This is the accessible text file for GAO report number GAO-05-693R entitled 'Management Report: Opportunities for Improvements in SEC's Internal Controls and Accounting Procedures' which was released on August 12, 2005. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. August 12, 2005: Margaret J. Carpenter: Associate Executive Director: Office of Financial Management: U.S. Securities and Exchange Commission: Subject: Management Report: Opportunities for Improvements in SEC's Internal Controls and Accounting Procedures: Dear Ms. Carpenter: In May 2005, we issued our report expressing an opinion on the Securities and Exchange Commission's (SEC) fiscal year 2004 financial statements and an opinion on SEC's internal control as of September 30, 2004.[Footnote 1] We also reported on the results of our tests of SEC's compliance with selected provisions of laws and regulations during fiscal year 2004. Our report on SEC's fiscal year 2004 financial statements identified reportable conditions in the internal controls over financial reporting that we considered to be material weaknesses.[Footnote 2] These weaknesses related to SEC's controls over (1) recording and reporting disgorgements[Footnote 3] and penalties,[Footnote 4] (2) information security, and (3) preparing financial statements and related disclosures. We issued two separate reports providing recommendations to address those weaknesses.[Footnote 5] The purpose of this report is to provide recommendations for those issues identified during our audit that, although not material in relation to the financial statements, we believe warrant management's attention. We are making 16 recommendations in this report for strengthening SEC's accounting procedures and internal controls in the following 12 areas: * maintaining detailed subsidiary ledgers and records to support delivered and undelivered orders transactions; * segregation of duties and controls over cash receipts; * verifying that all fee-bearing filings recorded in the Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system are recognized as revenue in the general ledger; * management review of the Fund Balance with Treasury (FBWT) reconciliation; * review process to ensure that apportionments are accurately entered into the general ledger; * evaluation of equipment or property leases to determine if they meet the capitalization criteria required by generally accepted accounting principles; * review of the final processed payroll data entered into the Federal Personnel and Payroll System (FPPS) by the National Business Center (NBC) for active employees; * documented policies and procedures governing the payroll process; * documentation and review of the effectiveness of corrective actions relating to audit recommendations addressing weaknesses reported under the Federal Managers' Financial Integrity Act of 1982 (FMFIA); * charging expenditures to the proper Budget Object Class (BOC) codes; * referral of eligible delinquent debt that was over 180 days due to Treasury, as required by the Debt Collection Improvement Act (DCIA); and: * establishing and documenting property and equipment capitalization thresholds. Our recommendations follow at the end of our discussion of each of these issues in the following sections. These recommendations are intended to bring SEC into conformance with the internal control standards that federal agencies are required to follow.[Footnote 6] In its comments reprinted in enclosure I, SEC described actions completed, ongoing, and planned to address each of these issues. Further details on our scope and methodology are included in our report on the results of our audit of the 2004 financial statements and are reproduced in enclosure II. We conducted our audit in accordance with U.S. generally accepted government auditing standards. Recording Undelivered and Delivered Orders: SEC was initially unable to provide auditable detail for the fiscal year 2004 opening balances of undelivered and delivered orders recorded in the general ledger. After extensive time and effort, SEC compiled schedules of transactions. However, those schedules did not reconcile to the related amounts recorded in the general ledger, and SEC staff could not readily explain the differences. Similar problems occurred with the ending balance for the amounts of delivered orders recorded in the general ledger as of September 30, 2004. Through much time and effort on the part of SEC and GAO staff, we were ultimately able to audit the amounts pertaining to SEC's undelivered and delivered orders. However, GAO's Standards for Internal Control in the Federal Government require that the documentation of transactions should be complete, accurate, and sufficient to facilitate the tracing of transactions and related information from authorization and initiation through processing and recording. In addition, documentation should be readily available for examination. Such documentation is necessary to enable management's review of the related transactions. Recommendation: 1. We recommend that SEC maintain subsidiary schedules and documentation supporting all delivered and undelivered orders transactions and related amounts recorded in the general ledger. The documentation should be at a detailed level sufficient to facilitate management review and the external audit