This is the accessible text file for GAO report number GAO-07-255 entitled 'Federal Deposit Insurance Corporation: Human Capital and Risk Assessment Programs Appear Sound, but Evaluations of Their Effectiveness Should Be Improved' which was released on February 15, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Committees: United States Government Accountability Office: GAO: February 2007: Federal Deposit Insurance Corporation: Human Capital and Risk Assessment Programs Appear Sound, but Evaluations of Their Effectiveness Should Be Improved: FDIC Management Issues: GAO-07-255: GAO Highlights: Highlights of GAO-07-255, a report to congressional committees Why GAO Did This Study: The Federal Deposit Insurance Reform Conforming Amendments Act of 2005 requires GAO to report on the effectiveness of Federal Deposit Insurance Corporation’s (FDIC) organizational structure and internal controls. GAO reviewed (1) mechanisms the board of directors uses to oversee the agency, (2) FDIC’s human capital strategies and how its training initiatives are evaluated, and (3) FDIC’s process for monitoring and assessing risks to the banking industry and the deposit insurance fund, including its oversight and evaluation. To answer these objectives, GAO analyzed FDIC documents, reviewed recommended practices and GAO guidance, conducted interviews with FDIC officials and board members, and conducted site visits to FDIC regional and field offices in three states. What GAO Found: FDIC’s five-member board of directors is responsible for managing FDIC. Information and communication channels have been established to provide board members with information on the agency’s operations and to help them oversee the agency. The board also has four standing committees for key oversight functions. For example, the audit committee primarily oversees the agency’s implementation of FDIC Inspector General audit recommendations. Finally, because the board cannot oversee all day-to- day operations, the board delegates certain responsibilities to senior management. FDIC has procedures for issuing and revising its delegations of authority, which help ensure that the delegations are appropriate for its current structure and banking environment. FDIC has reviewed specific delegations on occasion at the request of a board member, management, and more recently in response to an Inspector General report’s recommendation. Management of human capital is critical at FDIC because the agency’s workload can shift dramatically depending on the financial condition of the banking industry. FDIC uses an integrated approach, where senior executives come together with division managers, to develop human capital initiatives, and the agency has undertaken activities to strengthen its human capital framework. FDIC created the Corporate Employee Program to develop new employees and provide training in multiple disciplines so they are better prepared to serve the needs of the agency, particularly when the banking environment changes. Some FDIC employees thought the program had merit, but they expressed concerns about whether certain aspects of the program could slow down the development of expertise in certain areas. FDIC, through its Corporate University, evaluates its training programs, and officials are developing a scorecard that includes certain output measures showing progress of key training initiatives towards its goals. Officials told us that they would like to have outcome measures showing the effectiveness of their key training initiatives but have faced challenges developing them. However, outcome measures could help address employee concerns and ensure that the Corporate Employee Program achieves the agency’s goals. FDIC has an extensive system for assessing and monitoring external risks. FDIC’s system includes supervision of individual financial institutions and analysis of trends affecting the health of financial institutions. FDIC has also developed contingency plans for handling the greatest dangers to the deposit insurance fund—particularly the failure(s) of large institutions. In addition to risk assessment, a key internal control is monitoring risk assessment activities on an ongoing basis. FDIC has evaluated several of its risk activities, but most of the evaluations we reviewed were not conducted regularly or comprehensively. For example, some simulations of its plans for handling large bank failures were either out of date or inconsistent with FDIC’s guidance. Developing policies and procedures and clearly defining how it will monitor and evaluate its risk activities could assist FDIC in addressing or preventing weaknesses in its evaluations. What GAO Recommends: GAO recommends that FDIC (1) develop outcome-based performance measures for key human capital initiatives and make available such performance results to all employees and (2) develop policies and procedures that define how it will systematically and comprehensively evaluate its risk assessment activities. FDIC generally agreed with the report and the recommendations, and has plans underway to improve evaluations of key training programs and risk assessment activities. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-255]. To view the full product, including the scope and methodology, click on the link above. For more information, contact Yvonne D. Jones at (202) 512-2717 or JonesY@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: Board Oversight Accomplished through Communication and Information Channels, Committees, and Delegations of Authority: FDIC's Integrated Approach to Addressing Human Capital Issues Has Produced Key Initiatives, but the Agency Has Not Developed Outcome- Based Performance Measures: FDIC Has an Extensive Risk Assessment System and Contingency Plans for Bank Failures, but It Has Not Comprehensively or Routinely Evaluated Them: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Objectives, Scope, and Methodology: Appendix II: Comments from the Federal Deposit Insurance Corporation: Appendix III: GAO Contact and Staff Acknowledgments: Figures: Figure 1: FDIC Organizational Chart: Figure 2: Number of FDIC Employees, 1991 - 2006: Figure 3: FDIC's Human Resources Committee Organizational Chart: Figure 4: FDIC's Human Capital Blueprint: Figure 5: FDIC's Risk Assessment and Monitoring Process: Abbreviations: CAMELS: Capital, Asset quality, Management, Earnings, Liquidity, and Sensitivity to market risk: CFO Act: Chief Financial Officers Act of 1990: CHCO: Chief Human Capital Officer: COSO: Committee of Sponsoring Organizations of the Treadway Commission: CPDF: Central Personnel Data File: CU: Corporate University: DIR: Division of Insurance and Research: DIT: Division of Information and Technology: DOA: Division of Administration: DOF: Division of Finance: DRR: Division of Resolutions and Receiverships: DSC: Division of Supervision and Consumer Protection: FDIA: Federal Deposit Insurance Act: FDIC: Federal Deposit Insurance Corporation: HRC: Human Resources Committee: MBA: Masters in Business Administration: MERIT: Maximum Efficiency, Risk-focused, Institution-Targeted examinations: NCUA: National Credit Union Administration: RTC: Resolution Trust Corporation: RAC: Risk Analysis Center: Reform Act: Federal Deposit Insurance Reform Act of 2005: SCOR: Statistical CAMELS Off-site Rating system: United States Government Accountability Office: Washington, DC 20548: February 15, 2007: The Honorable Christopher J. Dodd: Chairman: The Honorable Richard C. Shelby: Ranking Member: Committee on Banking, Housing, and Urban Affairs: United States Senate: The Honorable Barney Frank: Chairman: The Honorable Spencer Bachus: Ranking Member: Committee on Financial Services: House of Representatives: In recent years, the U.S. banking industry has become more complex, both through an increased diversity and sophistication of products and activities as well as through growth in globalization of operations. At the same time, industry consolidation has sharply reduced the number of institutions and concentrated assets in a small number of large financial institutions. Among commercial banks for example, as of September 2006, just 1.2 percent of some 7,450 institutions now hold 76.4 percent of all assets; similarly, 3.9 percent of all thrifts hold 75.7 percent of all assets. This concentration of assets means an increased probability that a single large bank or thrift failure could potentially overwhelm the deposit insurance fund. Against this backdrop, Congress recently granted the Federal Deposit Insurance Corporation (FDIC)--the guarantor of over $4 trillion in deposits in the nation's banks and thrift institutions--broad new powers for managing its insurance fund. In February 2006, the President signed the Federal Deposit Insurance Reform Act of 2005 (Reform Act),[Footnote 1] which amended the Federal Deposit Insurance Act (FDIA),[Footnote 2] to expand FDIC's authority to price its insurance according to the risk a particular institution presents to the fund. Today FDIC has a much smaller workforce than it did when it handled the banking crisis of the late 1980s and early 1990s. As of June 2006, FDIC has reduced its workforce by about 80 percent since 1991. However, FDIC has adopted and is implementing strategies to reduce the impact of a smaller workforce. Further, the banking industry has been remarkably healthy, recording strong earnings and not experiencing a single failure between June 2004 and January 2007. However, FDIC must be prepared to respond to future situations in which the banking environment may be more volatile and uncertain. This report responds to the mandate included in the Federal Deposit Insurance Reform Conforming Amendments Act of 2005 requiring the Comptroller General to report on the effectiveness of FDIC's organizational structure and internal controls.[Footnote 3] Specifically, this report examines: (1) mechanisms used by the FDIC board of directors to oversee and manage the agency; (2) FDIC's human capital strategies and how training and development programs are evaluated; and (3) FDIC's process for monitoring and assessing risks to the industry and the deposit insurance fund and how that process is overseen and evaluated. To respond to these objectives, we analyzed agency data and documents, and identified and reviewed recommended practices on board management and oversight, human capital and workforce planning, risk management, and internal controls through a review of management literature and our guidance.[Footnote 4] We also interviewed members of FDIC's Human Resources Committee, senior managers in FDIC's three main business lines--the Divisions of Insurance and Research, Resolutions and Receiverships, and Supervision and Consumer Protection, and senior staff in other FDIC divisions, such as Corporate University and the Division of Finance. We also met with senior agency executives--such as the Chief Operating Officer, Chief Financial Officer, and Acting General Counsel--to obtain their views on board oversight, human capital, and risk management issues. To obtain more information on how FDIC's board manages and oversees the agency, we conducted interviews with members of FDIC's current board of directors, their deputies, and the board's Audit Committee members using the same set of questions with all interview participants. To obtain independent views from board members, we met with each board member separately; each board member's deputies or other senior staff also participated in the interviews. We also interviewed academicians and industry observers to obtain their views on management practices at organizations overseen by boards of directors. In addition, we conducted site visits at FDIC regional and field offices in three states (California, Georgia, and Texas) to obtain more in-depth information on the FDIC board of directors' management and oversight responsibilities; issues related to human capital, workforce planning, and training and development; FDIC's methods for identifying, assessing, and monitoring risk; and FDIC's methods of evaluating its progress toward meeting agency goals. At these locations, we conducted interviews with division managers, division staff, case managers, and financial institution examiners using the same set of questions for each interview session. We met with field office employee groups separately from regional office managers. We conducted our work in the previously mentioned three states and Washington, D.C., from May 2006 through January 2007 in accordance with generally accepted government auditing standards. Appendix I provides a detailed description of our objectives, scope, and methodology. Results in Brief: FDIC's board of directors uses its diverse perspectives, communication with FDIC management, standing committees, and documented delegations of authority to assist the board in making informed decisions and managing the agency. The composition of FDIC's board of directors reflects a range of knowledge and perspectives that contribute to discussions and decisions regarding important agency matters. Also, FDIC board members told us that ongoing communication with their deputies and senior managers within FDIC helps them stay abreast of pertinent issues and helps ensure that the board has timely and useful information to aid in its decision making. Although board members agreed that the board functions best when it has a full complement of members, FDIC officials said that occasional board vacancies did not affect the board's ability to make decisions and did not negatively affect the agency's operations. FDIC's board of directors has also established four standing committees to conduct various oversight functions that assist it in managing the agency. For example, one of the standing committees, the audit committee, reviews certain audit reports and ensures that any recommendations are appropriately implemented. Although management of FDIC rests with its board of directors, the board delegates authority to FDIC divisions or officers for certain decisions so that it can focus on policy issues and not be overwhelmed with daily operational issues. FDIC has procedures for issuing and revising delegations of authority and has reviewed specific delegations on various occasions, for example, to clarify language or upon request by a board member. These formal procedures for issuing and revising delegations and FDIC's various reviews of its delegations of authority help ensure that delegations remain appropriate for the agency and the banking environment. FDIC has taken steps to institutionalize elements of its human capital framework and uses an integrated approach to develop its human capital strategies, but the agency could improve how it measures the effectiveness of significant initiatives, such as developing new employees. Interdivisional representation--whereby senior executives from major FDIC divisions and managers and staff from support divisions collaborate on human capital issues--is a key component of FDIC's human capital framework and has resulted in the development of key human capital initiatives, such as certifications to enhance employees' expertise in certain areas, to address its human capital goals. FDIC also developed the Corporate Employee Program to cross train new employees in multiple divisions, so they can be reassigned to other divisions in the event of an unexpected change in workload priorities. FDIC staff in the regional and field offices we visited said the program was a good idea, but they had concerns that the cross-training aspects would further delay the ability of new employees to contribute to mission critical functions. FDIC headquarters officials stated that the program is new, but they nonetheless believe the Corporate Employee Program helps prepare a more capable workforce. Differences of opinion between management and employees on the benefits of a new initiative are likely to occur when agencies undergo significant change, which underscores the importance of measuring and communicating the benefits of new initiatives to employees at all levels. Our work on human capital strategic planning states that human capital practices should be assessed by how well they help the agency pursue its mission and goals. FDIC's Corporate University conducts evaluations of FDIC's training and development programs and is implementing a "scorecard" that will measure its progress toward meeting the agency's overall human capital-related goals. While the scorecard currently includes an output performance measure for the Corporate Employee Program, FDIC officials said they were hoping to develop outcome-based performance measures for the Corporate University scorecard and in particular for key human capital initiatives, but they had not yet done so. FDIC has an extensive system for assessing external risk, and it has developed contingency plans for handling the greatest dangers to the deposit insurance fund, but our review of how FDIC evaluates and monitors its risk assessment activities identified some weaknesses. To assess and monitor risk, FDIC takes a two-fold approach--supervision of individual institutions, coupled with research and analysis of trends and developments affecting the health of banks and thrifts generally. Looking toward any future downturn, FDIC has drawn both broad plans and specific strategies for handling a significant increase in troubled or failed institutions. The heart of these efforts is a three-part strategy relying on: rotating cross-trained employees into priority duties as necessary, recalling FDIC retirees for temporary duty, and hiring contractors to handle overflow work. A well-designed and implemented risk management process should include continuous monitoring and evaluation that is woven into ongoing operations. While FDIC has evaluated some of its risk assessment plans and programs, most of the evaluations we reviewed were not done routinely or comprehensively. For example, some of the simulations of bank failures were either out of date or did not follow FDIC's guidance on planning for bank failures. Furthermore, a good internal control environment requires that the agency's organizational structure clearly define key areas of authority and responsibility. Our review of FDIC's risk management framework found that it does not clearly define how it will oversee evaluation and monitoring of its risk activities. Clearly defining how it will monitor and evaluate its risk activities could assist FDIC in addressing or preventing weaknesses in its evaluations. This report includes two recommendations related to human capital and risk management for the Chairman of FDIC's board of directors. To ensure that FDIC can measure the contribution that its human capital initiatives make toward achieving agency goals, we recommend that FDIC take steps to identify meaningful, outcome-based performance measures to include in the development of its scorecard and communicate available performance results to all FDIC employees. At a minimum, identifying outcome-based performance measures will ensure that FDIC can begin collecting appropriate information that will help in determining whether key training and development programs, such as the Corporate Employee Program, assist the agency to achieve its mission and goals. To strengthen the oversight of its risk management framework, we also recommend that FDIC develop policies and procedures that clearly define how it will systematically evaluate and monitor its risk assessment activities and ensure that required evaluations are conducted in a comprehensive and routine fashion. We provided a draft of this report to FDIC for review and comment. In a letter reprinted in appendix II, FDIC agreed with our recommendations. FDIC specifically recognized the importance of developing outcome-based performance measures to determine the effectiveness of its key training and development programs and stated that it planned to conduct evaluations of certain training and development initiatives, including the Corporate Employee Program, that will include outcome-based measures. FDIC also recognized the benefits of reviewing its risk assessment activities to ensure they are comprehensive, appropriate, and fully evaluated and stated that it has assembled a committee to perform an in-depth review of its current risk assessment activities and evaluation procedures. The committee will make recommendations for strengthening the agency's risk assessment framework, and FDIC executive management will establish a plan for implementing the committee's recommendations. FDIC also provided technical comments that we incorporated as appropriate. Background: FDIC's Mission and Structure: FDIC was created in 1933 in response to the thousands of bank failures that occurred in the 1920s and early 1930s. FDIC's mission is to maintain the stability and public confidence in the U.S. financial system by insuring depositor accounts in banks and thrifts, examining and supervising financial institutions, and managing receiverships.