Management Report:

Opportunities for Improvement in the Bureau of Consumer Financial Protection's Internal Controls and Accounting Procedures

GAO-12-528R: Published: May 21, 2012. Publicly Released: May 21, 2012.

Additional Materials:

Contact:

Steven J. Sebastian
202-512-9521
sebastians@gao.gov

 

Gregory C. Wilshusen
(202) 512-6244
wilshuseng@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

During our audit of CFPB’s fiscal year 2011 financial statements, we identified seven internal control issues that could adversely affect CFPB’s ability to meet its internal control objectives. We do not consider these issues to represent material weaknesses or significant deficiencies in relation to CFPB’s financial statements. Nonetheless, we believe they warrant management’s attention and action. These issues concern necessary controls to ensure

  • complete and finalized documentation of CFPB’s accounting processes and procedures,in relation to CFPB’s financial statements. Nonetheless, we believe they warrant management’s attention and action. These issues concern necessary controls to ensure
  • an effective internal control assessment process supporting management’s internal control assertion,
  • security over CFPB’s data and information systems,
  • accurate calculation and timely recording of CFPB undelivered orders balances,
  • accurate calculation and timely disbursement of CFPB payroll transactions,
  • proper prior approval of CFPB travel transactions, and
  • timely recording of CFPB prepaid expenses as assets.

These issues increase the risk of CFPB not preventing or promptly detecting and correcting (1) misappropriation of assets because of reliance on insufficient internal controls; (2) unauthorized access, modification, or both of its data; and (3) misstatements in its financial statements. At the end of our discussion of each of these issues in the sections that follow, we present our related recommendations. These recommendations are intended to improve management’s oversight and controls and minimize the risk of misappropriation of assets, misstatements in CFPB’s accounts and financial statements, and unidentified vulnerabilities over the security of its data.

Why GAO Did This Study

In November 2011, we issued our opinion on the Bureau of Consumer Financial Protection’s (CFPB) fiscal year 2011 financial statements. Our report also included our opinion on the effectiveness of CFPB’s internal control over financial reporting as of September 30, 2011, and our evaluation of CFPB’s compliance with provisions of selected laws and regulations for the fiscal year ended September 30, 2011.

Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act, referred to as the Consumer Financial Protection Act of 2010, created CFPB. The act charged it with the responsibility of regulating the offering and provision of consumer financial products or services under the federal consumer financial laws. The act also requires CFPB to annually prepare financial statements, and further requires GAO to audit these statements. The Full-Year Continuing Appropriations Act, 2011, also requires that GAO audit CFPB’s financial statements. While CFPB began operations in 2010, fiscal year 2011 was its first full year of operations. As a newly established entity, CFPB spent the majority of fiscal year 2011 forming its structure and commencing operations.

The purpose of this report is to present additional information on the internal control and accounting procedure issues we identified during our audit of CFPB’s fiscal year 2011 financial statements and to provide our recommended actions to address those issues.

What GAO Recommends

We are making 10 recommendations for strengthening CFPB’s internal controls and accounting procedures.

For more information, contact contact Steven J. Sebastian at (202) 512-3406 or sebastians@gao.gov or Gregory C. Wilshusen at (202) 512-6244 or wilshuseng@gao.gov.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: The director of the CFPB should direct the Chief Financial Officer to finalize and approve CFPB's documented accounting policies and procedures to include requirements for thoroughly documenting all key accounting policies and procedures, clearly defining those performed by the Bureau of the Public Debt Administrative Resource Center (BPD-ARC) and those performed by CFPB, and identifying the personnel responsible for executing these processes to ensure accountability.

    Agency Affected: Consumer Financial Protection Bureau

    Status: Open

    Comments: When we confirm the corrective actions taken by the agency, we will update status accordingly.

    Recommendation: The director of the CFPB should direct the Chief Financial Officer to augment CFPB's internal control review procedures to include (1) all components of CFPB controls (including controls over financial reporting services provided to CFPB), (2) all key laws and regulations governing CFPB's financial reporting functions, and (3) monitoring steps to ensure procedures are completed in time for management to consider in its required annual internal control assertion.

    Agency Affected: Consumer Financial Protection Bureau

    Status: Closed - Implemented

    Comments: CFPB implemented this recommendation and during fiscal year 2012, CFPB (1) assessed and tested the internal controls over high and medium-risk areas identified by CFPB's internal control team to include controls over financial reporting services provided to CFPB, (2) analyzed applicable laws and regulations which potentially impact CFPB's internal controls and financial reporting process, and (3) timely completed documentation to support management's annual assertions of internal control. As a result, CFPB has reduced the risk of relying on insufficient internal controls over financial reporting when concluding on the effectiveness of such controls.

    Recommendation: The director of the CFPB should direct the Chief Information Officer to establish an agency-wide information security program in accordance with FISMA guidance. Such a program should clearly delineate the roles and responsibilities of CFPB and its service providers in maintaining effective security over the systems and information CFPB relies on for its financial reporting. Specifically, this program should include provisions for periodic CFPB risk assessments; policies and procedures that include related security plans; periodic management testing and evaluation of all major systems; a remedial action process to address any deficiencies found during monitoring and testing; procedures for detecting, reporting, and responding to security incidents; security awareness training for agency employees, contractors, and other service providers; continuity of operations plans and procedures for information systems; and a process for evaluating the information system security of any and all service providers.

    Agency Affected: Consumer Financial Protection Bureau

    Status: Open

    Comments: When we confirm the corrective actions taken by the agency, we will update status accordingly.

    Recommendation: The director of the CFPB should direct the Chief Financial Officer to implement procedures to ensure that contracting officers verify that the date an obligation is recorded in the Procurement Request Information System Management (PRISM) system corresponds to the date that the contracting officer signed the official obligating document.

