputy to the Chairman and Chief Financial Officer

    Status: Closed - Implemented

    Comments: With the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act, beginning on December 31, 2010, and continuing through December 31, 2012, the contingent liability for the Transaction Account Guarantee Program (TAG) deposits was in essence replaced with a transaction account deposit guarantee program with the related contingent liability being consolidated within the Contingent Liabilities for Anticipated Failures line item on Deposit Insurance Fund's Balance Sheet. FDIC is now following the same subsequent event period procedures for the TAG deposit estimate as it does for the contingent liability for anticipated failures estimate, which satisfies the intent of this recommendation.

    Recommendation: The Deputy to the Chairman and Chief Financial Officer should direct appropriate staff to revise FDIC's process used to prepare the statement of cash flows to (1) include capital cash entries in determining the change in the "Accounts Payable and Other Liabilities" line item, and (2) include capital cash entries in the "Purchase of Property and Equipment" line item.

    Agency Affected: Federal Deposit Insurance Corporation: Deputy to the Chairman and Chief Financial Officer

    Status: Closed - Implemented

    Comments: FDIC revised its procedures for preparing the Deposit Insurance Fund's Statement of Cash Flows in a manner that improved the accuracy of the financial statements and thus met the intent of these recommendations.

    Mar 27, 2014

    Mar 13, 2014

    Mar 12, 2014

    Feb 27, 2014

    Dec 23, 2013

    Dec 16, 2013

    Dec 12, 2013

    Dec 11, 2013

    Looking for more? Browse all our products here