process. Segregation of Duties and Controls over Cash Receipts: SEC does not have proper segregation of duties or controls over cash receipts. Checks paid to SEC for disgorgements and other activities are opened either by an individual in the mail room, who does not log in the checks but forwards them to the Office of Financial Management (OFM), or by two accounting technicians in OFM who manually log in the checks and forward them and the log to the Supervisory Accounting Analyst. The Supervisory Accounting Analyst has incompatible duties regarding cash receipts by having custody of the checks, control over the original daily cash receipts log, and access to the general ledger. Furthermore, SEC does not reconcile the cash receipts log to the documentation supporting the deposit amount in the general ledger. According to GAO's Standards for Internal Control in the Federal Government, key duties and responsibilities need to be divided or segregated between different people to reduce the risk of error or fraud. This should include separating the responsibilities for authorizing transactions, processing and recording transactions, reviewing the transactions, and handling any related assets so that no one individual controls all key aspects of a transaction or event. In addition, periodic reconciliations should be performed to ensure accountability over the assets. Because one individual performs incompatible duties over cash receipts, which could result in checks never being recorded into the general ledger, coupled with the lack of the receipts' reconciliation with the deposit amounts, there is a risk of error or fraud concerning cash receipts. Recommendations: 2. We recommend that SEC take the following two actions: 3. Separate key responsibilities over the handling and recording of cash receipts so that no one individual handles all key aspects concerning the receipts. Periodically reconcile the cash receipts log to the documentation supporting the deposit amount in the general ledger. Recording Filing Fee Revenue: SEC uses the Internet-based EDGAR system to collect, validate, index, and accept the submissions of forms filed by SEC-registered companies. EDGAR, along with the Fee Momentum module in EDGAR, recognizes revenue when filings are submitted and completed, and transfers this information to the general ledger through a nightly batch file. However, SEC does not perform a comparison or reconciliation between successfully completed filings in EDGAR and the amount recognized as revenue in the general ledger. During our testing of filing fee revenue, we identified a difference of approximately $154 million between the successful fee-bearing filings recorded in EDGAR of about $390 million and the revenue for filing fees recorded in the general ledger of about $236 million. This balance of $154 million had been recorded by SEC as transaction fee revenue in the general ledger. SEC corrected the difference after we brought the matter to its attention. Statement of Federal Financial Accounting Standards (SFFAS) No. 7, Accounting for Revenue and Other Financing Sources, states that revenue should be recognized when earned, which, for filing fees, is when a company's equity or debt offering has been successfully completed. Consistent with GAO's Standards for Internal Control in the Federal Government, SEC's internal controls should provide reasonable assurance that its financial transactions are recorded properly and accurately. Without controls over the recording of filing fees, there is a risk that revenue amounts will be misstated. Recommendations: We recommend that SEC take the following two actions: 4. Perform periodic reconciliations of successful fee-bearing filings in EDGAR and revenue recorded in the general ledger. 5. Develop for this reconciliation process written policies and procedures that address the maintenance of documentation supporting the general ledger balances. Fund Balance with Treasury Reconciliation: SEC performs monthly reconciliations of its FBWT as required. While management has stated that reviews of the FBWT reconciliations are performed by a management official, there is no evidence of such review. GAO's Standards for Internal Control in the Federal Government requires agencies to establish controls to enforce adherence to requirements, such as FBWT reconciliations, and to create and maintain records providing evidence that these controls are executed. The lack of such evidence increases the risk that the reviews are not being performed, thereby increasing the risk of the untimely detection of errors in related account balances. Recommendation: 6. We recommend that SEC management document its review of the monthly FBWT reconciliation to help ensure the timeliness of these reconciliations and the accuracy and validity of adjustments resulting from these reconciliations. At a minimum, reviewers should sign and date the reviewed documents and provide any comments that may be appropriate in the event that their reviews identified problems or raised questions. Reviewing Apportionment Entries: The Antideficiency Act prohibits agencies from obligating appropriated funds in excess of what the Office of Management and Budget (OMB) has apportioned. SEC budget analysts record apportionment amounts from Standard Form (SF)-132, Apportionment and