[Footnote 5] Currently, FDIC insures individual accounts at insured institutions for up to $100,000 per depositor and up to $250,000 for certain retirement accounts.[Footnote 6] FDIC says that since the start of its insurance coverage in January 1934, depositors have not lost any insured funds to a bank failure. Today, FDIC's obligations are considerable--as of September 2006, 8,743 insured U.S. institutions held $6.47 trillion in domestic deposits, of which an estimated 63.2 percent, or $4.09 trillion, were insured. To protect depositors, FDIC held insurance reserves of $50 billion, as of September 2006. FDIC directly supervises about 5,237 banks and thrifts, more than half of the institutions in a banking system jointly overseen by four federal regulators.[Footnote 7] By assets, however, FDIC-supervised institutions account for only 18.1 percent of the industry. Banks and thrifts can receive charters from the states or from the federal government; state-chartered banks may elect to join the Federal Reserve System. FDIC's role as the primary federal regulator is for banks chartered by the states that are not members of the Federal Reserve System. In addition, FDIC is the back-up supervisor for insured banks and thrift institutions that are either state-chartered institutions or are under the direct supervision of one of the other federal banking regulators. FDIC receives no congressional appropriations; it receives funds from premiums that banks and thrift institutions pay for deposit insurance coverage and from earnings on investments in U.S. Treasury securities. FDIC's five board members (known as directors) manage the agency. FDIC's chairman manages and directs the daily executive and administrative operations of the agency. The chairman also has the general powers and duties that the chief executive officer for a private corporation usually has, even though FDIC is a federal government agency. Executive and senior FDIC staff report to the chairman directly or indirectly through the Deputy to the Chairman and Chief Operating Officer, or the Deputy to the Chairman and Chief Financial Officer; no other board director has similar authority or responsibility within the agency. The President appoints three of the members, two of whom he designates as the board's chairman and vice chairman. The other two members, the Comptroller of the Currency and the Director of the Office of Thrift Supervision, serve as ex-officio board members.[Footnote 8] The three members directly appointed to FDIC's board are often referred to as inside board directors, while the other two are referred to as outside board directors. FDIC operates principally through three divisions: * the Division of Supervision and Consumer Protection, which supervises insured institutions and is responsible for promoting compliance with consumer protection, fair lending, community reinvestment, civil rights, and other laws; * the Division of Insurance and Research, which assesses risks to the insurance fund, manages FDIC's risk-related premium system, conducts banking research, publishes banking data and statistics, analyzes policy alternatives, and advises the board of directors and others in the agency; and: * the Division of Resolutions and Receiverships, which handles closure and liquidation of failed institutions. Other divisions include the Division of Administration, the Division of Finance, the Legal Division, and the Division of Information Technology (see fig. 1). FDIC currently employs about 4,500 people throughout 6 regional offices, 2 area offices, and 85 field offices that are geographically dispersed, with centralized operations in Washington, D.C. Figure 1: FDIC Organizational Chart: [See PDF for image] Source: FDIC. Note: This figure is intended to be a simplified version of FDIC's organizational chart. Some offices and positions are intentionally excluded. [End of figure] Changes in the Size of FDIC's Workforce: Following the resolution of the banking crisis of the 1980s and early 1990s, FDIC significantly reduced its workforce--down by about 80 percent, from a peak of about 23,000 employees in 1991 to about 4,500 employees as of June 2006.[Footnote 9] This trend is illustrated in figure 2. A significant portion of the reductions were staff in FDIC absorbed from the former Resolution Trust Corporation (RTC).[Footnote 10] Figure 2: Number of FDIC Employees, 1991 - 2006: [See PDF for image] Source: FDIC. [End of figure] FDIC's downsizing generally reduced jobs across the agency, and some occupational categories experienced sizeable reductions in staff. For example, the attorney workforce decreased by 83 percent, from 1,452 attorneys in 1992 to 249 attorneys in 2005. The composition of FDIC's examination staff also experienced significant change. Although there was a 35 percent decrease in the number of examiners (from 3,305 in 1992 to 2,157 in 2005), the percentage of FDIC's workforce devoted to examinations increased, from 15 percent in 1992 to 47 percent for 2005. Like other federal banking regulators, FDIC is generally required to conduct full-scope, on-site examinations of institutions it directly supervises at least annually, although it can extend the interval to 18 months for certain small institutions.[Footnote 11] FDIC's downsizing activities also resulted in a loss of institutional knowledge and expertise, and FDIC will have to replace a significant percentage of its current, highly experienced executive and management staff due to projected retirements over the next 5 years. An estimated 8 to 16 percent of FDIC's remaining permanent workforce is projected to retire over the next 5 years. In some FDIC divisions, projected retirements are almost double these percentages. Board Oversight Accomplished through Communication and Information Channels, Committees, and Delegations of Authority: FDIC's board of directors has a mix of knowledge and skills that contribute diverse perspectives in the board's decision making, and the board relies on communication with deputies and senior management within FDIC to provide timely and useful information for effective and informed decision making. The board has also established standing committees to conduct certain oversight functions, such as monitoring the implementation of audit report recommendations, to help manage the agency. Further, FDIC's board of directors has the ability to broadly delegate its authority to allow the agency to operate efficiently.[Footnote 12] These delegations are extensive and have been reviewed periodically to ensure they are appropriate for FDIC's current size and structure, and the current banking environment. A Variety of Perspectives and Interaction with FDIC Management Helps Board of Directors Make Informed Decisions: The literature we reviewed on best practices for boards of directors states that the composition of the board should be tailored to meet the needs of the organization, but there should also be a mix of knowledge and skills.[Footnote 13] FDIC's board of directors reflects a mix of knowledge, perspectives, and political affiliations; for example, FDIC's board includes the directors of the Office of the Comptroller of the Currency and Office of Thrift Supervision as well as a director with experience in state bank supervision. Further, after February 28, 1993, no more than three of the members of the board of directors could be members of the same political party. According to FDIC board members, each director provides a different perspective that contributes to board diversity. Additionally, officials told us that the presence of the outside directors on the board helps to represent the views of their respective agencies during joint rule making. Senior FDIC officials and board directors agreed that the board functions best with a full complement of directors. Vacancies on the board could result in the board not benefiting from the perspectives of a full complement of directors. Board members told us that without a full complement, there would be fewer ideas and opinions during board deliberations. For example, one board member stated that the possible absence of a member with state bank supervisory experience might affect discussions on state banks. However, FDIC board members told us that board vacancies would not negatively affect the daily operation of the agency. According to our standards for internal control, effective communications should occur in a broad sense with information flowing down, across, and up the organization.[Footnote 14] The literature we reviewed related to best practices for boards of directors suggests that boards need quality and timely information to help them obtain a thorough understanding of important issues. The literature states that board members should receive information through formal channels, such as management reports and committee meetings, and informal channels, such as phone or e-mail discussions.[Footnote 15] FDIC directors told us that board members are fully aware of and familiar with operations at the agency, frequently communicating and interacting with senior management and staff on a broad range of issues. For example, board directors told us they have regular meetings with various division managers to discuss agency issues. We also observed a November 2006 board meeting, where it appeared from the board members' few questions and supportive comments to the FDIC staff that the board members were informed of the staff's recommendations. Directors explained that there is a free flow of information between directors and FDIC senior management and staff as well as between directors and the board chairman. Each director also has a deputy who assists him or her in carrying out his or her duties and responsibilities. With the assistance of their deputies, outside (ex- officio) directors are able to remain engaged in pertinent issues at FDIC. The deputies also assist directors in examining diverse policy issues of concern to the agency, either initiated by the director, or at the request of the chairperson. Also, FDIC management provides the bulk of information that directors receive to make decisions. For example, FDIC management provides briefings to board directors on various issues as well as detailed briefing books in advance of FDIC board meetings so that directors may ask questions or request more information to prepare to provide input and make decisions at board meetings. In one May 2006 board meeting, we observed FDIC staff making brief presentations to the board highlighting various trends and factors that they considered in developing recommended action or inaction for several agenda items. We also reviewed board meeting agendas that outlined substantive issues considered by the board of directors. In one example, the Director of the Division of Supervision and Consumer Protection provided a detailed written overview of a notice of proposed rule making informing board members weeks before the official board meeting. Further, directors told us that informal communication with their deputies, other board members, and senior management occurs through phone conversations, e-mail discussions, and impromptu meetings. Standing Committees Conduct Certain Oversight Functions to Assist the Board in Managing FDIC: FDIC's board of directors established standing committees to conduct certain oversight functions that assist it in managing the agency. The board provides authority to these committees to act on certain matters or to make recommendations to the board of directors on various matters presented to it. Currently, the board has four standing committees: (1) Case Review Committee, (2) Supervision Appeals Review Committee, (3) Assessment Appeals Committee, and (4) Audit Committee. Each committee is governed by formal rules that cover areas such as membership, functions and duties, and other process and reporting requirements such as frequency and scope of committee meetings and, in some cases, submission of activity reports to the board. The Case Review Committee is comprised of six members who adopt guidelines for taking enforcement actions against individuals, for example, to remove an individual from participating in the affairs of an insured depository institution. Under authority granted to it by the board of directors, this committee also reviews and approves the initiation of certain enforcement actions upon determination by a designated representative of the Division of Supervision and Consumer Protection or upon request by the chair of the committee. The Supervision Appeals Review Committee, comprised of four members, considers and decides appeals of material supervisory determination made by FDIC -supervised institutions; for example, an institution may appeal a rating in its report of examination. The Assessment Appeals Committee is a six-member committee that considers and decides appeals regarding assessments to insured depository institutions. As an appellate entity, the committee is responsible for making final determinations pursuant to regulations regarding the assessment risk classification and the assessment payment calculation of insured depository institutions. Last, the Audit Committee is comprised of three members who are charged with reviewing reports of completed audits and requesting necessary follow-up on the audit recommendations. The committee also oversees the agency's financial reporting and internal controls, including reviewing and approving plans for compliance with the audit and financial reporting provisions applicable to government corporations,[Footnote 16] assessing the sufficiency of FDIC's internal control structure, and ensuring compliance with applicable laws, regulations, and internal and external audit recommendations, all for the purpose of rendering advice to the chairman of the board of directors. The literature we reviewed on recommended practices for boards of directors of publicly traded corporations states that audit committees play a critical role in the board oversight process.[Footnote 17] In most publicly traded corporations, the primary role of an audit committee of its board of directors is oversight of the preparation and filing of financial statements with the appropriate regulators and exchanges.[Footnote 18] However FDIC's board directors and officials told us that FDIC's Audit Committee does not serve the same function as an audit committee of a private sector corporation. FDIC's Audit Committee is an advisory body that, in practice, conducts a more limited scope of duties than what is authorized in its formal rules. Further, as stated above, FDIC is subject to certain audit and financial reporting provisions.[Footnote 19] FDIC's board has established the position of chief financial officer as FDIC's chief financial, accounting and budget officer. Although FDIC is not subject to title II of the Chief Financial Officers Act of 1990 (CFO Act), which requires 24 executive agencies to appoint chief financial officers, FDIC's chief financial officer's duties include implementing programs consistent with the CFO Act.[Footnote 20] Thus, FDIC's Audit Committee's responsibilities do not include oversight of the preparation and filing of financial statements and other activities generally conducted by private sector audit committees. Instead, FDIC's Audit Committee's primary responsibility is ensuring that the recommendations of FDIC's Inspector General are appropriately implemented.[Footnote 21] Also, section 301 of the Sarbanes Oxley Act requires audit committees of publicly traded corporations to be composed entirely of independent members.[Footnote 22] Although FDIC is not bound by these requirements, according to FDIC officials, Audit Committee members are considered independent of FDIC management because they do not have direct responsibility over any FDIC division or office. However, in one instance, FDIC revised the composition of the Audit Committee because there was a perception of impairment to independence. FDIC's Chief Financial Officer was a member of the Audit Committee because this official was also a deputy to the chairman and therefore eligible for the senior employee position on the Audit Committee. However, FDIC thought it was inappropriate to have the Chief Financial Officer serve on the Audit Committee because certain Audit Committee functions-- reviewing materials related to FDIC's finances, for example--may have had the potential to conflict with the professional interests of the Chief Financial Officer. FDIC officials stated that interactions between FDIC's Inspector General and the Audit Committee also help mitigate concerns about impairments to independence and conflicts of interest.[Footnote 23] For example, officials from FDIC's Office of the Inspector General can attend Audit Committee meetings. Audit Committee members noted that they valued the insights provided by officials from the Office of the Inspector General because they have an opportunity to weigh in on instances where the Audit Committee may not be able to sufficiently distance itself in order to provide objective oversight. Formal Procedures and Periodic Reviews Help Ensure Appropriate Delegations of Authority: FDIC's board of directors delegates much of the agency's operational responsibilities to various committees and offices within FDIC. These delegations allow the board to concentrate on policy matters as opposed to daily agency operations. FDIC's current delegations of authority were influenced by prior events that necessitated broad delegations. According to an FDIC official, very few activities were initially delegated to FDIC staff. However, during the banking crisis of the 1980s and early 1990s when FDIC resolved many institutions, there were significant transfers of authority from the board to divisional personnel. During that period, FDIC had over 20,000 employees and the need for sweeping delegations was appropriate for the size of the agency and the industry's conditions. The board was overwhelmed with making decisions stemming from the agency's increased workload and decided to delegate many routine matters to FDIC staff. However, there are some activities that the board cannot delegate. For example, only the board can decide to deny an application for deposit insurance, terminate deposit insurance, or take enforcement actions using the board's backup authority. According to our Standards for Internal Control in the Federal Government, conscientious management and effective internal controls are affected by the way in which the agency delegates authority and responsibility throughout the organization.[Footnote 24] An agency's delegations should cover authority and responsibility for operating activities, reporting relationships, and authorization protocols. Once the board has a full understanding of an issue, it may allow others to make decisions concerning that issue through delegations. FDIC officials explained that delegations of authority are documented, and there are associated reporting requirements. Further, FDIC has procedures for issuing, reviewing, and amending delegations of authority within FDIC divisions and offices. Once delegations of authority have been issued by the board, officials who are recipients of those delegations are to observe an FDIC directive in properly redelegating their authority.