Management Report:

Improvements Needed in SEC's Internal Controls and Accounting Procedures

GAO-11-348R: Published: Mar 29, 2011. Publicly Released: Mar 29, 2011.

Additional Materials:

Contact:

James R. Dalkin
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

On November 15, 2010, we issued our opinion on the U. S. Securities and Exchange Commission's (SEC) fiscal years 2010 and 2009 financial statements. We also issued our opinion on the effectiveness of SEC's internal controls over financial reporting as of September 30, 2010, and our evaluation of SEC's compliance with selected provisions of laws and regulations during fiscal year 2010. In that report we identified material weaknesses in SEC's controls. The purpose of this report is to present (1) more detailed information and our recommendations related to the material weaknesses we reported and discussed in our opinion report; (2) less significant internal control issues we identified during our fiscal year 2010 audit of SEC's internal controls and accounting procedures, along with our related recommended corrective actions; (3) summary information on the status of the recommendations reported as open in our March 31, 2010, management report, and (4) the status of the security weaknesses in information systems controls at SEC that we identified in public and "Limited Official Use Only" reports issued in 2005 through 2009, that were unresolved at the time of our March 31, 2010, management report.

As part of our audit of SEC's fiscal years 2010 and 2009 financial statements, we identified two material weaknesses in internal control as of September 30, 2010. These material weaknesses concern SEC's (1) information systems controls and (2) controls over financial reporting and accounting processes. The material weakness we identified over information systems, including continuing deficiencies reported in prior audits, spanned both SEC's general support system and all key SEC financial reporting applications. The material weakness in financial reporting and accounting processes we identified encompassed deficiencies in five areas of SEC's operations and related reporting: (1) financial reporting process, (2) budgetary resources, (3) registrant deposits, (4) disgorgement and penalties, and (5) required supplementary information. These material weaknesses may adversely affect the accuracy and completeness of information used and reported by SEC's management. We are making a total of 30 new recommendations to address these material weaknesses. We also identified other internal control issues that, although not considered material weaknesses or significant control deficiencies, warrant SEC management's consideration. These issues concern: (1) proper and timely approvals of disbursements, (2) review of service providers' auditor reports, and (3) controls over travel transaction documentation. We are making a total of 3 new recommendations related to these less significant control deficiencies. We are also providing summary information on the status of SEC's actions to address the recommendations from our prior audits as of the conclusion of our fiscal year 2010 audit. Specifically, as summarized in enclosure I, by the end of our fiscal year 2010 audit, we found SEC took action to fully address 17 of the 50 recommendations from our prior audits that were open at the time of our March 31, 2010, management report. Lastly, we are providing summary information on the status of SEC's actions to address previously reported information system security weaknesses. Specifically, as of the end of fiscal year 2010, we found SEC took action to address 18 of the 22 security weaknesses in information systems controls that were open at the time of our March 31, 2010, management report. In providing written comments on a draft of this report, the SEC Chairman stated that remediation of the agency's two material weaknesses is a top priority for SEC. The Chairman stated that SEC is taking a number of steps to address the material weaknesses this fiscal year; however, putting SEC's internal controls on a solid footing over the long term primarily requires significant investment in SEC's financial systems. The Chairman also stated that the centerpiece of SEC's remediation strategy is to migrate its core financial system and transaction processing to a Federal Shared Service Provider. SEC also provided technical comments which we incorporated as appropriate. We will evaluate SEC's actions, strategies, and plans as part of our fiscal year 2011 audit.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: The Chairman of the SEC should direct the COO and CFO to develop and implement policies and procedures detailing the steps and documentation required to effectively control and monitor travel expenses paid through the central billing account, including steps required to ensure documented receipt of refunds or credits for travel/tickets that were previously paid for by SEC but subsequently canceled.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to develop and implement policies and procedures to reconcile SEC's calculated interest receivable to interest receivable amounts reported by BPD.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to develop and implement policies and procedures to reconcile investment balances reported by BPD to SEC records of investment purchase and withdrawal transactions processed during the reporting period.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to develop and implement policies and procedures to record investment activity in the general ledger using investment purchase and withdrawal requests submitted to Bureau of Public Debt (BPD).