Reapportionment Schedule, approved by OMB in the general ledger; however, there is no supervisory or management review of these entries. GAO's Standards for Internal Control in the Federal Government requires agencies to implement internal control procedures to ensure the accurate and timely recording of transactions and events. Without a review process to ensure that apportionments are accurately entered into the general ledger, there is a risk that apportionments will not be accurately recorded and that obligations will be tracked against an inaccurate apportionment limit. Recommendation: 7. We recommend that appropriate SEC management officials review recorded apportionment amounts to provide assurance over the accuracy of these amounts. The review should be evidenced in some manner, such as a signature and date. Accounting for Property and Equipment Leases: During our audit, we found that SEC was not properly accounting for its equipment or property leases. SFFAS No. 6, Accounting for Property, Plant, and Equipment, requires management to determine if leases meet the criteria for recognition as capital leases. If a lease meets any one of the criteria, the cost of the property or equipment should be capitalized and an equal amount should be recognized as a liability for the capital lease at its inception. This standard also requires depreciation expense to be recognized to allocate the cost of the property or equipment over its estimated useful life. Financial Accounting Standards Board (FASB) Standard No. 13, Accounting for Leases, requires assets acquired under capital leases to be depreciated over the lease term, rather than the asset's useful life, if the lease meets either the lease term or the present value of the minimum lease payments criteria. For fiscal year 2004, we found that SEC expensed the lease payments for one of its properties when the lease should have been capitalized and depreciated. We also found two contracts for leasing equipment that SEC recorded as purchases of equipment. Our evaluation determined that these equipment leases were properly capitalized, but the related capital lease liability was not recorded. In addition, depreciation expense was incorrectly calculated for these leases, since these leases did not meet the lease term or the present value of minimum lease payments criteria and the equipment was depreciated over the assets' useful life rather than over the related lease terms. As a result of these errors, leases were not properly accounted for in the financial statements or related disclosures. Recommendations: We recommend that SEC take the following two actions: 8. Review all existing leases for property and equipment to determine if they should be capitalized or expensed and make any necessary adjustments to the related general ledger balances. 9. Develop policies and procedures to properly account for future property and equipment leases on an ongoing basis. Review Federal Personnel and Payroll System Data: SEC payroll reports and transactions are created and managed under contract by the NBC at the Department of the Interior (DOI) through FPPS. On a biweekly basis, FPPS generates the Personnel Alphabetic Employee List, which shows all active employees for each pay period. The Personnel Alphabetic Employee List is used for budgeting purposes by SEC's Planning and Budget Office in OFM. FPPS also generates the Organizational Employee Report, listing all active employees within each SEC division and office. However, SEC does not maintain an independent database of its payroll information or perform tests to verify the information in FPPS. The Organizational Employee Report is sent to all SEC divisions and offices, but there is no documentation or other indication that the divisions and offices review the Organizational Employee Report to determine if it accurately reflects the current active employees, new hires, and recent terminations. Neither SEC's Office of Human Resources and Administrative Services nor OFM receives positive assurance from the divisions and offices that the employees listed on the Organizational Employee Report are currently active employees, thus offering no assurances that newly hired staff will be paid timely or that pay for departing staff will be stopped. According to OMB Circular A-127, Financial Management Systems, an agency should review and test all aspects of the time and attendance (T&A) systems' processing procedures and controls with sufficient scope, depth, and frequency to reasonably ensure that key procedures and controls are effective in meeting legal and other requirements, and that data integrity is maintained. Without the review of final- processed payroll data, there is a risk that inaccurate or unauthorized transactions, such as those noted above, could occur, or that fictitious employees could be entered into FPPS, resulting in erroneous or fraudulent payments by SEC. Concerns over payroll data integrity are compounded in the service auditor's report for FPPS, which found that application security controls over FPPS were not operating with sufficient effectiveness to reasonably ensure that access to FPPS is restricted to properly authorized NBC Payroll Operations personnel and that incompatible duties within Payroll Operations are properly segregated in the system.