[Footnote 25] The February 2004 directive to all FDIC divisions and offices formalizes policies and procedures for issuing delegations of authority throughout the agency and applies to all delegations issued by the board as well as redelegations and subdelegations to FDIC managers, supervisors, and other staff. According to the directive, the headquarters division or office issuing a delegation of authority is to prepare its delegations, including any revisions, in coordination with FDIC's Legal Division and submit the delegations to FDIC's executive secretary. Further, according to the directive, the divisions are to review delegations at least once a year for accuracy. After each review, the Executive Secretary Section of FDIC's Legal Division is to review submitted delegations for completeness and compile any revisions to the delegations. The Executive Secretary Section should also track board and other FDIC management activity, for example corporate reorganizations and title changes, to ensure that the delegations of authority fully reflect these changes. We reviewed FDIC documents that track delegations of authority related to the processing of financial institution applications, for example, applications to engage in real estate investment activities. The document indicates changes in or clarifications of delegations of authority from existing delegation guidance. Furthermore, the Executive Secretary Section is to regularly monitor, issue periodic notices, and follow up, if necessary, with senior-level officials to ensure that all divisions and offices comply with established procedures and deadlines for FDIC headquarters delegations of authority. FDIC officials told us that the annual reviews required by the directive are undertaken to assess the technical conformity and consistency of delegations. Although the directive only requires an annual review, FDIC officials stated that in practice, the Executive Secretary Section works with FDIC's divisions and offices on a continuous basis to ensure delegations are complete, consistent, and comply with standard procedures. The officials added that divisions appreciate having a standard format for issuing and documenting delegations. In addition to the periodic reviews required by the directive, FDIC has broadly reviewed its delegations of authority on other occasions. One broad review of its delegations occurred during 1995 to 1997, after the banking crisis and the merger with the Resolution Trust Corporation, which resulted in a significant reduction in staff. A corporate delegation task force was assembled to review existing delegations, comment on them, and make recommendations on how they could be improved. The scope of the review was intended to encompass all aspects of FDIC's delegations, from those governing internal management and administration to those governing how FDIC accomplished its mission. An FDIC official noted that it was vital that the agency have logical, well-reasoned delegations of authority and that they be kept current, which underlined the basis of the task force's work. FDIC's Office of the Executive Secretary (currently the Executive Secretary Section) coordinated the review of delegations by the board of directors and the development of recommendations for changes that would reduce processing time, empower employees, and promote accountability. FDIC also completed a broad review of its delegations in 2002. At the time, FDIC rescinded a series of delegations that were previously codified in the Code of Federal Regulations in favor of adopting a board resolution that contained a master set of delegations. This format made modifying the delegations more efficient. During the consolidation process, FDIC made several changes to certain delegations, for example, delegations related to FDIC's receivership activities were amended to streamline the process for approving receivership-related actions. There were also occasions that necessitated the reexamination of specific delegations. According to a senior FDIC official, any board member has the right to request a review of any delegated authority. The officials stated that it is not uncommon for a newly appointed chairman to review existing delegations of authority to ensure they are aligned with his or her vision and management style. In one recent instance, delegations related to the processing of industrial loan corporation applications were rescinded and a 6 month moratorium implemented to allow the agency, upon the request of the current chairman, the opportunity to examine developments related to these specialized institutions.[Footnote 26] Further, the official stated that FDIC divisions and offices can request a review of their delegations of authority. As noted earlier, technical changes to the delegations covered by the directive, such as position titles and division names, are typically handled between the Executive Secretary Section and the divisions. However, officials explained that the board would be informed of more substantive issues that would require a board vote. In most instances, the request for a review is related to a delegation that is outdated or needs clarification. The board reviews the request and any relevant information and votes to amend or rescind delegations. Although FDIC has a process for making substantive changes to delegations, instances may arise that prompt the need for specific reviews of delegations that are perceived as vague or ambiguous. For example, a 2006 FDIC Inspector General's report found a lack of clarity as to whether the board could delegate the calculation of the reserve ratio to FDIC officials.[Footnote 27] According to the report, the nature, timing, and application of a new method for estimating certain insured deposits could have had a significant impact on the deposit insurance fund's reserve ratios. The report concluded that the delegations to the Director of the Division of Insurance and Research established an expectation that the Director should communicate and advise the board on financial matters of importance to the agency and the banking industry. However, the report found that communication between the FDIC board and deputies on the issue of estimated insurance deposit allocations was limited, and FDIC staff should have more fully involved the board in the decision of whether and how to apply a new method for estimating certain insured deposits. The report recommended a review of the agency's existing bylaws, specifically, the powers and duties delegated to the Chief Financial Officer and to the Directors of the Division of Finance and the Division of Insurance and Research, to ensure that those delegations reflect the board's intent and expectation for the deposit insurance fund reserve ratio and assessment determination process. The report recommended that FDIC review its delegations related to the assessment determination process to determine whether the delegations needed to be clarified or modified. In response to the Inspector General's recommendations, FDIC is currently reviewing specific delegations of authority. As of December 2006, a senior FDIC official was in the process of preparing a proposal to present to the Audit Committee outlining the details of the review. FDIC's Integrated Approach to Addressing Human Capital Issues Has Produced Key Initiatives, but the Agency Has Not Developed Outcome- Based Performance Measures: FDIC has strengthened its human capital framework and uses an integrated approach to align its human capital strategies with its mission and goals. For example, interdivisional decision making, where senior executives come together with division managers and staff from mission support divisions, is a key component of FDIC's human capital strategy for ensuring functional alignment of its mission critical work. Using this integrated approach, FDIC created the Corporate Employee Program to provide a flexible workforce and to train new employees in multiple FDIC divisions. However, the program's effects on mission critical functions are unknown and contributions to specific job tasks may take a number of years to realize. FDIC's Corporate University, the agency's training and development division, evaluates all of its training programs--including the Corporate Employee Program- -and is currently implementing a scorecard to measure its progress toward meeting its human capital goals. The scorecard currently includes an output performance measure for the Corporate Employee Program; however, FDIC has not developed outcome-based performance measures that will assist it in determining whether its key training and development programs are effective. Without such measures, FDIC will not be able to determine how effective its training and development initiatives are in assisting the agency to achieve its mission and human capital goals. FDIC Has Taken a Number of Actions to Strengthen Its Human Capital Framework and Align Its Human Capital Strategies with Its Mission and Goals: Effective management of human capital, where the workload can shift dramatically depending on conditions in the economy and the banking industry, is critical at FDIC. Therefore, FDIC has taken a number of steps to strengthen and institutionalize certain elements of its human capital framework. FDIC established a Human Resources Committee to help the agency integrate human capital approaches into its overall mission planning efforts. It also established the Corporate University, an employee training and development division that aligns agency needs with learning and development. Finally, in response to an FDIC Inspector General report, the agency developed a human capital blueprint that describes the key elements of its human capital framework. Human Resources Committee: FDIC established its Human Resources Committee in 2001 to integrate strategic human capital management into the agency's planning and decision making processes. The committee, consisting of members from several divisions across the agency, focuses on developing and evaluating human capital strategies with agencywide impact. The committee also coordinates FDIC's human capital planning process. In June 2004, FDIC approved a formal charter for the committee to ensure that future leaders and stakeholders continue the committee's work. The committee's charter describes its purpose, functions, responsibilities, and composition. FDIC's Chief Human Capital Officer serves as chair of the Human Resources Committee. FDIC appointed the Chief Human Capital Officer (CHCO) to align the agency's human capital policies and programs to the agency's mission, goals, and outcomes. Because FDIC's Human Resources Committee brings together executives in the major divisions and personnel in support divisions, it is able to develop approaches for accomplishing the agency's mission and goals. Our prior work on strategic human capital planning has shown that effective organizations integrate human capital approaches into their efforts for accomplishing their missions and goals. Such integration allows an agency to ensure that its core processes efficiently and effectively support its mission.[Footnote 28] In April 2003, we reported that establishing entities, such as human capital councils like FDIC's Human Resources Committee, was a key action agencies could take to integrate human capital approaches with strategies for achieving their missions.[Footnote 29] Comprised of senior agency officials, including both program leaders and human capital leaders, these human capital councils meet regularly to review the progress of their agency's integration efforts and to make certain that the human capital strategies are visible, viable, and remain relevant. Additionally, the groups help the agencies monitor whether differences in human capital approaches throughout the agencies are well considered, effectively contribute to outcomes, and are equitable in their implementation. In this regard, FDIC's Human Resources Committee (HRC) brings together the support functions of FDIC's Division of Administration (DOA), Division of Finance (DOF), Legal Division, Division of Information and Technology (DIT), and Corporate University (CU) with executives from the major line divisions--Division of Supervision and Consumer Protection (DSC), Division of Insurance and Research (DIR), and Division of Resolutions and Receiverships (DRR). See figure 3. Figure 3: FDIC's Human Resources Committee Organizational Chart: [See PDF for image] Source: OIG and FDIC. [End of figure] The committee members stated that having representatives from various divisions within the agency allows them to integrate all views into the decision-making process. The committee meets weekly, typically for 2 or 3 hours and works to facilitate communication and consensus throughout FDIC on human capital issues. The committee also advises senior leadership on significant human resources issues. Human Resources Committee members told us that they review policy recommendations and share information with their respective division directors. Further, committee members stated that division managers are able to bring the concerns of their subordinate staff to the committee, and managers are able to notify their subordinate staff of human capital initiatives that may address their concerns. For example, staff members are able to communicate training needs to the Human Resources Committee through their division managers. The division representatives on the Human Resources Committee are able to communicate information to the managers about future training programs that would meet staff needs. According to committee members, this helps facilitate the flow of information to and from division managers and subordinate staff. Corporate University: Another step FDIC took to strengthen its human capital framework was establishing its Corporate University in 2003. Corporate University supports the agency's mission and goals by training and developing FDIC employees. Corporate University provides training and development opportunities for FDIC executives, managers, supervisors, and employees in order to help them enhance their job performance. Before establishing Corporate University, FDIC focused and confined training within divisions; the agency gave relatively little attention to building a corporate culture or making employees aware of activities outside their own divisions. However, since establishing Corporate University, FDIC's efforts have been lauded for reflecting best practices in aligning training functions with the agency's mission and goals. In 2005, FDIC's Corporate University received an excellence award from the Corporate University XChange for its organizational structure and alignment within the agency.[Footnote 30] The Corporate University XChange cited features of FDIC's Corporate University that made it appropriately aligned within the agency, such as the existence of a Governing Board that includes division managers and having deans and chairs from the divisions serve on a rotational basis. FDIC's Corporate University works with the Human Resources Committee, the Corporate University's Governing Board, and deans to design curriculum and implement training programs. The structure of Corporate University is intended to support a balance between the agency's goals and the needs of the individual divisions. FDIC's Chief Operating Officer, Chief Financial Officer, and division Directors work with the Chief Learning Officer to deliver training and development programs. Corporate University also has structures in place to facilitate the exchange of information related to the training needs of the Division of Supervision and Consumer Protection.[Footnote 31] Two committees-- the Curriculum Oversight Group and the Training Oversight Committee-- assist Corporate University in identifying training and development needs. The Curriculum Oversight Group consists of midlevel supervisors who meet with Corporate University staff to map out training needs and curriculum changes that require focused strategies. The Training Oversight Committee consists of senior managers who provide information on skills needed within the Division of Supervision and Consumer Protection. Human Capital Blueprint: Last, in response to a 2004 FDIC Inspector General audit report, the agency established an integrated human capital blueprint in December 2004.[Footnote 32] The report recommended that FDIC develop a coherent human capital blueprint that comprehensively describes the agency's human capital framework and establishes a process for agency leaders to monitor the alignment and success of human capital initiatives. The report noted that such a blueprint would be beneficial because it would, among other things, promote an agencywide understanding of the human capital program. According to FDIC officials, the blueprint describes the key elements of FDIC's human capital framework and recognizes the collective responsibility of various FDIC divisions and offices in the success of its strategic human capital initiatives. Figure 4 illustrates FDIC's human capital blueprint. Figure 4: FDIC's Human Capital Blueprint: [See PDF for image] Source: FDIC. Note: According to FDIC, although the blueprint depicts boundaries between certain elements of the framework, it is not meant to imply that one process ends before another begins. In instances where overlaps and interactions between elements of the framework or between FDIC divisions are intrinsic to the process, the activity is shown as straddling two groups of elements. For example, "program and policy development" straddles the boundary between FDIC's Human Resources Committee and two divisions within the agency. [End of figure] Our previous work on strategic human capital planning suggests that human capital professionals and line managers should share accountability for integrating human capital strategies into the planning and decision-making processes. Our work further states that successful organizations have human capital professionals work with agency leaders and managers to develop strategic and programmatic plans to accomplish agency goals.[Footnote 33] This process results in agency and human capital leaders sharing accountability for successfully integrating strategic human capital approaches into the planning and decision making of the agency. FDIC's human capital blueprint includes processes for agency leaders to participate in the alignment of the agency's human capital initiatives relative to its goals. The blueprint considers how major environmental factors, such as the economy and the banking industry, impact the agency's mission and goals. FDIC considers these external factors when it conducts assessments of workload and skill requirements. These assessments ultimately guide the FDIC's Human Resources Branch, the Human Resources Committee, and Corporate University in developing and implementing initiatives to address human capital needs. FDIC Created the Corporate Employee Program to Provide a Capable and Flexible Workforce, but Its Effects on Mission Critical Functions Are Unknown: A key part of FDIC's human capital strategy is the Corporate Employee Program, which cross trains employees in multiple FDIC divisions with the objective of training them to respond rapidly to shifting priorities and changes in workload. According to FDIC officials, the Corporate Employee Program reflects a more collaborative approach to meeting mission critical functions. Launched in June 2005, the Corporate Employee Program provides opportunities for employees at all levels to identify, develop, and apply various skills through training opportunities and work assignments. According to FDIC memoranda describing the program, the increased speed at which changes can occur in individual insured institutions and the entire financial industry, and hence the speed at which FDIC's workload can change, requires FDIC to ensure that it can respond effectively and quickly. The memoranda further state that cross-training programs and cross-divisional mobility will provide FDIC employees with broader career experiences and enhanced job satisfaction while allowing FDIC to have more than enough people within the organization who have the essential training and experience that FDIC may need to respond to significant events. The goals of the Corporate Employee Program are to: * provide employees with skills needed to address significant spikes in workloads that may temporarily require shifting resources among FDIC's three main divisions, * promote a corporate perspective and a corporate approach to problem solving, * facilitate communication and the transfer of knowledge across all FDIC divisions, and: * foster greater career opportunity and job satisfaction. In March 2005, FDIC began pursuing three initial strategies for implementing the Corporate Employee Program: a crossover program, voluntary rotational assignments, and new hiring. The voluntary crossover program, intended to integrate key skill sets across business lines, allows FDIC staff in the Division of Resolutions and Receiverships to apply for in-service training in the Division of Supervision and Consumer Protection which will require that they obtain commissioned examiner status within a specific time frame.[Footnote 34] The voluntary rotational assignments provide current examiners in the Division of Supervision and Consumer Protection an opportunity to fulfill a more well-defined role in providing support to the Division of Resolutions and Receiverships. To fulfill this role, a number of examiners receive training and practical experience in resolutions and receivership functions. In the event of a significant increase in resolutions workload, the Division of Resolutions and Receiverships has first priority to call on these specialists when needed. FDIC has also developed criteria for hiring and training new employees in certain divisions. The divisions hire new employees to pursue commissioned examiner status in either risk management or compliance.[Footnote 35] While pursuing the commissioned examiner status, new employees simultaneously receive training in resolution and receivership functions and an enhanced orientation on the broad scope of FDIC's operations.