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to augment policies and procedures concerning supervisory review of key spreadsheets used for financial disclosures to provide assurance that calculations within the spreadsheets are accurate.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to augment policies and procedures concerning SEC's monthly review and recalculation of securities transaction fee assessments to include procedures to ensure that the appropriate fee rate is used in the calculation of accounts receivable.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to augment procedures over the preparation of the monthly accounts payable accrual entry to provide for identification of all instances in which a good or service has been received and accepted but has not yet been paid prior to month-end.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to develop and implement procedures over the preparation of the monthly accounts payable accrual calculation and entry to provide assurance that all organization codes are included in the calculation.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to augment existing control procedures over the "GL Summary file" by requiring documented approval by SEC management before making the file available to key users to calculate manual adjustments.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and Chief Financial Officer (CFO) to augment policies and procedures to ensure the completeness of the "GL Summary file" used to prepare monthly trial balance reports, including procedures for identifying and notifying management and key users of any errors or omissions detected in the report.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman of the SEC should direct the COO and CIO to conduct an analysis of the cost and benefits of relocating the Alternate Data Center (ADC) to a different geographical area in comparison with the cost of recreating data if a major disaster compromised data at both primary Operations Center (OPC) and ADC locations.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman of the SEC should direct the COO and CIO to perform and document a business impact analysis (BIA) for the GSS in accordance with SEC policy.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman of the SEC should direct the COO and CIO to establish a mechanism to ensure current procedures to periodically review the information system access and roles of all SEC personnel for suitability and compliance with authorized security forms are followed, consistent with SEC policy.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: In addition to completing actions that address the outstanding previously reported information system security-related weaknesses, the Chairman of the SEC should direct the COO and CIO to establish a mechanism to ensure current procedures for audit logging and audit log monitoring activities are followed for all financial systems.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: In addition to completing actions that address the outstanding previously reported information system security-related weaknesses, the Chairman of the SEC should direct the COO and CIO to establish a mechanism to ensure current procedures to ensure timely follow up on outstanding general support system (GSS) Plan of Action and Milestones (POA&M) items are followed, consistent with SEC policy.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: In addition to completing actions that address the outstanding previously reported information system security-related weaknesses, the Chairman of the SEC should direct the Chief Operating Officer (COO) and Chief Information Officer (CIO) to establish a mechanism to ensure current procedures for implementing all elements of an entitywide information security program for GSS are followed, consistent with Federal Information Security Management Act (FISMA) requirements and National Institute of Standards and Technology (NIST) guidance.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to augment existing control procedures over the processing of journal vouchers (JV) transactions to provide assurance that JVs processed into the general ledger reflect transactions approved by management. Such procedures should provide for accurate JV transaction posting at the account, fund, organization, and budget object class level.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies in internal control over the financial reporting and accounting processes we reaffirm our open recommendation from our prior audits related to the development of useful reports within SEC's general ledger system. In addition, the Chairman of the SEC should direct the COO and CFO to develop and implement reconciliation, validation, and analytical procedures to ensure the reliability of the "Open Obligations Review Reports" used by the various SEC divisions and offices in their review of unliquidated obligations.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: We reaffirm our prior recommendation that SEC establish procedures to comprehensively identify and assess risk related to SEC's payroll-related activities, including risk associated with user controls identified by its payroll service provider in SAS No. 70 reports. The Chairman should direct the COO and CFO also to establish and implement procedures requiring review of the payroll service provider SAS No. 70 report to include consideration of whether compensating controls are needed to address any open exceptions in the report that affect SEC's payroll processing.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: We reaffirm our prior recommendation that SEC investigate the causes of late payments and develop and implement any necessary corrective action. The Chairman should direct the COO and CFO to establish a mechanism to monitor compliance with the documentation requirements under SEC regulations to ensure proper, consistent approval of invoices by Contracting Officer's Technical Representatives (COTR), Inspection and Acceptance Officials (IAO), and other designated persons and retention of their appointment letters, if applicable.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman of the SEC should direct the COO and CFO to augment procedures concerning SEC's review of its financial statements to specify review steps necessary to ensure that all applicable financial statements, related notes, and required supplementary information required under OMB Circular No. A-136 are presented.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman of the SEC should direct the COO and CFO, in coordination with the Director of Enforcement as applicable, until posting configurations for amounts disbursed from SEC's Deposit Suspense Liability accounts are corrected, to establish and implement interim procedures to evaluate balances residing in SEC's Deposit Suspense Liability accounts and adjust related accounts for amounts that have already been disbursed prior to the close of each accounting period.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman of the SEC should direct the COO and CFO, in coordination with the Director of Enforcement as applicable, to revise existing posting configurations to account for amounts disbursed from SEC's Deposit Suspense Liability accounts in accordance with the U.S. Standard General Ledger (USSGL).