[Footnote 7] Since SEC does not evidence a review of the active employees listed on the Organizational Employee Report by the divisions and offices or perform other checks and reconciling procedures between FPPS data and SEC records, management does not have assurance regarding the accuracy of the active employee information in FPPS. Recommendation: 10. We recommend that SEC periodically reconcile its active employees to FPPS. To do this, consideration should be given to maintaining an independent database of active employees and other payroll-related information, wherein active employee data could be readily compared with and reconciled to FPPS-generated payroll records. This reconciliation should be documented. Payroll Processing Policies and Procedures: During our audit, we noted that SEC had only one trained individual who performed the payroll file processing and reconciliation procedures each pay period. These unwritten procedures consist of uploading and reformatting information received from DOI into the general ledger, comparing data in the general ledger with the Payroll Operations Division Report generated by DOI for accuracy and completeness, researching any errors, verifying payroll expenses by SEC organization code, making necessary corrections to the data, recording the payroll disbursement in the general ledger, and reconciling the Treasury Statement of Transactions (SF-224) with the general ledger. Also during our audit, we did not find evidence of supervisory review of the payroll file processing and reconciliation procedures. Per OMB Circular A-127, Financial Management Systems, an agency should have clearly written and communicated policies and procedures setting forth the responsibilities of employees, timekeepers, supervisors, and others regarding recording, examining, approving, and reporting on T&A information. By having only one person trained in the payroll process and not having documented policies and procedures governing the process, there is a risk that the necessary reconciliation will not be performed correctly or timely in the absence of the one individual who is knowledgeable of the required procedure. Furthermore, the lack of supervisory review of the payroll process increases the risk that errors could occur and not be detected in a timely manner. Recommendations: We recommend that SEC take the following two actions: 11. Develop written policies and procedures governing the payroll processing and reconciliation procedures, which would include requirements for documenting supervisory review of the performance of the payroll procedures performed during each pay period. 12. Train other individuals to perform this function. Closing Recommendations to Address FMFIA Weaknesses: In fulfilling the reporting requirements of the Federal Managers' Financial Integrity Act of 1982, SEC reports to the President of the United States on whether the agency's management controls are adequate and effective and are achieving their intended objectives in accordance with the standards prescribed by the Comptroller General's Standards for Internal Control in the Federal Government. SEC's FMFIA report to the President is largely based on the knowledge of the operations and evaluations conducted by SEC staff and the certification of management controls by appropriate SEC officials. However, during our 2004 financial statement audit, we found that weaknesses relating to the accountability of property and internal controls over disgorgement funds, which were cited in the fiscal year 2002 FMFIA report, still existed even though SEC's fiscal year 2003 FMFIA report indicated that the recommendations to address the related weaknesses were resolved. According to GAO's Standards for Internal Control in the Federal Government, the resolution of audit recommendations is completed only after action has been taken that (1) corrects identified deficiencies, (2) produces improvements, or (3) demonstrates that the findings and recommendations do not warrant management's action. In addition, the standards state that records, which provide evidence of the execution of such activities, and appropriate documentation should be maintained. SEC's policies and procedures do not require documented support for the resolution of audit issues before they are closed in SEC's tracking system. Without adequate documentation or review of the adequacy and the effectiveness of corrective actions, there is a risk that previous audit findings continue to exist as problems after SEC has considered audit findings to be closed. Recommendation: 13. We recommend that SEC require documented support and review of SEC's corrective actions to provide evidence that actions taken in response to audit recommendations fully correct identified deficiencies prior to closing out the audit issues in the tracking system. Charging Expenditures to BOC Codes: SEC records obligations and prepares its annual budget on the basis of budget object class codes. Object classes are categories in a classification system that present obligations by the items or services purchased by the federal government. According to 31 U.S.C. 1104(b), the President's budget is required to present obligations by object class for each account. During our testing of nonpayroll expenditures, we noted several incidences in which SEC did not