[Footnote 36] Those who successfully complete the program are eligible to compete for available permanent positions in FDIC's three major career tracks--risk management examiners, compliance examiners, and resolutions and receiverships specialists. FDIC employees whom we spoke with told us that they believe the Corporate Employee Program holds great potential. For example, regional and field office staff told us that the program provides new employees with a better understanding of how the various FDIC divisions work together and an overview of each division's role within the agency. Regional and field office employees also stated that the program will make FDIC a better agency because the program helps to create a well- rounded and resourceful workforce that can be called upon to assist in the event of a banking crisis. However, FDIC staff in the regional and field offices we visited expressed a variety of concerns about the way the Corporate Employee Program operates. For example, we were told that contributions from graduates of the Corporate Employee Program may take a number of years to realize. Regional and field staff explained that the commissioning process for examiners takes 4 years to complete. Therefore, the earliest successful Corporate Employee Program graduates could contribute to bank examinations would be 4 years from the time they began the program. For example, in one field office an employee explained that examiners cannot certify an institution's examination report until after they have received their commissions. Therefore, current Corporate Employee Program participants are unable to reduce the workload of the commissioned examiners until then. However, according to FDIC officials in headquarters, examiners hired into the Corporate Employee Program can contribute immediately and continuously to the completion of certain aspects of a bank examination during their training and development program, which culminates in attaining a "commissioned" status. FDIC headquarters officials also stated that while the expected commissioning time frame is approximately 4 years, they believe they are preparing a more capable future workforce. They explained that the Corporate Employee Program adds approximately 6 to 9 months to the commissioning process, while simultaneously accelerating new employees' understanding of FDIC's division functions and how they are interrelated. Regional and field staff we spoke with also stated that reduced staffing levels place greater strain on existing staff to train new employees in certain divisions, which is further amplified by their concerns about the nature and timing of the rotational aspect of the program. Although regional and field office staff thought rotations were beneficial, they expressed concern that new employees do not spend enough time in each division to fully grasp how to perform certain job duties. Also, cross-divisional rotations during the first year can hinder the program, according to regional and field office staff. Specifically, regional and field staff stated they have had to re-train new employees because they had forgotten certain skills by the time they were permanently placed in a specific area after their rotations were complete. Further, regional office employees suggested that the rotation in the Division of Resolutions and Receiverships be shortened in order for the agency to be more proactive in addressing any increase in troubled or failed banks. They stated that new employees would benefit more from gaining experience in ongoing supervisory activities so they are able to detect problems in banks, as opposed to being trained on resolving banks. Further, regional office staff indicated that the agency was giving a priority to placing new employees in the examiner commissioning tracks because that was where the agency had focused its hiring efforts; therefore, a lengthy rotation in the Division of Resolutions and Receiverships could be counterproductive, especially given the reduced staff available for training new employees. Officials in one regional office we visited stated that new employees rotating through the Division of Resolutions and Receiverships are not receiving detailed training because the agency's greatest need is currently for examiners. Further, in the event of an increase in troubled or failed banks, the Division of Resolutions and Receiverships would be more likely to pull more experienced employees from other divisions, not new employees. FDIC headquarters officials stated they have always relied on seasoned examiners to provide on-the-job training and guidance to new examiners. The on-the-job training represents a critical component of the commissioning process and is considered a program strength. The officials added that on-the-job training continues under the Corporate Employee Program, but does not represent a significant increase in training burden as compared to the former examiner training practices. Further, FDIC headquarters officials stated that the first year rotations in the Corporate Employee Program were intended to create baseline functionality, awareness, and understanding of the three primary divisions, so when the employees in training subsequently pursue a commissioning path, they have the benefit of broad agency perspective and understand how the work of each division benefits the work of the others. As such, according to headquarters officials, the timing of the rotational assignments is aligned with the program's desired outcome and intent. Last, regional and field office staff explained that the agency was not training new employees in every aspect of the examination process due to FDIC's risk-based approach to examinations. As a result, they may not be able to identify potential problems in areas not covered by the risk-based approach. For example, we interviewed examiners in one region that has experienced significant growth in the number of financial institutions it oversees. FDIC employees in that region told us they expect the number of new bank examinations, which require full scoping, to rise over the next year, and new employees will not know how to conduct a full scope examination because they are being trained on the risk-based approach. In another office, examiners stated that new employees are typically trained in examination procedures using banks that are well-capitalized and well-managed. Therefore, FDIC may not be preparing those employees to handle rare problems that could potentially occur in banks. FDIC officials in headquarters disagreed that new employees receive less training than the previous examiner processes offered. The officials stated that the use of risk-based examination scoping processes constitute "full-scope" examinations and that examination procedures have not changed, nor have they been eliminated from examiner training programs. The Corporate Employee Program represents a significant change in the way FDIC conducts its workforce planning for the future. Our work on organizational transformations identified key practices that can serve as a basis for subsequent consideration as federal agencies seek to transform their cultures.[Footnote 37] One practice is to communicate shared expectations and report related progress, which would allow for communication to build trust and help ensure all employees receive a consistent message. Organizations undergoing significant change have found that communicating information early and often helps build an understanding of the purpose of planned changes. Also, messages to employees that are consistent in tone and content can alleviate uncertainties generated during times of large-scale change management initiatives. FDIC created brochures, provided briefings, and issued memoranda to communicate the structure and intended goals of the Corporate Employee Program. During our site visits, senior managers in one regional office stated that the development of the Corporate Employee Program was a combined effort of groups and individuals in field offices, regional offices and in headquarters. Also, some regional and field office employees stated they had opportunities to ask questions about the program as it was being developed, provided input into the development of the Corporate Employee Program or were kept abreast of developments in the program by their managers. However, other employees we met with stated they did not have an opportunity to provide input into the development of the Corporate Employee Program. The Corporate Employee Program has only recently been implemented, and differing opinions on the nature, intent, or benefits of such a new initiative may be anticipated. It is also important to note that FDIC has not had an opportunity to fully determine the potential benefits or shortfalls of the Corporate Employee Program due to the newness of the program and the relatively strong health of the banking industry. Thus, it is especially important that FDIC take steps to assess the benefits of the program and share available results with all FDIC employees. Our prior work on organizational transformations states that sharing performance information can help employees understand what the organization is trying to accomplish and how it is progressing in that direction and increase employees' understanding and acceptance of organizational goals and objectives. FDIC Has Additional Human Capital Initiatives to Address Leadership Development and Professional Competence: As noted earlier, FDIC officials estimate that 8 to 16 percent of the agency's remaining permanent workforce will retire over the next 5 years. Many of the agency's most experienced and most senior employees are included in the projection, and their retirements will further exacerbate the loss of institutional knowledge that occurred during the more than 10 years of agency downsizing. In order to address this and other issues related to leadership development and improving professional competence, FDIC is developing several new human capital initiatives. In October 2006, the Corporate University Governing Board granted approval for Corporate University to proceed with the design and piloting of the Corporate Executive Development Program. FDIC officials are designing the program to address human capital issues related to succession planning. The purpose of the program is to prepare high-potential employees for executive-level responsibilities. Certain senior level employees and managers will be eligible to participate in the executive development program. Candidates will participate in an 18-month program consisting of experiential and academic learning (including a 12-month detail outside of the candidate's current division), and a 2-or 3-month detail tailored to the candidate's developmental needs. Candidates who successfully complete the program are eligible for noncompetitive promotion into executive manager positions at FDIC; however, there are no guarantees for placement. FDIC has also developed the following human capital initiatives to help employees develop expertise and improve professional competence: * Professional Learning Accounts: The Corporate University Governing Board approved Professional Learning Accounts for implementation in 2007. These accounts are a specified annual amount of money (up to $2,500) and hours (up to 48 hours) that employees at all career levels within the agency manage with their supervisors for use toward the employee's learning and development goals. Employees can use account funds for any training and development opportunity that is considered related to the work and mission of FDIC, regardless of the employee's current occupation. The accounts are voluntary and temporary, permanent, full, and part time employees are eligible.[Footnote 38] Employees eligible for account funds must first complete a career development plan, which an employee's supervisor must approve. * Internal Certifications: FDIC offers additional certifications through the Corporate Employee Program as well as a commissioning track in the Division of Resolutions and Receiverships. FDIC's new certificate programs are intended to give employees at all career levels an opportunity to expand their knowledge and skills in areas critical to FDIC's mission while simultaneously helping to make FDIC more responsive to changes in the financial services industry. To receive a certificate, employees must complete a development program, have a supervisor attest to their skill readiness, and qualify on a knowledge assessment in the form of a computerized test or a performance assessment. FDIC expects the FDIC certificate to benefit FDIC employees in a number of ways, including broadened agency perspective, increased marketability, career mobility, personal development, and continuous learning. As of October 2006, FDIC had introduced two certificate programs, and Corporate University was working to identify and obtain evaluation data for these programs to measure their effectiveness.[Footnote 39] FDIC is also working to develop a commissioning track for resolutions and receiverships specialists. It is expected that in the future, new employees will be selected into either the examiner commissioning track or the resolutions and receiverships commissioning track. * External Certifications: Corporate University has also sponsored opportunities targeted for midlevel career staff to receive external certifications in areas that align with FDIC's business needs. In 2005, Corporate University offered two external certifications to select employees. As of November 2006, Corporate University sponsorship included four more external certifications, and Corporate University planned to continue to work with FDIC's divisions to sponsor other external certifications, as appropriate.[Footnote 40] * MBA Program: During 2005, Corporate University sponsored (on a pilot basis) a limited number of employees to pursue the Masters in Business Administration, or MBA, at the University of Massachusetts at Amherst. According to FDIC officials, the MBA program enhances the technical and leadership skills of FDIC employees. At the time of our review, FDIC had 10 employees enrolled in the first year of the program. Corporate University Evaluates All Training Programs, but It Has Not Fully Developed Outcome-Based Performance Measures to Determine Effectiveness: Corporate University officials stated that they evaluate all of their training programs to determine how effective they are at providing the skills and expertise needed to improve job performance. However, certain training courses receive a more in-depth evaluation than others, depending on the significance of the training program. In March 2004, we published A Guide for Assessing Strategic Training and Development Efforts in the Federal Government, which emphasizes the importance of agencies' being able to evaluate their training programs and demonstrate how the training efforts help develop employees and improve the agencies' performance.[Footnote 41] One commonly accepted training evaluation model consists of five levels of assessment.[Footnote 42] The first level measures the participants' reaction to and satisfaction with the training program. The second level measures the extent to which learning has occurred because of the training effort. The third level measures the application of the learning to the work environment through changes in behavior that trainees exhibit on the job. The fourth level measures the impact of the training program on the agency's organizational results. Finally, the fifth level--often referred to as return on investment--compares the benefits (quantified in dollars) to the costs of the training program. According to Corporate University officials, all training programs receive a level one evaluation, which are the typical evaluations performed at the end of a course. Where appropriate, Corporate University conducts level two evaluations, which are similar to a final exam and provide a measure of how much trainees learned during the training program. More significant training programs, like the Corporate Employee Program, receive level three evaluations, where, according to Corporate University officials, employees demonstrate their learning on the job. For example, after every rotation or job assignment during the first year of the Corporate Employee Program, the employee's supervisor prepares a report on how well the employee performed certain job tasks. Corporate University officials noted that they are planning to conduct what they consider level four evaluations of the Corporate Employee Program, where they will compare the skill level and performance of graduates of the Corporate Employee Program to those who completed the previous commissioning process. According to Corporate University officials, this might help them determine whether the Corporate Employee Program produces employees with at least the same level of knowledge, skill, and ability as those employees who were trained and commissioned prior to the implementation of the Corporate Employee Program. Our prior work on evaluating training programs states that assessing training and development efforts should consider feedback from customers, such as whether employee behaviors or agency processes effectively met their needs and expectations.[Footnote 43] Corporate University officials noted that they also obtain feedback on training courses to ensure they remain relevant, the emphasis remains appropriate to the job duties, and information being provided meets staff's needs. Based on feedback, Corporate University may make changes to the delivery of the course or the tools used in the course. Corporate University officials stated they made significant changes to the Corporate Employee Program based on feedback from the new employees and their supervisors. For example, Corporate University made improvements to certain training materials and revised certain required benchmarks to make them more robust and complete. According to our guide, not all training and development programs require, or are suitable for, higher levels of evaluation. It can be difficult to conduct higher levels of evaluation because of the difficulty and costs associated with data collection and the complexity in directly linking training and development programs to improved individual and organizational performance.[Footnote 44] Corporate University officials noted that they try to focus higher levels of evaluation on the most significant training programs that address key organizational objectives, involve change management, and are costly to the organization. For example, Corporate University is planning to conduct level four evaluations of the Corporate Employee Program because it is significant, costly, and highly visible. Officials added that resources are the biggest obstacle to conducting higher levels of evaluation. For example, it takes time to complete surveys and questionnaires and obtain productivity data. Officials told us that conducting these activities interrupts core mission work, so Corporate University conducts higher levels of evaluation in a more targeted fashion. Corporate University is currently developing a scorecard to measure its progress in meeting its human capital goals, but it has not fully developed outcome-based performance measures to determine the effectiveness of its training programs.[Footnote 45] Performance measures may address the type or level of program activities conducted (process), the direct products and services delivered by a program (outputs), or the results of those products and services (outcomes). Corporate University's scorecard development began in early spring 2005, when an FDIC management analyst briefed Corporate University on the scorecard concept and began developing a strategy for the development of the scorecard. By fall 2005, Corporate University had developed a draft scorecard and presented it to staff; Corporate University began piloting the draft scorecard in 2006. Corporate University's draft scorecard includes indicators that measure customer perspective (e.g., percent of target Corporate Employee Program certificates awarded); internal perspective (e.g., percent of clients satisfied on post-project surveys); Corporate University operating attributes (e.g., percent of projects on schedule or completed on time); and financial perspective (e.g., percent of resources invested in high-priority areas). While Corporate University conducts evaluations to learn the benefits of its training programs and how to improve them, our prior work on performance measurement and evaluation shows that evaluations typically examine a broader range of information than is feasible to monitor on an ongoing basis.[Footnote 46] Though evaluations may present this challenge, FDIC can monitor outcome-based performance measures on an ongoing basis to help focus on whether a program has achieved its objectives. Both evaluations and performance measurements aim to support resource allocation and other decisions to improve effectiveness; however, performance measurement, because of its ongoing nature, can serve as an early warning system to FDIC management and can be used as a vehicle for improving accountability. Our prior work on strategic workforce planning states high performing organizations recognize the importance of measuring how outcomes of human capital strategies help the organization accomplish its mission.