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman of the SEC should direct the COO and CFO, in coordination with the Director of Enforcement as applicable, to establish and implement procedures for recording all check collections in the general ledger in the same fiscal period they are received in accordance with generally accepted accounting principles.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman of the SEC should direct the COO and CFO, in coordination with the Director of Enforcement as applicable, to develop and implement procedures to provide for footnote disclosures concerning post-judgment interest amounts accrued on uncollectible accounts receivable in accordance with generally accepted accounting principles.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman of the SEC should direct the COO and CFO, in coordination with the Director of Enforcement as applicable, to develop and implement policies and procedures to calculate and accrue for post-judgment interest amounts collectible prior to closing the accounting period in accordance with generally accepted accounting principles.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman of the SEC should direct the COO and CFO, in coordination with the Director of Enforcement as applicable, to develop and implement policies and procedures to identify and post receivable transactions for court orders initiating the transfer of monies to the SEC after a distribution has occurred in accordance with generally accepted accounting principles.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman of the SEC should direct the COO and CFO, in coordination with the Director of Enforcement as applicable, to augment current procedures to require that Enforcement's reviews of disgorgement and penalty data in the case-management system be completed prior to closing the accounting period.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman of the SEC should direct the COO and CFO to augment existing policies and procedures to provide for supporting documentation for MOs consistent with applicable guidance provided in OMB Circular No. A-11.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman of the SEC should direct the COO and CFO to implement procedures to prepare and post correcting budgetary transactions prior to the close of the monthly accounting period until such time that SEC is able to correct configuration limitations of its general ledger system.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To help address the deficiency in control over the recording of MOs, we reaffirm the recommendation from our prior audit to require an approved purchase requisition before certifying fund availability. In addition, the Chairman of the SEC should direct the COO and CFO to develop and implement documented control procedures to ensure liquidation and/or deobligation of remaining travel obligations after the completion of the travel.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To help address the deficiency in control over the recording of MOs, we reaffirm the recommendation from our prior audit to require an approved purchase requisition before certifying fund availability. In addition, the Chairman of the SEC should direct the COO and CFO to augment guidance in SEC's Unliquidated Obligation Review Process to provide, at a minimum: (a) clarifying and communicating the responsibilities for recording deobligations; and (b) clarifying when to deobligate unliquidated obligations with no recent activity for financial reporting purposes and for contract close-out purposes for completed contracts to be consistent with applicable federal financial reporting guidance and OMB Circular No. A-11, "Preparation, Submission, and Execution of the Budget."

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To help address the deficiency in control over the recording of miscellaneous purchase order documents (MO), we reaffirm the recommendation from our prior audit to require an approved purchase requisition before certifying fund availability. In addition, the Chairman of the SEC should direct the COO and CFO to augment existing policies and procedures for recording obligations to include, at a minimum: (a) back-up procedures for the recording of obligations in the event that responsible employees are unable to perform their assigned duties; and (b) controls designed to ensure that SEC offices submit obligating documents to OFM for processing as obligations are incurred.

    Agency Affected: United States Securities and Exchange Commission

    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Mar 27, 2014

    Mar 13, 2014

    Mar 12, 2014

    Feb 27, 2014

    Dec 23, 2013

    Dec 16, 2013

    Dec 12, 2013

    Dec 11, 2013

    Looking for more? Browse all our products here