    Agency Affected: Consumer Financial Protection Bureau

    Status: Closed - Implemented

    Comments: In October 2012, CFPB updated its Policy for Internal Procurement Data Review to require the Office of Procurement to (1) review contract award dates against the posting dates recorded in the general ledger and (2) on a quarterly basis to randomly sample and compare the contract award date against the general ledger posting date to ensure obligations are recorded in a timely manner in the financial system. Furthermore, CFPB's accounting services provider updated its procedures to specifically state that awards and modifications that obligate funds must be approved in the procurement requisition management system on the day the award is signed. As a result, CFPB has reduced the risk of inaccurate undelivered orders balances in its financial statements.

    Recommendation: The director of the CFPB should direct the Chief Financial Officer to implement procedures to ensure that amendments to travel relocation obligations are recorded in the proper period as part of ensuring the accuracy of obligation balances.

    Agency Affected: Consumer Financial Protection Bureau

    Status: Open

    Comments: When we confirm the corrective actions taken by the agency, we will update status accordingly.

    Recommendation: The director of the CFPB should direct the Chief Financial Officer to strengthen payroll policies and procedures by including steps to follow to (1) test individual payroll transactions to ensure that transactions processed by the National Finance Center (NFC) are properly programmed and disbursed and (2) ensure that NFC promptly corrects any identified errors in payroll disbursements.

    Agency Affected: Consumer Financial Protection Bureau

    Status: Open

    Comments: When we confirm the corrective actions taken by the agency, we will update status accordingly.

    Recommendation: The director of the CFPB should direct the Chief Financial Officer to enhance CFPB's travel policies and procedures to expressly state that prior written approval be obtained for all reimbursed travel expenses.

    Agency Affected: Consumer Financial Protection Bureau

    Status: Closed - Implemented

    Comments: In May 2012, CFPB revised its Policy on Travel Cards and Temporary Duty Travel to require supervisors to approve all travel authorizations prior to the trip start date. The policy requires travelers to submit travel authorizations along with a signed Travel Authorization Form which details the expenses to be incurred on travel. Further, the revised travel policy and Travel Authorization Form were sent to all CFPB staff via e-mail and are also posted on CFPB's internal website. As a result, CFPB has reduced the risk of incurring inappropriate expenses.

    Recommendation: The director of the CFPB should direct the Chief Financial Officer to issue a memorandum to all staff on CFPB's policy on obtaining prior written approval for all reimbursed travel expenses.

    Agency Affected: Consumer Financial Protection Bureau

    Status: Closed - Implemented

    Comments: In May 2012, CFPB revised its Policy on Travel Cards and Temporary Duty Travel to require supervisors to approve all travel authorizations prior to the trip start date. The policy requires travelers to submit travel authorizations along with a signed Travel Authorization Form which details the expenses to be incurred on travel. Further, the revised travel policy and Travel Authorization Form were sent to all CFPB staff via e-mail and are also posted on CFPB's internal website. As a result, CFPB has reduced the risk of incurring inappropriate expenses.

    Recommendation: The director of the CFPB should direct the Chief Financial Officer to modify CFPB's existing procedures over the post-payment review process to require that CFPB conduct such reviews at least quarterly.

    Agency Affected: Consumer Financial Protection Bureau

    Status: Closed - Implemented

    Comments: In October 2012, CFPB developed its Policy and Procedures for Advances and Prepaid Expenses to require the Office of the Chief Financial Officer to (1) review obligations and expenditures over its $250,000 materiality threshold to ascertain that advances and prepayments are properly classified initially as assets and expensed as goods or services are received, and (2) at least quarterly notify CFPB's accounting services provider of material advances and prepayments that should be established as assets, and of the amounts and timing of expensing those assets. Furthermore, CFPB implemented a Review/Approval Checklist to document the procedures for identifying and reviewing obligations and expenditures over the materiality threshold to ensure advances and prepaid expenses are properly recorded. The Review/Approval Checklist requires the review of quarterly financial statements and supporting details to ensure that the financial statements accurately reflect the asset balances and expenses. As a result, CFPB has improved the reliability of net cost information and total assets reported on its financial statements.

    Recommendation: The director of the CFPB should direct the Chief Financial Officer to incorporate into CFPB's policies and procedures the requirement for its contracting officer technical representatives (COTRs) to indicate on the invoice approval form whether a transaction should be classified as a prepayment.

    Agency Affected: Consumer Financial Protection Bureau

    Status: Closed - Implemented

    Comments: In October 2012, CFPB developed its Policy and Procedures for Advances and Prepaid Expenses to require the Office of the Chief Financial Officer to (1) review obligations and expenditures over its $250,000 materiality threshold to ascertain that advances and prepayments are properly classified initially as assets and expensed as goods or services are received, and (2) at least quarterly notify CFPB's accounting services provider of material advances and prepayments that should be established as assets, and of the amounts and timing of expensing those assets. Furthermore, CFPB implemented a Review/Approval Checklist to document the procedures for identifying and reviewing obligations and expenditures over the materiality threshold to ensure advances and prepaid expenses are properly recorded. The Review/Approval Checklist requires the review of quarterly financial statements and supporting details to ensure that the financial statements accurately reflect the asset balances and expenses. As a result, CFPB has improved the reliability of net cost information and total assets reported on its financial statements.

    Jul 30, 2014

    Jul 9, 2014

    Jun 19, 2014

    May 30, 2014

    May 15, 2014

    May 13, 2014

    May 12, 2014

    May 2, 2014

    Mar 27, 2014

    Looking for more? Browse all our products here