[Footnote 47] Performance measures, appropriately designed, can be used to gauge two types of success: (1) progress toward reaching human capital goals and (2) the contribution of human capital activities toward achieving programmatic goals. Periodic measurement of an agency's progress toward human capital goals and the extent that human capital activities contributed to achieving programmatic goals provides information for effective oversight by identifying performance shortfalls and appropriate corrective actions. Further, evaluating the contribution of human capital activities toward achieving an agency's goals may determine that its human capital efforts neither significantly helped nor hindered the agency from achieving its programmatic goals. These results could lead the agency to revise its human capital goals to better reflect their relationship to programmatic goals, redesign programmatic strategies, and possibly shift resources among human capital initiatives. However, our previous work showed that developing meaningful outcome-oriented performance goals and collecting performance data to measure achievement of these goals is a major challenge for many federal agencies. Corporate University officials acknowledged challenges associated with developing outcome-based performance measures. An official noted that it was difficult to develop measures that are meaningful to the agency. For example, the official noted that maintaining alignment of training and development with the agency's goals is important, but it was difficult to develop a measure for organizational alignment. Therefore, to gauge organizational alignment, Corporate University uses the number of senior level meetings to determine workforce and skill needs as a measure. Officials also noted that several outcome measures carry over into the divisions and that it is difficult to determine how Corporate University's training programs impact other divisional scorecards. However, Corporate University officials want to obtain outcome-based performance measures and stated that they would continue to refine and improve their scorecard as they gain more experience. While the draft scorecard currently includes an output performance measure for the Corporate Employee Program, it does not yet include outcome-based performance measures. Absent the use of outcome-based performance measures, especially for key initiatives like the Corporate Employee Program, FDIC will not know whether its programs are effective at achieving its mission and its human capital goals. Further, not having these measures could limit FDIC's ability to determine whether to modify or eliminate ineffective training programs. FDIC Has an Extensive Risk Assessment System and Contingency Plans for Bank Failures, but It Has Not Comprehensively or Routinely Evaluated Them: FDIC, as a supervisor of banks and thrifts that evaluates safety and soundness, as well as the insurer of deposits, has risk assessment and monitoring at the core of its mission. To manage risk, FDIC uses information from front-line supervision of individual institutions and a range of activities examining trends and economic forces affecting the health of banks and thrifts generally. Following industry consolidation in recent years, failure of large institutions presents the most significant threat to FDIC's deposit insurance fund, due to the asset size of the institution and the complexity of its activities. Thus, if losses grew high enough, the insurance fund could be exhausted. FDIC has both broad plans and specific strategies for handling troubled institutions, and FDIC has evaluated a wide variety of its risk activities. But some of FDIC's evaluations were not done regularly or comprehensively. Defining clear responsibility for monitoring and evaluation of its risk activities could assist FDIC in addressing or preventing weaknesses in its evaluations. To Assess and Monitor Risk, FDIC Combines Supervision of Individual Institutions with Analysis of Trends Affecting Banks and Thrifts: Our generally accepted standards for internal control identifies risk assessment as one of five key standards that both define the minimum level of quality acceptable for internal control in government as well as provide the basis against which an organization's internal controls are evaluated.[Footnote 48] Proper internal control should, among other things, provide for an assessment of risk an agency faces from external sources. FDIC takes a dual approach to assessing and monitoring risk. FDIC's front-line for risk assessment is supervision of individual institutions, where it is the primary federal regulator of thousands of banks and thrifts. It is also the backup regulator for thousands of other institutions directly supervised by one of the other three federal regulatory agencies for banks and thrifts. In addition to its supervision of individual institutions, FDIC also conducts broad monitoring and analysis of risks and trends in the banking industry as a whole. Individual Institution Examinations are FDIC's Front Line for Risk Assessment: At the individual institution level, FDIC's main risk assessment activity is the safety-and-soundness examination process, agency officials told us.[Footnote 49] Like other federal banking regulators, FDIC must generally conduct a full-scope, on-site examination for each institution it regulates at least once every 12 months, although the agency can extend the interval to 18 months for certain small institutions.[Footnote 50] For institutions that require additional attention, FDIC may supplement regularly scheduled examinations with more frequent examinations or visitations.[Footnote 51] Recognizing that a bank or thrift's condition can change between on- site examinations, FDIC officials told us the agency created eight risk measurement models to monitor risk from off-site, which often use financial information reported by the institution. The agency's major off-site monitoring tool is the Statistical CAMELS Off-site Rating system (SCOR), which helps FDIC identify institutions that have experienced significant financial deterioration.[Footnote 52] The SCOR off-site monitoring system attempts to identify institutions that received a rating of 1 (no cause for supervisory concern) or 2 (concerns are minimal) on their last examination--the top two grades available on the five-point CAMELS scale--but whose financial deterioration may cause a rating of 3 or worse (cause for supervisory concern and requires increased supervision to remedy deficiencies) at the next examination.[Footnote 53] The significance of the 3 rating is that once a banking regulator rates an institution as 3 or worse, FDIC monitors it more closely. The SCOR system uses a statistical model that compares examination ratings with financial ratios of a year earlier and attempts to forecast future ratings.[Footnote 54] As discussed later in this report, evaluations of the SCOR system determined that the system is informative, but does not always produce accurate results. Owing to the potential for larger losses to the insurance fund, FDIC officials told us the agency also puts special emphasis on monitoring the nation's largest financial institutions, based on asset size. For example, FDIC's Large Insured Depository Institution program gives heightened scrutiny to institutions with assets of $10 billion or more. For those with $25 billion in assets or more, managers submit quarterly assessments.[Footnote 55] For those with $50 billion or more in assets, FDIC also requires risk assessment plans that address risk the institution presents from the perspectives of supervision, insurance, and resolution. Further, FDIC maintains examiners on-site at the six largest institutions. While FDIC is not the primary regulator of these institutions, it is nevertheless responsible for insuring them. For the largest institutions for which FDIC is the primary regulator, the agency uses what it calls a continuous supervision process for examinations, which provides ongoing examination and surveillance of institutions with assets greater than $10 billion. Four institutions are now receiving such scrutiny. Additionally, FDIC has in recent years made significant changes to its examination process. It has adopted the MERIT program (Maximum Efficiency, Risk-focused, Institution Targeted examinations), which seeks to tailor examinations to risks presented by individual institutions. Under this approach, safer institutions should receive less attention, while riskier institutions should receive more regulatory scrutiny. FDIC officials stated that the MERIT program is more efficient, allowing examiners to spend less time on-site at well- rated institutions, while providing an opportunity to redirect examination resources to institutions posing higher risks. For example, if an institution maintains what examiners decide is an effective asset review program, the examiners will significantly reduce the time spent reviewing individual credits. Today, banks or thrifts that meet certain criteria are eligible for the MERIT program.[Footnote 56] Broad Assessment and Monitoring is the Second Part of FDIC's Risk Strategy: In addition to its oversight of individual institutions, FDIC conducts a wide range of other activities to monitor and assess risk at a broader level, from a regional perspective on up to a national view (fig. 5). Figure 5: FDIC's Risk Assessment and Monitoring Process: [See PDF for image] Sources: GAO analysis; Art Explosion (map). [End of figure] Regional Risk Committees: In 2003, FDIC formed Regional Risk Committees in each of FDIC's six regional offices. The Regional Risk Committees review and evaluate regional economic and banking trends and risks and determine whether the agency should take any action in response.[Footnote 57] Comprised of senior regional executives plus relevant staff members, the committees meet semi-annually, and consider a wide range of risk factors--such as economic conditions and trends, credit risk, market risk and operational risk--as a prelude to identifying a level of concern, a level of exposure, and supervisory strategy. Strategy options include such tools as publishing research or circulating relevant information to the banking community, making the risk factor a priority in on-site examinations, or highlighting the factor for off- site monitoring activities. In FDIC's San Francisco Regional Office, we observed a meeting of the western region's Regional Risk Committee. These FDIC regional officials had compiled detailed research on a comprehensive range of potential risk factors that could affect the health of the region's banks and thrifts. The FDIC regional risk committees prepare reports of their results and distribute them to the National Risk Committee. National Risk Committee: The National Risk Committee, comprised of senior FDIC officials, meets on a monthly basis to identify and evaluate the most significant external business risks facing FDIC and the banking industry, according to FDIC officials.[Footnote 58] For example, recent committee work has focused on the effect of recent hurricanes on Gulf Coast institutions, the trend in number of problem institutions, and bank and thrift vulnerability to rising interest rates. Where necessary, the committee develops a coordinated response to these risks, including strategies for both FDIC-supervised and -insured institutions. Among other things, the National Risk Committee receives the Regional Risk Committee reports filed from across the country. Risk Analysis Center: The Risk Analysis Center (RAC) is an interdivisional forum for discussing significant, cross-divisional, risk-related issues. FDIC officials use the Risk Analysis Center as a vehicle to bring together managers from across major FDIC divisions, in an effort to coordinate and provide relevant information to FDIC decision-makers. The Risk Analysis Center provides reports and analyses to the National Risk Committee. The National Risk Committee and regional risk committees also contribute ideas to the Risk Analysis Center on issues for discussion. Recent examples of the center's work include response to Hurricane Katrina, when the center's management committee met to discuss deployment of FDIC offices and personnel to the relief effort, and work following the August 2003 blackout in the Northeast and Midwest, when officials assembled shortly after the power failure in order to discuss its possible impact on the banking system.[Footnote 59] One key product of the Risk Analysis Center is the "RAC Dashboard"- -a group of graphically displayed statistics that identify key banking and economic trends. For example, the center's national dashboard features trend lines charting economic conditions, large bank risk, credit risk, market risk, supervisory risk, and financial strength. FDIC officials told us these indicators allow comparison of current conditions to historical extremes and have the ability to identify areas where risks may be increasing. A Risk Analysis Center web site has a variety of risk-related information, including FDIC publications and presentations available for supervisors, field examiners, and others. The site offers guidance on topics such as concentration in real estate lending, interest rate risk management, and best practices for maintaining operations during natural disasters. Division of Insurance and Research: FDIC's Division of Insurance and Research also plays a significant role in FDIC's risk activities. The division has a leading role in preparing a key set of reports delivered to FDIC's board of directors twice each year. The board uses these reports as a basis for setting the deposit insurance fund's premium schedule; thus, the reports undergird FDIC's basic mission of protecting insured deposits. One of these reports, known as the "Risk Case," summarizes national economic conditions and banking industry trends, plus discusses emerging risks in banking. The second of the two reports, known as the "Rate Case," recommends a premium schedule based on an analysis including likely losses to the fund from failures of individual institutions; expenses of resolving failed institutions; insurance fund operating expenses; growth of insured deposits; investment income; and the effect of premiums on the earnings and capital of insured institutions. The division also conducts pertinent research on specific topics or more general issues. For example, FDIC officials told us that when interest rates recently started upward, the division evaluated what the effect might be nationally, then conducted stress tests on certain institutions to see how the increase might affect them. More broadly, the division has compiled a history of the banking crisis of the 1980s and early 1990s.[Footnote 60] In the last 2 years, FDIC has tried to enhance its research capability, through its Center for Financial Research. Officials told us they want stronger ties to academia, and believe better research leads to better policy. Financial Risk Committee: On a quarterly basis, FDIC's Financial Risk Committee recommends an amount for the deposit insurance fund's contingent loss reserve--the estimated probable losses attributable to failure of insured institutions in the coming 12 months. Because the size of the reserve reflects beliefs about risk facing the insurance fund, the committee's recommendations are an important part of the risk function. The Financial Risk Committee consists of senior representatives from major FDIC divisions.[Footnote 61] In addition to internal deliberations, FDIC staff members also meet with other banking regulators to discuss problem institutions for which a reserve may be necessary. Various parts of the FDIC organization also work together to carry out their risk assessment and monitoring functions. For example, the National Risk Committee recently directed the Risk Analysis Center to investigate possible risks associated with collateralized debt obligations.[Footnote 62] The Chicago Regional Office Regional Risk Committee produced a presentation for the National Risk Committee on housing and banking conditions in southeast Michigan, where business difficulties of the U.S. automobile industry have hurt the local economy and with it, the fortunes of local financial institutions. Similarly, an examiner with commercial real estate experience recently visited the Florida panhandle and nearby Alabama, reviewing bank files and visiting larger condominium developments. The examiner's findings were presented at the Risk Analysis Center to representatives from FDIC's main divisions--the Divisions of Insurance and Research, Supervision and Consumer Protection, and Resolutions and Receiverships. There, officials judged the information important enough to send up to the National Risk Committee. Division managers in the Risk Analysis Center also discuss the Risk Case before it is presented to the National Risk Committee. Meanwhile, the Division of Insurance and Research has managers in regional offices, where they monitor conditions locally and consult with examiners in the Division of Supervision and Consumer Protection who are working in individual institutions. Information these managers gather is sent to the Risk Analysis Center and the National Risk Committee. Notwithstanding its own activities, FDIC officials told us that cooperation with other federal banking regulators is an important part of their risk management efforts as well. Toward that end, the agency engages in a number of activities with the other regulators. One program is the Shared National Credit Program. Established in 1977, the program is a cooperative effort among four federal banking regulators to perform a uniform credit analysis of loans of at least $20 million that three or more supervised financial institutions share. With $1.9 trillion in credit commitments to more than 4,800 borrowers, these loans have the potential for significant impact on the banking system and the national economy. The program's 2006 annual report showed that as the volume of syndicated credits has risen rapidly, the percentage of commitments adversely rated has held steady and remains well below a recent peak in 2002 to 2003. In addition to the Shared National Credit Program, FDIC is involved in other interagency risk management activities, such as: * FDIC participates in the Federal Financial Institutions Examination Council with the other federal banking regulatory agencies. This program prescribes uniform examination standards and makes recommendations to promote uniformity in financial institution supervision. * FDIC exchanges examination reports with the other federal banking regulators and state banking authorities. * FDIC officials told us that they regularly attend interagency meetings, both formal and informal, at the field, regional, and headquarters office levels, on topics ranging from institution-specific to industrywide issues. For example, FDIC consults with staff from the other agencies in preparing the Risk Case report described earlier. * The agencies jointly issue examination and industry guidance on risk- related topics. Recent work includes guidance on nontraditional mortgage risks, to clarify how institutions can offer nontraditional mortgage products in a safe and sound manner, and developing guidance on risks of concentration in commercial real estate lending. * FDIC told us that they frequently invite officials from the other banking agencies to participate in Risk Analysis Center presentations on a variety of issues. Because FDIC insures many institutions for which it is not the primary federal regulator, information-sharing among federal banking regulators is a concern to FDIC. FDIC officials told us that working relationships with the other regulators are good and better than ever before. In 2002, the agencies reached an information-sharing agreement, which provides FDIC information and access to selected large institutions and others presenting a heightened risk to the deposit insurance fund. Two important drivers of this cooperative effort are to avoid sending potentially mixed signals to the regulated entities and the public about regulators' supervisory activities and to reinforce that it is critical for FDIC, as the potential receiver for failed institutions, to understand well what is happening in non-FDIC regulated institutions, especially large ones. While this agreement represents a positive step, a senior FDIC official told us that the current information-sharing provisions are not adequate. As institutions grow more complex, it becomes harder, without more complete information on their activities, for FDIC to properly price insurance coverage as well as to work out assets during resolution, according to the official. One way FDIC is currently seeking to address such issues is through an advanced notice of proposed rulemaking in which FDIC sought comments on options to modernize its deposit insurance determination process by requiring the largest banks and thrifts to modify their deposit account systems to speed depositors' access to funds in the event of a failure.