properly or consistently record the expenditures to the appropriate BOC code and noted incidences for which we could not determine whether the correct BOC code was charged because of a lack of detailed support for the expenditures. For example, for one of the contracts we reviewed, we noted that detailed records were not maintained for the expenditures related to the contract. While it appeared appropriate for the obligation for this contract to be recorded in several BOC codes because of the broad scope of work being performed under the contract, SEC did not obtain sufficient detail on the expenditures to determine how they should be allocated among the BOC codes. Therefore, SEC charged the entire expenditure to one BOC code. On the other hand, for some contracts, SEC allocated the expenditures among the BOC codes but was not able to support the reason why the allocations were made. Without sufficient detailed supporting records, the actual amount of expenditures within each BOC code cannot be accurately determined, thus increasing the risk that management does not have reliable information for decision making. In addition, the lack of written policies and procedures regarding recording expenditures to the proper BOC codes increases the risk of inconsistently recorded expenditures. Recommendation: 14. We recommend that SEC develop policies and procedures to help ensure that expenditures (1) are recorded in the proper BOC code on the basis of the nature of the expenditure and (2) are properly allocated across BOC codes as appropriate. Timely Referral of Delinquent Debt: DCIA requires agencies to refer eligible debts that are delinquent over 180 days to Treasury for collection. Our test of SEC's compliance with DCIA disclosed $285,626 in eligible debt that was over 180 days old but had not been referred to Treasury as of September 30, 2004. While this matter was not material to SEC's fiscal year 2004 financial statements, timely referral of delinquent debts as DCIA requires would improve opportunities to collect such debt. Recommendation: 15. We recommend that SEC refer eligible debt that is delinquent over 180 days to Treasury as required by DCIA. Property and Equipment Capitalization Threshold: SEC does not have an analytical basis or other documented support for the selection of its capitalization thresholds for property and equipment. FASB requires that entities establish appropriate capitalization thresholds by considering the entities' financial and operational conditions, that the thresholds be consistently applied, and that they be disclosed in the financial reports. The establishment of a capitalization threshold policy must be supported by a detailed analysis anchored by the two fundamental principles of matching and materiality. Inappropriate or excessive capitalization thresholds have a significant impact on financial reporting and related oversight issues, and may not comply with SFFAS No. 6 requirements to capitalize all items that meet certain characteristics. Recommendation: 16. We recommend that SEC review its property and equipment capitalization thresholds and document the analysis used to select the capitalization thresholds. Agency Comments: In written and oral comments provided to GAO on a draft of this report, SEC indicated that it is taking, or has planned, actions pertaining to the issues identified in this report. SEC's written comments are reprinted in enclosure I of this report. This report is intended for use by SEC management and the SEC Inspector General. We are sending copies of this report to the Chairmen and Ranking Members of the Senate Committee on Banking, Housing, and Urban Affairs; the Senate Committee on Homeland Security and Governmental Affairs; the House Committee on Financial Services; the House Committee on Government Reform; and other interested parties. In addition, this report will be available at no charge on GAO's Web site at http://www.gao.gov. We acknowledge and appreciate the cooperation and assistance provided by SEC management and staff during our audit of SEC's fiscal year 2004 financial statements. If you have any questions about this report or need assistance in addressing these issues, please contact me at (202) 512-9471 or franzelj@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Sincerely yours, Signed by: Jeanette M. Franzel: Director: Financial Management and Assurance: Enclosures - 2: Enclosure I: Comments from the Securities and Exchange Commission: Securities and Exchange Commission: Office of Financial Management: August 5, 2005: Jeanette M. Franzel: Director: Financial Management and Assurance: U.S. General Accountability Office: 441 G Street, NW: Washington, D.C. 20548: Subject: Comments on Management Report: Opportunities for Improvements in SEC's Internal Controls and Accounting Procedures: Dear Ms. Franzel: Thank you for the opportunity to review and comment on the Government Accountability Office's (GAO) draft report entitled "Management Report: Opportunities for Improvements in SEC's Internal Controls and Accounting Procedures." The purpose of this report is for the GAO to provide recommendations to the SEC on those issues identified during the 2004 financial statement audit that, although not material in relation to the financial statements, GAO believes warrant management's