Management Report:

Improvements Needed in SEC's Internal Controls and Accounting Procedures

GAO-13-274R: Published: Apr 4, 2013. Publicly Released: Apr 5, 2013.

Additional Materials:

Contact:

James R. Dalkin
(202) 512-3133
dalkinj@gao.gov

 

Gregory C. Wilshusen
(202) 512-6244
wilshuseng@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

GAO’s audit of U.S. Securities and Exchange Commission’s (SEC) fiscal years 2012 and 2011 financial statements identified two areas of deficiency in SEC’s internal control that GAO determined represented significant deficiencies. Specifically, as briefly discussed in GAO’s November 2012 audit report, the aggregation of both continuing and new deficiencies in SEC’s financial reporting controls over (1) budgetary resources and (2) property and equipment transactions each constituted significant deficiencies. These significant control deficiencies may adversely affect the accuracy and completeness of information used and reported by SEC’s management. GAO is making a total of nine new recommendations to address these significant internal control deficiencies.

In addition to the two significant deficiencies, GAO’s fiscal year 2012 financial audit identified other deficiencies in SEC’s internal control over financial reporting that while not considered material weaknesses or significant deficiencies, nonetheless warrant SEC management’s attention. GAO is making a total of nine recommendations to address these deficiencies in SEC’s controls over financial reporting related to

  • review and monitoring of disgorgement and penalty transactions,

  • supervisory review and monitoring procedures over manual journal entries,

  • the accounts payable accrual methodology, and

  • information security.

Further, GAO’s follow-up on the status of internal control recommendations made in GAO’s prior audits found that SEC took action to fully address 25 of GAO’s 47 prior years’ recommendations, as of the conclusion of our fiscal year 2012 audit.

Why GAO Did This Study

GAO’s November 15, 2012, report containing its audit of the SEC and its Investor Protection Fund’s (IPF) fiscal years 2012 and 2011 financial statements identified two significant deficiencies in SEC’s internal control over financial reporting on its budgetary resources and property and equipment.

The purpose of this report is to (1) present additional information regarding the significant deficiencies GAO identified in its November 2012 report, along with related new recommendations; (2) communicate other less significant control deficiencies GAO identified in SEC’s internal controls during its fiscal year 2012 audit along with its related recommended corrective actions; and (3) provide an overview of the status of GAO’s prior recommendations as of the end of its fiscal year 2012 audit.

What GAO Recommends

GAO is making a total of 18 new recommendations related to SEC’s internal control deficiencies.

For more information, contact James R. Dalkin at (202) 512-3133 or dalkinj@gao.gov, or Gregory C. Wilshusen at (202) 512-6244 or wilshuseng@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies in internal control over the financial reporting related to budgetary resources, the Chairman should direct the Chief Operating Officer (COO) and Chief Financial Officer (CFO) to finalize procedures requiring monitoring of SEC's service provider's accounting and reporting on budgetary resources to include required steps and documentation requirements for monthly review of the propriety and accuracy of downward adjustment transactions to identify and process any necessary adjusting entries.

    Agency Affected: United States Securities and Exchange Commission

  2. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies in internal control over the financial reporting related to budgetary resources, the Chairman should direct the Chief Operating Officer (COO) and Chief Financial Officer (CFO) to, as part of the annual risk assessment process, include required steps for assessing SEC's monitoring controls to identify, document, and record any downward adjustment transactions to SEC's prior year obligations in the general ledger.

    Agency Affected: United States Securities and Exchange Commission

  3. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiency in internal control over accounting and financial reporting for apportioned but unobligated balances, the Chairman should direct the COO and CFO to develop and implement control procedures to monthly reconcile the budget execution module (subsidiary ledger) to the related general ledger account balances for SEC's apportioned but unobligated balances.

    Agency Affected: United States Securities and Exchange Commission

  4. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies GAO identified in the recording of property and equipment transactions, the Chairman should direct the COO and CFO to develop and implement control procedures to review all property and equipment acquisition transactions to ensure that they are properly accounted for in the year-end financial statements.

    Agency Affected: United States Securities and Exchange Commission

  5. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies GAO identified in the recording of property and equipment transactions, the Chairman should direct the COO and CFO to augment current procedures to require considering whether the cumulative effect of all misstatements of property transactions identified in the current year would require revision to prior year or current year financial statements.