[Footnote 63] Today, institutions do not track the insurance status of their depositors, the agency says, yet if there is a failure, FDIC must make deposit insurance coverage determinations. Industry consolidation, and the emergence of larger, more complex institutions with millions of deposit accounts raise concerns about current methods for handling failures, according to FDIC. FDIC officials also told us they coordinate internationally with entities to share information on issues relevant to financial institutions, regulatory agencies, and insurers of financial institutions in the U.S. and abroad. For example, the officials participate on the Basel Committee, a forum for regular cooperation on banking supervisory matters. The Basel Committee is composed of senior officials responsible for banking supervision or financial stability issues from 13 countries including Belgium, Italy, Japan, and the United Kingdom. In particular, FDIC officials stated they participate three times per year in meetings of the Accord Implementation Group, a subgroup of the Basel Committee. FDIC Has Broad Plans and Specific Strategies for Handling an Increase in Troubled or Failed Institutions: To address the possibility of a large-scale bank failure, FDIC has developed broad plans and specific strategies. According to FDIC officials, the biggest dangers to the deposit insurance fund are large- scale bank failures. The FDIC Inspector General has warned that the banking industry's significant increase in consolidation could result in large losses to the deposit insurance fund if a so-called megabank failed.[Footnote 64] FDIC officials told us credit risk continues to be the most important factor that could cause large banks, or a large number of banks, to fail. A sudden failure would most likely stem from rapid, widespread loss of confidence in an institution, which would generate a liquidity crisis.[Footnote 65] FDIC's Resolutions Policy Committee is responsible for developing plans to handle potential or actual failure of the largest insured institutions. The committee, comprised of senior FDIC officials from across the agency, has developed a 12-part plan for dealing with such difficulties.[Footnote 66] In handling a failed institution, FDIC's primary objective is to protect insured depositors. Generally, FDIC seeks to minimize the overall cost to the insurance fund. The agency also seeks to prevent uninsured depositors, creditors, and shareholders from receiving more than their legally entitled amounts.[Footnote 67] Overall, FDIC attempts to minimize the time an institution is under government control, while maximizing returns to creditors. In general, according to the plan, the resolution strategy for a large bank failure will depend on facts of the particular situation, such as characteristics of the bank, the nature and extent of the problem causing the failure, the condition of the industry and relevant financial markets, and the cost to the insurance fund. For a resolution that does not pose a systemic risk--that is, larger repercussions for the industry or national economy--FDIC will most likely choose between paying off insured deposits or establishing a bridge bank. A bridge bank is a new, temporary bank chartered to carry on the business of a failed institution until a permanent solution can be implemented. Bridge banks preserve the value of the institution until a final resolution can be accomplished. A key aim following failure is to preserve the value of an institution and business continuity through a bridge bank can be important for maintaining value and hence, a marketable franchise. In addition to the work of the agencywide Resolutions Policy Committee, FDIC's Division of Resolutions and Receiverships--the unit most directly responsible for handling failures--has created a detailed blueprint for managing failure of a large institution.[Footnote 68] The blueprint includes strategies for establishing a bridge bank, which FDIC officials stated that in most cases was the least costly and most effective option for handling a sudden large bank failure. The plan seeks to minimize failure costs, contain the risk of troubles spreading beyond a failed bank or thrift, ensure prompt access to depositor funds, and preserve the FDIC insurance fund in the face of losses that could exhaust it. Some of these objectives, according to the plan, will conflict; most notably, tension between the least-cost approach and the potential systemic risk implications of a large-scale failure.[Footnote 69] The least-cost approach adheres to a principle of not providing FDIC insurance to uninsured depositors and also focuses on maintaining the franchise of the failed institution, because the value of the failed bank's franchise will mitigate the overall failure cost. Most, but not all, large banks will have a valuable franchise at the point of failure, according to FDIC officials.[Footnote 70] The agency says it is doubtful FDIC will have the opportunity to find an acquirer for a troubled large bank prior to failure. FDIC cites several reasons for this. Failure or near-failure of a large bank could happen very quickly with relatively little prior warning; as a result, there could be very limited opportunity to gather and analyze information about an institution's operations prior to failure. Also, extensive negotiations with potential acquirers would be required, and it is likely such activity would become publicly known, which could spark a liquidity crisis. As discussed earlier, FDIC has sharply reduced its workforce, which today is down 80 percent since its peak in the early 1990s during the banking crisis. FDIC headquarters officials maintain that the smaller staff has not hurt the agency's ability to monitor and assess risk-- because as FDIC has shrunk, so too has the number of institutions through industry consolidation. The officials do acknowledge that industry troubles could require additional resources. As a result, FDIC has created a three-part strategy for dealing with an increase in troubled or failed institutions: * developing workforce flexibility, such as that provided by the Corporate Employee Program, where both newer and more experienced employees previously cross-trained in several areas of FDIC resolutions and receiverships operations would be temporarily reassigned from other divisions to handle failure and resolution duties; * recalling FDIC retirees for temporary duty;[Footnote 71] and: * hiring contractors for temporary duty.[Footnote 72] Overall, FDIC officials told us they do not believe there is any scenario for banking troubles that the agency would be unable to handle. But they acknowledge there could be two significant issues: if losses grew large enough, the insurance fund could be exhausted, requiring the Treasury Department to issue debt; and if sufficiently large institutions failed, there could be so many deposit claims that payoffs would be delayed. However, the agency's goal is to manage any institution failure to avoid these events. FDIC Reviews Some of Its Risk Assessment Activities, but Some Evaluations Were Incomplete and Responsibility for Overseeing Evaluations Is Unclear: FDIC officials told us that evaluation and monitoring of its risk assessment activities are critical parts of the agency's mission and that such activities are ingrained in the organization. In addition to identifying risk assessment as a key internal control, our internal control standards also detail how an effective internal control system should include continuous monitoring and evaluation as an integral part of the agency's operations. This monitoring includes regular management and supervisory activities, comparisons, and reconciliations, among other activities. An example of continuous monitoring is FDIC's "continuous supervision" process for large institutions, as described earlier. FDIC officials also told us that they rely on us and the FDIC Inspector General to conduct such reviews, and our internal control standards acknowledge that evaluations may be performed by the Inspector General or an external auditor. However, the standards also say that organizations should themselves undertake internal evaluations that form "a series of actions and activities that occur throughout an entity's operations and on an ongoing basis." Our review of the evaluations and monitoring that FDIC provided to us indicates that FDIC has not comprehensively evaluated the full range of its risk activities in a routine way that is part of ongoing agency operations. When we reviewed several evaluations that FDIC provided, we found that though FDIC has evaluated or is in the process of evaluating a wide variety of risk activities, some of the evaluations appeared to be incomplete or were not conducted on a regular basis. The following examples illustrate these weaknesses: * When we asked FDIC officials for any evaluation of a recent, key change in risk management strategy--specifically, FDIC's adoption of risk-focused supervisory examinations under the MERIT program discussed earlier--officials cited two reports by the Inspector General's office. These reports were mostly favorable, although they reviewed only portions of the MERIT program, not its overall scope.[Footnote 73] However, MERIT is a program that FDIC itself should comprehensively review because of the program's relative newness and its core role in identifying areas of risk. Also, some examiners to whom we spoke in FDIC field offices voiced concerns that the streamlined examinations under the MERIT program may fail to detect significant problems. Though FDIC officials in headquarters thought this concern may have been exaggerated, regular reporting of evaluations and monitoring could address these concerns.[Footnote 74] Recently, FDIC's Regional Office in Atlanta completed a draft report on the MERIT examination approach, which recommended further study of MERIT as part of a broader review of examination programs. * When we asked for evaluations of FDIC's eight off-site monitoring systems discussed earlier, FDIC provided documentation showing one-time evaluations of the accuracy of two off-site monitoring systems. One of these evaluations reviewed the Statistical CAMELS Off-site Rating (SCOR) system, which, as noted earlier, is the agency's major off-site monitoring tool and is used to identify institutions that have experienced significant financial deterioration. In the evaluation of the SCOR system--completed in 2003--FDIC found it performed poorly.[Footnote 75] Such a finding and FDIC's limited evaluation of its other off-site monitoring systems underscores the need for more regular reviews. FDIC officials stated they were reviewing and seeking to improve the agency's off-site monitoring systems. The plan for this effort, however, shows a considerable amount of work yet to be done with no scheduled completion date. * FDIC has conducted simulations designed to test its plans for addressing a key risk--increase in troubled and failed large institutions. In some cases, we found these simulations to have well- conceived elements that examined important changes FDIC has made in recent years, but in other cases we determined that the simulations were not comprehensive in following FDIC's own guidance on planning for large bank failures. For example, in 2002 FDIC conducted a simulation of the hypothetical failure of a regional bank with $60 billion in assets. However, the Division of Resolutions and Receiverships did not develop its current large-bank failure plan until 2004. The 2002 simulation, which was FDIC's largest failure test by asset size, excluded consideration of systemic risk, which the 2004 plan emphasizes as a key issue. Thus the 2002 simulation did not test the current plan, nor did it include the type of risk FDIC identifies as significant. FDIC officials told us they did not intend to include systemic risk in this exercise. However, the guidance on planning for large bank failures underscores the importance of systemic risk, stating that "the collapse of a large bank could have profound implications for other insured depository institutions and/or elements of the economy." Thus, this exercise--FDIC's largest big bank failure scenario to date-- excluded systemic risk. Additionally, a 2004 simulation of a $30 billion regional bank was to highlight risks in operating a bridge bank--a bank established to temporarily take over operations of a failed institution. But the simulation did not include an investigation into major decisions on how to establish the bridge bank and thus did not fully reflect processes that FDIC's guidance says are critical to the successful opening and operation of a bridge bank.[Footnote 76] Finally, a test addressing workforce flexibility provided 3 months' advance notice of the hypothetical closing of this large bank, while FDIC guidance says the agency should plan for failure with little or no warning. FDIC has acknowledged the value of regular testing, but officials from FDIC's Division of Resolutions and Receiverships told us that they were stretched for resources and that simulations and tests, which take time and resources, would have to be set aside if there were an increase in troubled bank activity. * Other evaluations that FDIC provided appeared to be comprehensive reviews of the specific risk activity and led to some changes, but these reviews did not appear to be done on a regular basis. For example, in 2006, a team of executives from FDIC's major divisions reviewed the effectiveness of the Regional Risk Committees. Recommendations included better reporting and wider consideration of risk and use of video teleconferences to discuss relevant issues before and after Regional Risk Committee meetings. An FDIC directive, issued in the summer of 2006, implemented these recommendations. A team of FDIC officials in the agency's Senior Executive Leadership Program also recently evaluated the workings of a committee that runs the Risk Analysis Center. The evaluation included recommendations on changes in the center's mission, structure, the way it communicates with FDIC employees, and the design of its internal Web site. FDIC officials stated that the most notable change to emerge from the process was to establish a three-person standing committee to coordinate the Risk Analysis Center, replacing what had been a group with rotating membership. However, officials also told us there were no formal efforts to evaluate the center's effectiveness. Some risk activities appear to be regularly evaluated in a broader review of FDIC operations conducted by the Division of Supervision and Consumer Protection but are not intended to comprehensively review the effectiveness of the risk activities. The division conducts a review of its operations of each of its six regional offices every 2 years. Based on documents provided by FDIC, we found that these reviews include reviews of the safety-and-soundness examinations FDIC performs as the primary federal regulator of designated banks and thrifts; enforcement actions taken to maintain institutions' financial health; off-site reviews of institutions' health; and operation of FDIC's large institution oversight program. These reviews, however, vary by office and cover only selected areas of the activities. The reviews also tend to emphasize compliance with policies and procedures, rather than effectiveness of the risk activities. Although FDIC conducts some evaluations of its risk assessment activities, our work indicates that FDIC's risk assessment framework does not clearly define how it will ensure that the evaluations of risk- related activities are thorough and conducted on a regular basis. FDIC maintains an Office of Enterprise Risk Management, but the office's activities are more internally focused and generally do not involve external risk assessment activities of FDIC's major operating divisions. FDIC officials told us that the agency's chief operating officer is ultimately in charge of the risk assessment process. At the same time, FDIC officials told us the agency's three main divisions-- Supervision and Consumer Protection, Resolutions and Receiverships, and Insurance and Research--share external risk responsibilities through an interwoven structure of committees and management-directed activities. This unclear line of responsibility could be contributing to the weaknesses we identified in some of FDIC's evaluations of its risk activities. Our internal control standards state that an effective and positive internal control environment requires an agency's organizational structure to clearly define key areas of authority and responsibility and establish appropriate lines of reporting. Further, in implementing control standards, management is responsible for developing the detailed policies, procedures, and practices to fit the agency's operations and to ensure that the policies, procedures, and practices become an integral part of operations. According to insurance industry officials we spoke with, there are a variety of approaches to assigning responsibility for overseeing risk assessment activities. Some organizations have a Chief Risk Officer or a committee of senior-level officials while others delegate specific responsibilities to an existing office or officials. FDIC would be more likely to address or prevent some of the weaknesses we identified by designating official(s) or an office or establishing procedures, to ensure that evaluation and monitoring of risk activities are conducted regularly and comprehensively. For example, such an office or process could address employee concerns about MERIT by ensuring there are regular reviews and also identify and address potential resource constraints that can limit the number and breadth of large-bank failure simulations. By not clearly providing for oversight of monitoring and evaluating risk- related activities, FDIC is vulnerable to the risk of gaps or inefficiencies in its risk assessment process and will not know whether all parts of its risk management framework are effective. Conclusions: Our limited observations of the interactions between FDIC's board of directors, their deputies, and senior management within the agency suggests that FDIC's board of directors is engaged in the agency's operations and effectively uses the information provided to the directors to assist in its oversight of the agency. The board has also established a clear and transparent relationship between the board of directors and the organization's management by delegating a wide range of activities to FDIC divisions. These delegations have been broadly reviewed on certain occasions and limited changes have been made to delegations granted by the board, both through a formal process and upon request by board members or FDIC divisions. These review processes help ensure that FDIC's delegations are appropriate and that FDIC employees are not making decisions that should be made by the board or more senior officials. FDIC has undertaken a number of activities to strengthen its human capital framework and also evaluates many of its human capital strategies. Specifically, FDIC's Corporate University is implementing a scorecard to monitor progress of training and development initiatives toward meeting agency goals. Although this effort is commendable, the scorecard does not yet include fully developed, outcome-based performance measures that would help determine the effectiveness of FDIC's training and development initiatives at achieving the agency's human capital goals. Though developing outcome-based performance measures is difficult, they are nevertheless important for ensuring that FDIC has information to determine whether to modify or redesign existing training programs or eliminate ineffective programs. At a minimum, identifying outcome-based performance measures will ensure that FDIC can begin collecting appropriate information that will help in determining how key initiatives--such as the Corporate Employee Program, a relatively new program designed to train and develop FDIC's future workforce--contribute to the agency's mission and goals. Evaluating and measuring the effectiveness of the Corporate Employee Program is especially important given the differences in opinion we observed between regional and headquarters officials on the relative merits of the program. Such differences reinforce the need for conducting evaluations of the effectiveness of key human capital initiatives, developing performance measures to determine whether the initiatives assist in achieving the agency's mission and human capital- related goals, and communicating the results to employees at all levels within the agency. FDIC has developed an extensive system