attention. Following are comments provided by the SEC's Office of Financial Management with concurrence from the Executive Director. These comments have been and may be supplemented by oral comments provided directly to your staff. Recording Undelivered and Delivered Orders: GAO Recommendation: We recommend that SEC maintain subsidiary schedules and documentation supporting all delivered and undelivered orders transactions and related amounts recorded in the general ledger. The documentation should be at a detailed level sufficient to facilitate management review and the external audit process. SEC Comments: SEC recognizes the need for these schedules and documentation and continues to work toward producing them on a timely periodic basis. Segregation of Duties and Controls over Cash Receipts: GAO Recommendation: We recommend that SEC take the following two actions: * separate key responsibilities over the handling and recording of cash receipts so that no one individual handles all key aspects concerning the receipts, and * periodically reconcile the cash receipts log to the documentation supporting the deposit amount in the general ledger. SEC Comments: SEC is reviewing the supervisory accounting analyst's responsibilities in order to assure that duties for handling and recording cash receipts are appropriately segregated. SEC has added staff resources to the Office of Financial Management, which will facilitate the periodic reconciliation of the cash receipts log to the general ledger. Both elements of this recommendation will be implemented prior to the end of the fiscal year. Recording Filing Fee Revenue: GAO Recommendation: We recommend that SEC take the following two actions: * perform periodic reconciliations of successful fee-bearing filings in EDGAR and revenue recorded in the general ledger, and: * develop written policies and procedures for this reconciliation process that address the maintenance of documentation supporting the general ledger balances. SEC Comments: SEC is currently performing reconciliations of such filings and revenue on a monthly basis. The procedures for these reconciliations will be documented. Fund Balance with Treasury Reconciliation: GAO Recommendation: We recommend that SEC management document its review of the monthly FBWT reconciliation to help ensure the timeliness of these reconciliations and the accuracy and validity of adjustments resulting from these reconciliations. At a minimum, reviewers should sign and date the reviewed documents and provide any comments that may be appropriate in the event that their reviews identified problems or raised questions. SEC Comments: As GAO indicates, SEC performs monthly reconciliations of its FBWT. Managerial review of the reconciliations will be more adequately documented. Reviewing Apportionment Entries: GAO Recommendation: We recommend that appropriate SEC management officials review recorded amounts for apportionment amounts to provide assurance over the accuracy of these amounts. The review should be evidenced in some manner such as a signature and date. SEC Comments: The Assistant Director - Budget and Planning reviews printed reports to assure the accuracy of amounts entered into the accounting system. Henceforth, those reviews will be documented more fully. Accounting for Property and Equipment Leases: GAO Recommendation: We recommend that SEC take the following two actions: * review all existing leases for property and equipment to determine if they should be capitalized or expensed and make any necessary adjustments to the related general ledger balances, and: * develop policies and procedures to properly account for future property and equipment leases on an ongoing basis. SEC Comments: SEC staff agreed previously with the GAO staff that we would review all new leases for property to determine if they should be capitalized or expensed. The policies will be reviewed and revised as appropriate and procedures will be better documented. Review Federal Personnel and Payroll System Data: GAO Recommendation: We recommend that SEC periodically reconcile its active employees to FPPS. To do this, consideration should be given to maintaining an independent database of active employees and other payroll-related information, wherein active employee data could be readily compared and reconciled to the FPPS-generated payroll records. This reconciliation should be documented. SEC Comments: The Office of Human Resources is reviewing this recommendation and will develop a strategy for implementing it in fiscal 2006. Payroll Processing Policies and Procedures: GAO Recommendation: We recommend that SEC take the following two actions: * develop written policies and procedures governing the payroll processing and reconciliation procedures, which would include requirements for documenting supervisory review of the performance of the payroll procedures performed during each pay period, and: * train other individuals to perform this function. SEC Comments: SEC will complete the written procedures on the payroll processing and reconciliation. A supervisor in the Office of Financial Management is currently training new staff to perform this function. Closing Recommendations to Address FMFIA Weaknesses: GAO Recommendation: We recommend that SEC require documented support and review of SEC's corrective