    Agency Affected: United States Securities and Exchange Commission

  6. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies GAO identified in the recording of property and equipment transactions, the Chairman should direct the COO and CFO to develop and implement control procedures to require the review of underlying invoices and obligation documents at the time of capitalization to ensure that recorded asset acquisition costs represent capitalizable costs.

    Agency Affected: United States Securities and Exchange Commission

  7. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies GAO identified in the monitoring of property and equipment transactions, the Chairman should direct the COO and CFO to augment SEC's service provider monitoring spreadsheet to include all property and equipment acquisition and disposal transactions from all SEC offices.

    Agency Affected: United States Securities and Exchange Commission

  8. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies GAO identified in the monitoring of property and equipment transactions, the Chairman should direct the COO and CFO to finalize procedures documenting the required steps to be followed for monitoring the service provider's calculation and recording of property and equipment, depreciation, and related transactions in the general ledger.

    Agency Affected: United States Securities and Exchange Commission

  9. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the deficiencies GAO identified in SEC's procedures for conducting its annual property and equipment physical inventory count, the Chairman should direct the COO and CFO to revise control procedures for conducting the annual physical inventory count of property and equipment to include specific steps required to (1) reconcile capitalized property and equipment to be counted with related general ledger balances, (2) reconcile division and office responses to the items listed in the property and equipment report used for the physical count, and (3) assess and appropriately reflect any financial statement impact of any issues identified during the physical count.

    Agency Affected: United States Securities and Exchange Commission

  10. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman should direct the COO and CFO to revise existing collection procedures to provide for segregating incompatible responsibilities, including prohibiting an individual from both processing and reviewing electronic collections transactions.

    Agency Affected: United States Securities and Exchange Commission

  11. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman should direct the COO and CFO to revise existing procedures for review of disbursements transactions to include specifically required steps for verification of individual disbursements processed by Treasury to ensure that these disbursements were made for the correct amounts and to the correct payees.

    Agency Affected: United States Securities and Exchange Commission

  12. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman should direct the COO and CFO to develop and implement control procedures to include specific steps for the review, classification, and disposition of collections in order to properly apply collections to an SEC accounts receivable or transfer collections to either another entity or to Treasury.

    Agency Affected: United States Securities and Exchange Commission

  13. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman should direct the COO and CFO to revise existing procedures for the monitoring of accounts receivable transactions recorded in the general ledger to specifically require review of all types of accounting entries that could affect the accounts receivable balance, including correcting entries.

    Agency Affected: United States Securities and Exchange Commission

  14. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman should direct the COO and CFO to establish a mechanism to ensure that existing supervisory review procedures over manual journal voucher adjustment entries (JV) transactions are followed to ensure that all manual JVs are properly prepared and accurately and timely recorded. These procedures could include sending periodic reminders to JV reviewers emphasizing existing procedures and the importance of adhering to them.

    Agency Affected: United States Securities and Exchange Commission

  15. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman should direct the COO and CFO to establish a mechanism to ensure that procedures for reviewing JV's processed by SEC's service provider are followed to ensure that all manual JVs are recorded in the general ledger in accordance with the JV forms approved by SEC management.

    Agency Affected: United States Securities and Exchange Commission

  16. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman should direct the COO and CFO to revise SEC's procedures for evaluating the ongoing reasonableness of its account payable accrual methodology to include steps to ensure that the results of reviews will be projectable to the population and any variances derived from its review, in aggregate, are acceptable for financial reporting purposes.

    Agency Affected: United States Securities and Exchange Commission

  17. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman should direct the COO and CFO to revise the accounts payable accrual methodology to specify required steps for properly considering obligation amounts for capitalized assets.

    Agency Affected: United States Securities and Exchange Commission

  18. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Chairman should direct the COO and Chief Information Officer to augment control procedures over SEC's information security to include specific steps for (1) configuring SEC's remote host and network infrastructure devices to require the use of strong passwords; (2) disabling access of all contractors and employees to SEC's networks or financial applications upon separation from SEC; (3) monitoring compliance with information security policies, such as by enabling audit and monitoring of software on servers that support financial applications; and (4) mitigating software vulnerabilities, for example, by requiring installation (or deployment) of high-risk patches, consistent with SEC policy.

    Agency Affected: United States Securities and Exchange Commission

 

Explore the full database of GAO's Open Recommendations »

Dec 12, 2014

Dec 9, 2014

Nov 17, 2014

Nov 12, 2014

Nov 10, 2014

Nov 7, 2014

Nov 6, 2014

Looking for more? Browse all our products here