for managing risk and has developed structures and processes to ensure that the various parts of the agency are working together to address key risks facing the agency. However, our review identified some weaknesses in FDIC's evaluations and monitoring of its risk assessment activities. Though FDIC has conducted reviews of many parts of its risk assessment activities, it has not developed a process for more routine evaluations and assessments, and its risk management structure does not clearly define how monitoring and evaluation of risk assessment activities are overseen. Clearly defining how the agency will monitor and evaluate its risk activities could assist FDIC in addressing or preventing weaknesses in its evaluations. Recommendations for Executive Action: Based on our review of human capital and risk assessment programs at FDIC, we are making the following two recommendations to the Chairman of FDIC: * To ensure that it can measure the contribution that key human capital initiatives make toward achieving agency goals, FDIC should take steps to identify meaningful, outcome-based performance measures to include in its training and development scorecard and communicate available performance results to all FDIC employees. * To strengthen the oversight of its risk assessment activities, FDIC should develop policies and procedures clearly defining how it will systematically evaluate and monitor its risk assessment activities and ensure that required evaluations are conducted in a comprehensive and routine fashion. Agency Comments and Our Evaluation: We provided a draft of this report to FDIC for review and comment. In written comments (see app. II), FDIC generally agreed with the report and the recommendations. FDIC stated it was committed to building and maintaining a knowledgeable and flexible workforce and is in the process of developing a comprehensive set of outcome-based performance measures to assist in determining the effectiveness of key training and development programs. FDIC also described its plans to conduct extensive evaluations of two of its human capital initiatives, the Corporate Employee Program and Professional Learning Accounts. These evaluations are intended to utilize outcome-based performance measures in order to provide FDIC with information on the extent to which the programs' goals are achieved. FDIC also agreed that the agency would benefit from a review of its risk management activities to ensure they are comprehensive, appropriate to the agency's mission, and fully evaluated. Accordingly, the agency has assembled a committee to perform an in-depth review of its current risk assessment activities and evaluation procedures. The committee will make recommendations for strengthening the agency's risk assessment framework and FDIC executive management will establish a plan for implementing the committee's recommendations. FDIC also provided technical comments that we incorporated as appropriate. We are sending copies of this report to the Chairman of the Federal Deposit Insurance Corporation, interested congressional committees, and other interested parties. We will also make copies available to others upon request. In addition, the report will be available at no charge on the GAO Web site at [Hyperlink, http://www.gao.gov]. If you or your staff have any questions concerning this report, please contact me at (202) 512-2717 or at jonesy@gao.gov. Contact points for our Office of Congressional Relations and Public Affairs may be found on the last page of this report. Key contributors to this report are listed in appendix III. Signed by: Yvonne D. Jones: Director, Financial Markets and Community Investment: [End of section] Appendix I: Objectives, Scope, and Methodology: This report responds to a mandate included in the Federal Deposit Insurance Reform Conforming Amendments Act of 2005 requiring the Comptroller General to report on the appropriateness of FDIC's organizational structure. Specifically, this report focuses on three areas that influence the effectiveness of FDIC's organizational structure and reflect key internal controls: (1) mechanisms used by the FDIC board of directors to oversee and manage the agency; (2) FDIC's human capital strategies and how training and development programs are evaluated; and (3) FDIC's process for monitoring and assessing risks to the industry and the deposit insurance fund and how that process is overseen and evaluated. To describe how FDIC's board of directors oversees and manages the agency, we reviewed FDIC's enabling legislation, bylaws, and other governance documents to understand the legal authority, oversight responsibilities, and structure of FDIC and its board of directors and standing committees. We also reviewed our reports and literature on characteristics of boards of directors to identify management issues and common practices among boards of directors. We met with knowledgeable academicians and researchers to gain a better understanding of management practices at organizations overseen by boards of directors. To obtain more information on how FDIC's board manages and oversees the agency, we conducted interviews with members of FDIC's current board of directors and the board's Audit Committee members. We developed a standardized interview guide, and used the same set of questions for each interview session.[Footnote 77] To obtain independent views from board members, we met with each board member separately; each board member's deputies or other senior staff also participated in the interviews. We also attended two FDIC board meetings and held additional interviews with former FDIC officials to gain a broader understanding of governance at FDIC. To gain a better understanding of one mechanism for managing the agency, delegations of authority, we interviewed officials in FDIC's Legal Division and reviewed FDIC's master set of delegations to FDIC divisions and officers as well as a directive describing the process for issuing delegations. We also consulted our Standards for Internal Control in the Federal Government to determine how delegations of authority affect an agency's internal control environment.[Footnote 78] To describe FDIC's human capital strategies, we gathered and analyzed information from a variety of sources. We reviewed our guidance and reports on federal agencies' workforce planning and human capital management efforts to identify recommended strategic workforce planning principles for high performing organizations. We reviewed relevant work of FDIC's Office of the Inspector General and obtained documentation of certain findings from previous Inspector General reports related to FDIC's human capital strategic planning. We interviewed FDIC officials on the Human Resources Committee, senior managers in various FDIC divisions, and officials in Corporate University to obtain information on how critical skill needs and skill gaps are addressed and how FDIC develops and implements human capital initiatives, including training and development programs. We also obtained and reviewed documentation of FDIC's human capital goals and how FDIC's primary divisions track their progress toward meeting those goals. To determine how FDIC evaluates its training and development programs, we interviewed Corporate University officials and obtained relevant documentation. We also consulted our report, Human Capital: A Guide for Assessing Strategic Training and Development Efforts in the Federal Government, to obtain information and criteria on evaluating training programs.[Footnote 79] To examine the extent to which FDIC monitors, assesses, and plans for risks facing banks and thrifts, the industry as a whole, and the deposit insurance fund, we interviewed FDIC officials in divisions directly responsible for risk-related activities, such the Divisions of Supervision and Consumer Protection and Resolutions and Receiverships. We obtained and reviewed written and testimonial information on FDIC's risk management activities, plans for addressing the biggest dangers to the industry and insurance fund, and FDIC's methods for evaluating its risk management activities. We examined research reports and papers describing the implications of financial institution failures, documentation of the agency's examination procedures, and various documents related to the work of FDIC's Risk Analysis Center, National Risk Committee, and Resolutions Policy Committee. We also attended a presentation of the Risk Analysis Center to understand its role and function as part of FDIC's risk management activities and observed a meeting of one of FDIC's six Regional Risk Committees. In addition, we examined our own guidance, including our Standards for Internal Control in the Federal Government, to determine how risk monitoring and assessment activities help provide effective internal controls.[Footnote 80] Finally, to address all three objectives in this report, we conducted site visits to FDIC regional and field offices in three states (California, Georgia, and Texas). The purpose of the site visits was to obtain more in-depth information on the FDIC board of directors' management and oversight responsibilities; issues related to human capital, workforce planning, and training and development; FDIC's methods for identifying, assessing, and monitoring risk; and FDIC's methods of evaluating its progress toward meeting agency goals. In each state, we conducted interviews with senior managers from FDIC's three main divisions and the Human Resources Branch; analysts and economists in the Division of Insurance and Research; case managers in the Division of Supervision and Consumer Protection; and financial institution examiners in the Division of Supervision and Consumer Protection. [Footnote 81] Additionally, in Dallas, Texas, we interviewed staff within FDIC's Division of Resolutions and Receiverships because the Dallas office is where resolutions and receiverships activities are centered. We developed a standardized interview guide for each group of employees we interviewed, and used the same set of questions for each interview session.[Footnote 82] To encourage open communication, we met with each group of employees separately, and except in one instance, subordinate employees were interviewed separately from their managers.[Footnote 83] We judgmentally selected the states based on the following characteristics: staffing levels in each regional and field office; the number and size of FDIC-supervised institutions located in a particular region; regional and field office structure; geographic dispersion; recommendations of officials from FDIC's Office of Inspector General; and proximity of the field office to the regional office coupled with time and travel resources. To assess the reliability of the employment data presented and discussed in the background section of this report, we (1) reviewed existing information about the data and the system that produced them and (2) interviewed agency officials knowledgeable about the data. For FDIC data on overall employment from 1991-2006, we performed some basic reasonableness checks of the data against data from the Office of Personnel Management's Central Personnel Data File (CPDF).[Footnote 84] When we found discrepancies, such as considerable differences between data from the two sources, we brought them to the agency's attention and worked with a data analyst at FDIC to understand the discrepancies before conducting our analyses. For employment trends by occupation, FDIC was unable to provide accurate data for years prior to 2001 due to the integration of several legacy systems and databases. Therefore, we used data from the CPDF to approximate employment data by occupation. Although FDIC officials noted certain limitations of the CPDF data, they stated that the data were accurate within a sufficient margin of error for reporting of governmentwide workforce demographics and trends. After reviewing possible limitations in FDIC's overall employment data and CPDF data by occupation, we determined that all data provided were sufficiently reliable for the purposes of this report. We conducted our work in California, Georgia, Texas, and Washington, D.C., from May 2006 through January 2007 in accordance with generally accepted government auditing standards. [End of section] Appendix II: Comments from the Federal Deposit Insurance Corporation: Federal Deposit Insurance Corporation, Washington, DC 20429: Sheila C. Bair: Chairman: January 22, 2007: Ms. Yvonne Jones: Director: U.S. Government Accountability Office: Financial Markets and Community Investment: 441 G Street, N.W. Washington, DC 20548: Dear Ms. Jones, Thank you for the opportunity to comment on the U.S. Government Accountability Office's (GAO) draft audit report entitled, Federal Deposit Insurance Corporation. Human Capital and Risk Assessment Programs Appear Sound, but Evaluations of Their Effectiveness Should Be Improved, GAO-07-255. The Federal Deposit Insurance Reform Conforming Act of 2005 required GAO to conduct a comprehensive review of the FDIC's organization structure and internal controls, and we would like to recognize the professionalism of the review team and the significant amount of research and analysis performed over the past several months. We are appreciative of the GAO's acknowledgement of the FDIC's: 1) strong corporate governance processes; 2) extensive systems for assessing external risk, and the corporate structure and processes that we have established to ensure that the appropriate parts of the agency are working in unison to address the key risks facing the agency; and 3) extensive initiatives to strengthen our human capital framework and evaluate our human capital strategies. The FDIC generally agrees with the report content and the two recommendations, as discussed below: Recommendation #1: To ensure that it can measure the contribution that key human capital initiatives make toward achieving agency goals, FDIC should take steps to identify meaningful, outcome-based performance measures to include in its training and development scorecard, and communicate available performance results to all FDIC employees. FDIC is committed to building and maintaining a knowledgeable, flexible workforce. The FDIC is in the process of developing a comprehensive set of outcome-based performance measures that will assist us in determining whether key training and development programs are effective. Corporate University already uses some of those measures, both in its scorecard and in other program monitoring vehicles. For selected initiatives like the Corporate Employee Program (CEP) and the Professional Learning Account (PLA), Corporate University plans to conduct extensive multi-year evaluations that will provide FDIC with information about the extent to which the goals of the program are achieved. Corporate University's planned evaluation of the CEP consists of two parts. The first two years of the evaluation will be largely formative, with the primary goal to determine if program adjustments are needed in the rotational year. Outcome-based performance measures for this initial period will focus on the effectiveness of the training experience, such as the adequacy of the benchmarks selected and how well prepared participants are for their required schools. The second part of the evaluation will track participants' career progression as they complete program requirements in the 3-4 years following the rotational year. For this phase, we will utilize performance indicators such as the frequency and amounts of awards and promotions and will also track participants' progress toward attaining a commission (for example, how quickly participants progress through required milestone events required for commissioning). Similarly, Corporate University will evaluate the extent to which the PLA meets its stated objectives over its two-year trial period. For instance, to measure attainment of the objective to promote supervisor-employee collaboration about employees' learning and development, we will collect information on the number of employees who create Career Development Plans. Recommendation #2: To strengthen the oversight of its risk assessment activities, FDIC should develop policies and procedures clearly defining how it will systemically, evaluate and monitor its risk assessment activities and ensure that required evaluations are conducted in a comprehensive and routine fashion. We agree that it would be beneficial to review our risk assessment activities to ensure they are comprehensive, appropriate to our mission, and fully evaluated. As noted in the GAO draft report, a review of FDIC off-site monitoring systems has been completed, and work continues to implement needed changes. Beginning in January 2007, an interdivisional committee will perform an in-depth review of current risk assessment activities and evaluation procedures. By September 30, 2007, the committee will make recommendations to FDIC executive management as to how we might strengthen the risk assessment framework. At that time, management will establish a reasonable timeline to implement any required changes. Thank you again for the opportunity to comment on the draft report. Sincerely, Sincerely, Sheila C. Bair: Chairman: [End of section] Appendix III: GAO Contact and Staff Acknowledgments: GAO Contact: Yvonne D. Jones (202) 512-2717 or jonesy@gao.gov: Staff Acknowledgments: In addition to the individual named above, Kay Kuhlman, Assistant Director; Kenrick Isaac, Jamila Jones, Alison Martin, David Pittman, Omyra Ramsingh, and Christopher Schmitt made key contributions to this report. FOOTNOTES [1] Pub. L. No. 109-171, Title II, Subtitle B, 120 Stat. 4, 9-21 (2006). [2] Act of September 21, 1950, ch. 967, 64 Stat. 881 (codified, as amended, in various sections of Title 12 of the United States Code). [3] Pub. L. No. 109-173, § 6, 119 Stat. 3601, 3607 (2006). The Federal Deposit Insurance Reform Conforming Amendments Act of 2005, which was signed into law on February 15, 2006, contains necessary technical and conforming changes to implement deposit insurance reform, as well as a number of study and survey requirements. [4] Some of our key guidance includes GAO, A Model of Strategic Human Capital Management, GAO-02-373SP (Washington, D.C.: March 2002); GAO, Human Capital: A Guide for Assessing Strategic Training and Development Efforts in the Federal Government, GAO-04-546G (Washington, D.C.: March 2004); and GAO, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999). [5] FDIC insures only deposits and certain retirement accounts at banks and thrifts. 