actions to provide evidence that actions taken in response to audit recommendations fully correct identified deficiencies prior to closing out the audit issues in the tracking system. SEC Comments: The Audit Follow-up Program will require more extensive documentation and review before closing material audit recommendations and continue our current procedure for non-material recommendations. Please note that the SEC's audit follow-up procedures were reviewed by the agency's Office of Inspector General in 2000. During the audit, the OIG examined relevant documentation and reviewed follow-up actions for a sample of eight audits. The OIG found that overall, the audit follow-up procedures were efficient and effective and complied with OMB Circular A-50. (See "Audit Follow-up Procedures," Audit 325 (Sept. 22, 2000)). In addition, the IG's report noted that the Audit Follow-up Program staff consults with the OIG before closing controversial audit recommendations. Charging Expenditures to BOC Codes: GAO Recommendation: We recommend that SEC develop policies and procedures to help ensure that expenditures (1) are recorded in the proper BOC code on the basis of the nature of the expenditure, and (2) are properly allocated across BOC codes as appropriate. SEC Comments: A review has shown that SEC written policies and controls are adequate in this area. We have taken action to improve staff compliance with these policies and procedures. Timely Referral of Delinquent Debt: GAO Recommendation: We recommend that SEC refer eligible debt delinquent over 180 days old to Treasury as required by DCIA. SEC Comments: This recommendation is consistent with SEC policies and procedures. SEC staff will complete a review of all delinquent debt prior to the end of the fiscal year to assure that all debts are being managed consistent with the policies. Property and Equipment Capitalization Threshold: GAO Recommendation: We recommend that SEC review its property and equipment capitalization thresholds and document the analysis used to select the capitalization thresholds. SEC Comments: SEC has discussed this recommendation with GAO staff and plans to complete the analysis. We appreciate the opportunity to comment on the draft report. If you or your staff has any questions, I would be pleased to answer them at your convenience. Sincerely, Signed by: Margaret J. Carpenter: Associate Executive Director, Finance: [End of section] Enclosure II: Details on Audit Scope and Methodology: To fulfill our responsibilities as auditor of the financial statements of the Securities and Exchange Commission (SEC), we did the following: * examined, on a test basis, evidence supporting the amounts and disclosure in the financial statements; * assessed the accounting principles used and significant estimates made by management; * evaluated the overall presentation of the financial statements; * obtained an understanding of internal controls related to financial reporting and compliance with laws and regulations; * obtained an understanding of the recording, processing, and summarizing of performance measures as reported in Management's Discussion and Analysis; * tested relevant internal controls over financial reporting and compliance, and evaluated the design and operating effectiveness of internal controls; * considered SEC's process for evaluating and reporting on internal control and financial management systems under the Federal Managers' Financial Integrity Act of 1982; and: * tested compliance with selected provisions of the following laws and regulations: the Securities Exchange Act of 1934, as amended; the Securities Act of 1933, as amended; the Antideficiency Act; laws governing the pay and allowance system for SEC employees; and the Prompt Payment Act. We performed our audit from February 2004 to February 2005 in accordance with U.S. generally accepted government auditing standards. (194506): FOOTNOTES [1] GAO, Financial Audit: SEC's Fiscal Year 2004 Financial Statements, GAO-05-244 (Washington, D.C.: May 26, 2005). [2] A material weakness is a condition in which the design or operation of one or more of the internal control components does not reduce, to a relatively low level, the risk that errors, fraud, or noncompliance in amounts that would be material to the financial statements may occur and not be detected promptly by employees in the normal course of their duties. [3] A disgorgement is the repayment of illegally earned profits. [4] A penalty is a monetary sum that is to be paid by the registrant to SEC as a result of a security law violation. [5] GAO, Material Internal Control Issues Reported in the SEC's Fiscal Year 2004 Financial Statement Audit Report, GAO-05-691R (Washington, D.C.: Aug. 27, 2005), and GAO, Information Security: Securities and Exchange Commission Needs to Address Weak Controls over Financial and Sensitive Data, GAO-05-262 (Washington, D.C.: Mar. 23, 2005). [6] GAO, Standards for Internal Control in the Federal Government, GAO/ AIMD-00-21.3.1 (Washington, D.C.: November 1999). [7] KPMG, Federal Personnel and Payroll System General Mainframe Information Technology and Payroll Operations Controls: Third-Party Report on Controls Placed in Operation and Test of Operating Effectiveness (SAS 70) for the Period October 1, 2000-September 30, 2003 (Washington, D.C.: October 2003).