12 U.S.C. § 1821. FDIC does not insure securities, mutual funds, or similar types of investments that banks and thrifts may offer. [6] See FDIA § 11 (codified as amended at 12 U.S.C. § 1821). Section 2103 of the Reform Act amended section 11 to authorize FDIC and the National Credit Union Administration (NCUA), beginning in 2010 and every 5 years thereafter, to jointly consider adjustments to the insurance coverage limits and share insurance coverage limits based on the rate of inflation. NCUA is the federal agency that charters and supervises federal credit unions and insures savings (termed member shares) in federal and most state-chartered credit unions through the National Credit Union Share Insurance Fund. Share insurance is similar to the deposit insurance protection offered by FDIC. [7] In addition to FDIC, the other three federal banking regulators are: the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision. For the purposes of this report, the term "banking system" excludes credit unions. [8] These outside directors are also appointed by the President, but in their capacities as the Comptroller of the Currency and Director of the Office of Thrift Supervision, not in their capacities as FDIC board members. [9] For background on the crisis, see Federal Deposit Insurance Corporation, History of the Eighties--Lessons for the Future, a 1997 study prepared by FDIC's (former) Division of Research and Statistics, available at http://www.fdic.gov/bank/historical/history/index.html (accessed Dec. 21, 2006). The study analyzes the economic, financial, legislative, and regulatory causes leading to the extraordinary number of failures seen in the 1980s and early 1990s. It also evaluates responses to the crisis, and assesses implications for deposit insurance and bank supervision in the future. [10] The Resolution Trust Corporation (RTC) was created in 1989 upon the enactment of the Financial Institutions Reform Recovery and Enforcement Act to manage and dispose of the assets of insolvent thrifts. See Pub. L. No. 101-73, §501, 103 Stat. 183, 363-93 (1989). The Resolution Trust Corporation Completion Act, Pub. L. No. 103-204, 107 Stat. 2369 (1993) terminated RTC, effective 1995, and transferred operations to FDIC. In all, the RTC resolved 747 failed thrifts and disposed of more than $450 billion in failed thrift assets. For details, see Davison, L., "The Resolution Trust Corporation and Congress, 1989-1993," FDIC Banking Review, volume 18, number 2, 2006, available at http://www.fdic.gov/bank/analytical/banking/2006sep/article2/article2.pd f (accessed Dec. 21, 2006). [11] See 12 U.S.C. § 1820 (d). [12] Although FDIC has broad delegation authority, there are some duties that the board is prohibited from delegating to staff. See, e.g., 12 U.S.C. § 1815 (a) (determination to deny deposit insurance); 12 U.S.C. § 1818 (a)(9) (decision to terminate an institution's deposit insurance); 12 U.S.C. § 1818 (t)(2) and (3) (exercise of back-up enforcement authority); 12 U.S.C. § 1821 (c)(9) (decision to act as sole receiver or conservator); 12 U.S.C. § 1823 (c)(4)(G) (emergency actions taken to mitigate systemic effects of a bank failure); 12 U.S.C. § 1823 (f)(2) (decision to override a state's objection to the sale of assets of a failed institution to an out-of-state institution). [13] The Conference Board, Corporate Governance Handbook 2005: Developments in Best Practices, Compliance, and Legal Standards (New York, N.Y.: 2005). [14] GAO, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999). [15] The Conference Board, Corporate Governance Handbook 2005: Developments in Best Practices, Compliance, and Legal Standards (New York, N.Y.: 2005). [16] See 31 U.S.C. §§ 9105-9106. Sections 305 and 306 of the Chief Financial Officers Act of 1990, Pub. L. No. 101-576, 104 Stat. 2838, 2853-54, amended 31 U.S.C. §§ 9105 and 9106 generally by, among other things, providing for audits of government corporations by the Inspector General of the corporation, an independent auditor, or head of the corporation, according to accepted government auditing standards; requiring reports to congressional committees; and authorizing audits, and reviews of audits, by the Comptroller General. Prior to the amendments audits of government corporations were required to be conducted by the Comptroller General at least once every three years. [17] The Conference Board, Corporate Governance Handbook 2005: Developments in Best Practices, Compliance, and Legal Standards (New York, N.Y.: 2005). [18] Further, recent changes in federal law and stock exchange listing standards have increased the number and scope of the responsibilities of audit committees of publicly traded corporations. See generally, the Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, title III, 101 Stat. 745, 775-785 (codified, as amended, in various sections of Title 15 of the U.S. Code). [19] Codified at 31 U.S.C. §§ 9105-9106. [20] Title II of the CFO Act is codified, as amended, at 31 U.S.C. §§ 503, 504, 901 - 903 and 3515. [21] As required by the Inspector General Act, the FDIC has an Office of Inspector General, which is authorized to conduct and supervise audits and investigations relating to FDIC's programs and operations. See Pub. L. No. 95-452, 92 Stat. 1101 (1978) (codified as amended at 5 U.S.C. App. 3). Among other things, the purpose of the Inspector General Act was to create within designated federal agencies a means for independent units to inform the head of the agency about problems or deficiencies relating to agency programs and operations and the necessity for corrective action. The FDIC Inspector General reports directly to the Chairman or, if delegated by the Chairman, the Vice Chairman. [22] Sarbanes-Oxley changed the role and authority of audit committees of corporations subject to the federal securities laws. Under Section 301 of the Sarbanes-Oxley Act (codified at 15 U.S.C. 78j-1), audit committees, among other things, must be composed entirely of independent directors, meaning that a director "may not, other than in his or her capacity as a member of the audit committee, the board of directors, or any other board committee (i) accept any consulting, advisory, or other compensatory fee from the issuer; or (ii) be an affiliated person of the issuer or any subsidiary thereof." [23] The statutory duties and authorities of FDIC's Inspector General are set forth in the Inspector General Act, Pub. L. No. 95-452, 92 Stat. 1101 (1978) (codified as amended at 5 U.S.C. App. 3). [24] GAO/AIMD-00-21.3.1. [25] FDIC Circular 1151.2 (Feb. 5, 2004). [26] Industrial loan corporations are state-chartered financial institutions that emerged in the twentieth century to provide consumer credit to low and moderate income workers who were generally unable to obtain consumer loans from commercial banks. Over the past 10 years, these institutions have experienced significant asset growth, and these small niche lenders have evolved into a diverse industry. According to FDIC officials, as these institutions grew in number and size, FDIC's board of directors decided it wanted to review applications pertaining to the processing of industrial loan corporations so that it would be more familiar with their activities and be involved in related policy decisions. [27] Federal Deposit Insurance Corporation, Office of Inspector General, FDIC Reserve Ratio and Assessment Determinations (Washington, D.C.: April 2006). [28] GAO, A Model of Strategic Human Capital Management, GAO-02-373SP (Washington, D.C.: March 2002). [29] GAO, Human Capital: Selected Agency Actions to Integrate Human Capital Approaches to Attain Mission Results, GAO-03-446 (Washington, D.C.: April 2003). [30] Corporate University XChange is an educational research and consulting firm that assists organizations in optimizing their education and training resources. The panel that judges the applications for the award include past award winners and other representatives of academia, government agencies, and for-profit education organizations. [31] FDIC's Division of Supervision and Consumer Protection is Corporate University's largest client. According to a 2005 FDIC Inspector General audit report, the division accounted for more than 50 percent of FDIC's staff and training dollars. [32] Federal Deposit Insurance Corporation, Office of the Inspector General, The FDIC's Strategic Alignment of Human Capital (Washington, D.C.: January 2004). [33] GAO-02-373SP. See also GAO, Human Capital: A Self-Assessment Checklist for Agency Leaders, GAO/OCG-00-14G (Washington, D.C.: September 2000). [34] A commissioned examiner is an individual designated to conduct financial institution examinations or inspections on behalf of FDIC. [35] Risk management examiners primarily focus on assessing the financial condition of an institution. Compliance examiners assess the institution's practices against applicable laws. FDIC uses the terms "risk management examiners" and "safety and soundness examiners" interchangeably. For the purpose of this report, we use the term "risk management examiners" when referring to this type of examiner, unless otherwise noted. [36] After successful completion of one of the two initial examiner commissioning programs, new employees are eligible to pursue the other examiner commission. [37] GAO, Results-Oriented Cultures: Implementation Steps to Assist Mergers and Organizational Transformations, GAO-03-669 (Washington, D.C.: July 2003). [38] Temporary employees with less than 6 months remaining in their appointments, employees pursuing a commission, and student interns are not eligible for Professional Learning Accounts. [39] At the time of our review, FDIC's Corporate University was piloting two certificate programs in the areas of: (1) Risk Management- -Bank Secrecy Act and Anti-Money Laundering and (2) Resolutions and Receiverships--Claims. [40] The Certified Anti-Money Laundering Specialist and Certified Information Systems Auditor external certifications were offered in 2005. As of November 2006, Corporate University's external certification sponsorship also included: (1) Chartered Financial Analyst, (2) Certified Regulatory Compliance Manager, (3) Financial Risk Manager, and (4) Certified Fraud Examiner. [41] GAO, Human Capital: A Guide for Assessing Strategic Training and Development Efforts in the Federal Government, GAO-04-546G (Washington, D.C.: March 2004). [42] Donald L. Kirkpatrick (author of Evaluating Training Programs: The Four Levels) conceived a commonly recognized four-level model for evaluating training and development efforts. The fourth level is sometimes split into two levels with the fifth level representing a comparison of costs and benefits quantified in dollars. [43] GAO-04-546G. [44] GAO-04-546G. [45] The scorecard concept employs a simple grading system common in many businesses: green for success, yellow for mixed results, and red for unsatisfactory. Scorecards track how well divisions and offices are executing their respective goals and objectives. [46] GAO, Performance Measurement and Evaluation: Definitions and Relationships, GAO-05-739SP (Washington, D.C.: May 2005). [47] GAO, Human Capital: Key Principles for Effective Strategic Workforce Planning, GAO-04-39 (Washington, D.C.: December 2003). [48] GAO/AIMD-00-21.3.1. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has also published similar guidance on internal control standards. See Committee of Sponsoring Organizations of the Treadway Commission, Enterprise Risk Management--Integrated Framework (September 2004). COSO is a voluntary private sector organization whose purpose is to help businesses and other entities assess and enhance their internal control systems. COSO includes representatives from the Institute of Internal Auditors, American Accounting Association, American Institute of Certified Public Accountants, Financial Executives International, and Institute of Management Accountants. [49] In this process, FDIC examiners conduct on-site evaluations of an institution's activities in the key areas assessed by the banking regulators' CAMELS rating system--capital, asset quality, management, earnings, liquidity, and sensitivity to market risk. FDIC conducts these examinations through its Division of Supervision and Consumer Protection. [50] See 12 U.S.C. § 1820 (d). The 18-month rule generally applies to well-capitalized, well-managed community institutions that are not subject to enforcement actions or any change in control during the 12- month period in which a full-scope, on-site examination would be required. Until recently, the provision applied to institutions with less than $250 million in assets. Section 605 of the Financial Services Regulatory Relief Act of 2006, Pub. L. No. 109-351, 120 Stat. 1966, 1981 (2006), raised the asset threshold to include institutions with total assets of less than $500 million. Required examinations may also be conducted on an alternating basis with state banking regulators. [51] In 2005, FDIC says it conducted 2,399 legally required safety and soundness examinations. For a complete description of FDIC's examination policies, see DSC Risk Management Manual of Examination Policies, available at http://www.fdic.gov/regulations/safety/manual/index_pdf.html (accessed Jan. 8, 2007). [52] For details of the SCOR system, see Collier, et al., "The SCOR System of Off-Site Monitoring: Its Objectives, Functioning, and Performance," FDIC Banking Review, volume 15, number 3, 2003. [53] The CAMELS score is a numerical rating assigned to reflect an assessment of the overall financial condition of an institution. The score takes on integer values ranging from 1 (best) to 5 (worst). CAMELS ratings are based on examiners' assessments of six factors: capital, asset quality, management, earnings, liquidity, and sensitivity to market risk. [54] Financial ratios are statistical measures of an institution's condition or performance, focusing on such areas as earnings, level of capital, quality of loans and many other areas. [55] Case managers oversee the work product of field examiners, monitoring such things as consistency of product, preparation of off- site materials, and preparation of permanent records. [56] To be eligible, an institution must be judged well-capitalized and well-managed, have loan grading systems, and have total assets of $1 billion or less. [57] Regional Risk Committee members are: the Division of Supervision and Consumer Protection (DSC) regional director, who serves as chair; DSC deputy regional directors for risk management and compliance; DSC area directors for risk management; Division of Insurance and Research regional managers; and the Division of Resolutions and Receiverships regional resolutions and closing manager. The regional counsel attends as a non-voting legal advisor. Regional staff, field staff, staff from other agencies, and staff from other divisions and offices also attend as necessary. [58] National Risk Committee members are: the chief operating officer, who serves as chair; the directors of the Divisions of Supervision and Consumer Protection, Insurance and Research, and Resolutions and Receiverships; the chief financial officer; the special advisor to the chairman; and the general counsel, who is an advisory member. [59] FDIC officials concluded the power failure would have little impact on the banking system. [60] Federal Deposit Insurance Corporation, History of the Eighties-- Lessons for the Future, a 1997 study prepared by FDIC's (former) Division of Research and Statistics, which is available at http://www.fdic.gov/bank/historical/history/index.html (accessed Dec. 21, 2006). [61] The Financial Risk Committee is chaired by the associate director of the financial risk management branch of the Division of Insurance and Research (DIR), and has as its members: from DIR, the deputy director for financial risk management and research, the associate director for financial risk management, and the associate director for research; from the Division of Finance, the deputy director for accounting and reporting; from the Division of Resolutions and Receiverships, the deputy director for franchise and asset marketing, and the assistant director for marketing; and from the Division of Supervision and Consumer Protection, the deputy director for risk management, and the associate director for supervision and applications. [62] A collateralized debt obligation is an asset-backed security whose underlying collateral is typically a portfolio of bonds or bank loans. In a January 2006 report to the National Risk Committee, the Risk Analysis Center warned of a heightened risk of bond defaults. [63] See Large-Bank Deposit Insurance Determination Modernization Proposal, 71 Fed. Reg. 74857 (2006) (advance notice of proposed rulemaking); Large-Bank Deposit Insurance Determination Modernization Proposal, 70 Fed. Reg. 73652 (2006) (advance notice of proposed rulemaking). [64] Federal Deposit Insurance Corporation, Office of Inspector General, Follow-up Audit of the FDIC's Use of Special Examination Authority and DOS's Efforts to Monitor Large Bank Insurance Risks (Washington, D.C.: February 2002). [65] A liquidity crisis is the inability to obtain funds at a reasonable price, within a reasonable time period, to meet obligations as they become due. According to section 6.1 of FDIC's Risk Management Manual of Examination Policies, "because liquidity is critical to the ongoing viability of any bank, liquidity management is among the most important activities that a bank conducts." [66] Resolutions Policy Committee members are: the chief operating officer, who serves as chair; the chief financial officer; the directors of the Divisions of Supervision and Consumer Protection, Insurance and Research, and Resolutions and Receiverships; and the general counsel. [67] FDIC refers to this process as "preserving market discipline." [68] The formal name of the plan is: "Management of Large Financial Institution Failure Strategy and Action Plan." [69] Ordinarily, FDIC must pursue the least costly strategy for resolution, but the agency is freed of this obligation if it is determined that systemic risk is present. A systemic risk determination is considered when the least costly resolution strategy "would have serious adverse effects on economic conditions or financial stability," and an alternative resolution "would avoid or mitigate such adverse effects." A systemic risk determination is made by the Secretary of the Treasury, in consultation with the President, upon the recommendation of two-thirds votes of the FDIC Board of Directors and the Board of Governors of the Federal Reserve System. (Federal Deposit Insurance Act, § 13 (c)(4)(G)(i) (codified as amended at 12 U.S.C. § 1823 (c)(4)(G)(i)). [70] An exception, according to FDIC, would be specialty banks with no core deposit franchise, such as credit card institutions. [71] To facilitate this, FDIC received approval from the federal Office of Personnel Management in October 2005 for "waiver of dual compensation"--that is, so that it can hire retirees without the retirees having pension payments reduced as a result. FDIC officials said no program details have yet been implemented, including: number of participants, required skills, methods for recall and deployment, management responsibility, and plans to evaluate program effectiveness. [72] Specifically, FDIC told us it has taken steps to have contingency contracts in place for, among other things, call center services; asset valuation and management; marketing and sale of loans; residential, commercial and industrial loan servicing; investigation; and credit card securitization. [73] One report examined the Division of Supervision and Consumer Protection's process for determining eligibility for the MERIT program's streamlined safety and soundness examinations. See Federal Deposit Insurance Corporation, Office of the Inspector General, Maximum Efficiency, Risk-focused, Institution Targeted (MERIT) Eligibility Process (Washington, D.C.: July 2005). It found the screening process for determining MERIT program eligibility to be adequate. The other report addressed evaluation of MERIT procedures on the extent to which an institution's loan portfolio is reviewed during an examination. See Federal Deposit Insurance Corporation, Office of the Inspector General, DSC's Process for Tracking and Evaluating the Impact of the MERIT Guidelines (Washington, D.C.: March 2005). The Inspector General said the division could benefit from monitoring that evaluates, from a risk perspective, a reduced level of loan review that results from the MERIT process. Such monitoring--either at the institutional level, or the regional or national level--would assist the division in determining whether recommended loan review ranges under the MERIT program are commensurate with risk found in various types of loan portfolios in low- risk institutions. [74] FDIC officials said that according to FDIC guidance, examiners can--and do--remove an institution from MERIT procedures, and instead conduct a fuller, non-MERIT examination if there are concerns about an institution eligible for consideration under the MERIT approach. [75] A paper in the FDIC Banking Review (Vol. 15, No. 3, 2003) stated: "Clearly, the accuracy of the model has declined substantially, and performance has been especially weak since 1993." Since 1993, the system had identified only 16 percent of banks that subsequently were downgraded in their supervisory ratings, FDIC researchers said. While "not extremely accurate," they said, the system nevertheless "is informative." [76] For example, the process of separating insured deposits from uninsured deposits, according to FDIC guidance, is potentially the most challenging aspect of establishing a bridge bank, and treatment of deposits before the bridge bank opening would have a broad effect on its operation. [77] We made minor revisions, such as wording clarifications, to the interview guide after the first interview and used the revised interview guide during subsequent interviews. [78] GAO/AIMD-00-21.3.1. [79] GAO-04-546G. [80] GAO/AIMD-00-21.3.1. [81] In the Dallas, Texas regional office, we only interviewed managers in the Division of Resolutions and Receiverships when we met with senior management. Also, we did not interview staff in the Division of Insurance and Research. [82] We made minor revisions, such as wording clarifications, to the interview guides after the first site visit and used the revised interview guides during subsequent site visits. [83] In the one instance noted above, responses obtained from interview participants were largely similar to those obtained at other interviews during the site visits. [84] The Central Personnel Data File is an automated information system containing individual records for most federal civilian employees. The system's primary objective is to provide a readily accessible database for meeting the workforce information needs of the White House, the Congress, the Office of Personnel Management, other federal agencies, and the public. GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to www.gao.gov and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400: U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, D.C. 20548: Public Affairs: Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800: U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: