GAO-06-772R, Management Report: Opportunities for Improvements in FDIC's Internal Controls and Accounting Procedures


This is the accessible text file for GAO report number GAO-06-772R 
entitled 'Management Report: Opportunities for Improvements in FDIC's 
Internal Controls and Accounting Procedures' which was released on July 
12, 2006. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

July 11, 2006: 

Mr. Steven O. App: 
Deputy to the Chairman and Chief Financial Officer: 
Federal Deposit Insurance Corporation: 

Subject: Management Report: Opportunities for Improvements in FDIC's 
Internal Controls and Accounting Procedures: 

Dear Mr. App: 

In March 2006, we issued our opinions on the calendar year 2005 
financial statements of the Bank Insurance Fund (BIF), the Savings 
Association Insurance Fund (SAIF), and the FSLIC Resolution Fund (FRF). 
We also issued our opinion on the effectiveness of the Federal Deposit 
Insurance Corporation's (FDIC) internal control over financial 
reporting (including safeguarding assets) and compliance as of December 
31, 2005, and our evaluation of FDIC's compliance with significant 
provisions of selected laws and regulations for the three funds for the 
year ended December 31, 2005.[Footnote 1] 

The purpose of this report is to discuss issues identified during our 
audits of the 2005 financial statements regarding internal controls and 
accounting procedures that could be improved, and to recommend actions 
to address these weaknesses. Although these issues were not material in 
relation to the financial statements, we believe they warrant 
management's attention. We are making eight recommendations for 
strengthening FDIC's internal controls and accounting procedures. We 
conducted our audits in accordance with U.S. generally accepted 
government auditing standards. 

Results in Brief: 

During our audits of the 2005 financial statements, we identified 
several internal control issues that affected FDIC's accounting for the 
funds it administers. Although we do not consider them to be material 
weaknesses[Footnote 2] or reportable conditions,[Footnote 3] we believe 
they warrant management's consideration. 

Specifically, we found that FDIC: 

* Made errors in several of its operating expense allocation 
percentages. These errors would have resulted in misstatements in the 
BIF, SAIF, and FRF financial statements. 

* Did not detect several internal control deficiencies in its 
procurement process, two of which resulted in misstatements in the BIF, 
SAIF, and FRF financial statements, though the misstatements were not 
considered material. 

* Did not detect allocation errors in its Supplemental Payment System. 
These errors resulted in misstatements in the BIF, SAIF, and FRF 
financial statements, though the misstatements were not considered 
material. 

* Lacked complete control over checks in its Dallas mailroom. The lack 
of effective safeguarding control procedures increased the risk of 
theft, loss, or misappropriation of assets. 

We are making eight recommendations regarding FDIC's internal controls 
and accounting procedures. Implementation of these recommendations 
would strengthen FDIC's conformance with the internal control standards 
that federal agencies are required to follow[Footnote 4] and minimize 
the risk of future misstatements in the three funds' financial 
statements. 

In its comments, FDIC agreed with our recommendations and described 
actions it has taken or plans to take to address the control weaknesses 
described in this report. At the end of our discussion of each of the 
issues in this report, we have summarized FDIC's related comments and 
our evaluation. 

Scope and Methodology: 

As part of our audits of the 2005 and 2004 financial statements of the 
three funds administered by FDIC,[Footnote 5] we evaluated the 
Corporation's internal controls and its compliance with selected 
provisions of laws and regulations. We designed our audit procedures to 
test relevant controls, including those for proper authorization, 
execution, accounting, and reporting of transactions. 

We requested comments on a draft of this report from the FDIC Deputy to 
the Chairman and Chief Financial Officer. We received written comments 
and have reprinted the comments in enclosure I. Further details on our 
scope and methodology are included in our report on the results of our 
audits of the 2005 and 2004 financial statements, and are reproduced in 
enclosure II. 

Expense Allocation: 

During our testing of a sample of operating expense transactions, we 
identified several erroneous percentages used in FDIC's expense 
allocation process. These errors led to an incorrect allocation of 
expenses among BIF, SAIF, and FRF. GAO's Standards for Internal Control 
in the Federal Government requires agencies to implement internal 
control procedures to ensure the accurate and timely recording of 
transactions and events. In addition, these standards require that 
qualified and continuous supervision be provided to ensure that 
internal control objectives are achieved. 

Operating expenses not directly attributable to BIF, SAIF, and FRF are 
allocated to each fund using predetermined expense allocation 
percentages. These percentages are developed during FDIC's annual 
corporate planning and budget process. With its implementation of a new 
accounting system in May 2005, FDIC's process for entering 
modifications to its expense allocation percentages changed. 
Previously, the process for modifying the allocation percentages merely 
required FDIC to modify information in a table within the accounting 
system, which in turn automatically updated the system; under the new 
accounting system, all changes to the allocation percentages must be 
made via a journal entry. The general ledger manager in the Division of 
Finance (DOF) is required to review and approve journal entries for 
adjusting the allocation percentages along with the underlying support. 

In comparing the allocation source reports prepared by the budget 
office to the actual percentages in the accounting system, we found 
that FDIC used erroneous expense allocation percentages in four cases. 
This resulted in an over allocation of expenses to BIF and FRF of 
$50,539 each, and an under allocation to SAIF of $101,078. FDIC 
corrected these misallocations in 2005 and corrected the allocation 
percentages for future allocations. Although the journal entries for 
the allocation percentages were approved by the general ledger manager, 
the review and approval process failed to identify these errors. Per 
discussions with FDIC officials, these errors were caused by the 
manager's inexperience with the new accounting system and the 
similarity of the allocation percentages. 

Recommendation: 

To minimize the risk of incorrect expense allocation among the funds, 
we recommend that FDIC issue a formal notice to all individuals who 
review and approve journal entries for the expense allocation 
percentages reminding them of their responsibility to properly review 
proposed changes to these percentages. 

FDIC Comments and Our Evaluation: 

FDIC agreed with our recommendation and stated that it will reemphasize 
to personnel having a general ledger manager role in the new accounting 
system that one of their primary responsibilities is to properly review 
all journal entries, including entries adjusting the allocation 
percentages. We will evaluate the effectiveness of FDIC's actions 
during our 2006 financial audit. 

Procurement Process: 

During our 2005 financial audit, we found several internal control 
deficiencies in FDIC's procurement process, two of which resulted in 
incorrect charges to the funds. GAO's Standards for Internal Control in 
the Federal Government requires agencies to implement internal control 
procedures to ensure proper execution of transactions and events. In 
addition, these standards require that qualified and continuous 
supervision be provided to ensure that internal control objectives are 
achieved. 

Procurement is performed mainly by the Acquisition Services Branch 
(ASB) within the Division of Administration. FDIC's Acquisition Policy 
Manual (FDIC Circular 3700.16) provides a consolidated and uniform set 
of policies and procedures for procuring goods and services on behalf 
of the corporation in its corporate, receivership, and conservatorship 
capacities. Generally, procurement begins when a requestor 
electronically completes a Requirements Package including a Procurement 
Requisition. After the requisition is approved by the requestor's 
division, ASB will begin to purchase the goods and services. This 
purchase is generally processed by the use of a purchase order or a 
contract. ASB is responsible for entering purchase order or contract 
information into the accounting system, including price, delivery 
information, due date, program codes, and account codes. Once the 
contracted goods/services have been received/performed, the invoices 
are sent to the Disbursement Operations Unit (DOU) within DOF. DOU is 
responsible for date stamping, entering information into the accounting 
system, and electronically routing the invoice to the appropriate 
oversight manager for approval. The information entered includes the 
vendor's name, invoice date, mailing address, and invoice amount. Once 
the oversight manager electronically approves the invoice, it is 
processed for payment. 

We reviewed the procurement process from requisition through the 
payment of invoices by selecting and testing samples of operating 
expense transactions. In testing these transactions, we identified the 
following issues: 

* A contractor who provided various advertising services to FDIC billed 
estimated expenses for its subcontractors to FDIC while the contract 
terms specified that the invoices were to be based on actual incurred 
costs. According to the FDIC oversight manager for this contract, it is 
commercial practice for advertising companies to bill based on 
estimated costs; however, this contract was not amended to include the 
appropriate terms and conditions for advance payment. The contractor 
conducted a year-end fiscal closeout that included a detailed 
reconciliation to its subcontractors' invoices. Based on the 
reconciliation, $132,800 was refunded to FDIC in March 2006. 

* Two transactions for computer consulting services, valued at $5,446 
and $84,325 respectively, were incorrectly charged solely to BIF 
instead of allocated among BIF, SAIF, and FRF. Both of these 
transactions were approved by oversight managers. After we brought this 
to FDIC's attention, we were told that many employees were still 
learning the corporation's new accounting system. Accordingly, these 
errors were caused by the oversight managers' lack of experience with 
the new system. As a result of these errors, BIF was overcharged 
$15,278, and SAIF and FRF were undercharged $12,582 and $2,696, 
respectively. 

* An approved procurement-related transaction for $122,878 was 
incorrectly charged to a wrong purchase order. According to FDIC, this 
incorrect charge was due to the related oversight manager being newly 
assigned to this particular contract and all purchase order numbers 
having changed due to the implementation of the new accounting system. 
Because both the original purchase order and the incorrectly charged 
purchase order have the same allocation fund expense percentages, there 
was no dollar impact on the funds. 

* A $30,432 payment to a contractor for computer-related services was 
approved without verification of related subcontractor charges. The 
supporting subcontractor invoices were not readily available for review 
because they were not submitted with the prime contractor's monthly 
invoice, even though the contract required all subcontractor invoices 
to be submitted with the monthly invoice. After we requested that FDIC 
obtain the related subcontractor's invoices, we found that the related 
charges were correct. 

In our 2004 financial audit, we found the same type of control issue 
but with negative consequences. FDIC was overcharged nearly $33,000 
because this same contractor did not furnish related subcontractor 
invoices to FDIC, and FDIC personnel were not verifying the 
subcontractor charges. In response to this finding, FDIC issued a 
memorandum in May 2005, reminding oversight managers of their critical 
responsibility for reviewing and approving contractor invoices. 
Nonetheless, the transaction we tested in 2005 was reviewed and 
approved by the oversight manager in July 2005, and again the oversight 
manager failed to follow FDIC's policies and procedures to obtain 
subcontractor's invoices to verify charges prior to payment. 

Recommendations: 

To improve internal controls over FDIC's procurement process and to 
minimize the potential for erroneous charges and misallocation of 
charges to the funds, we recommend that FDIC: 

* reissue a formal notice to all individuals who review and approve 
procurement-related transactions again reminding them of their 
responsibilities to ensure that terms and conditions of the contract 
are complied with or changed if appropriate and that transactions are 
properly recorded; and: 

* require contract oversight managers to send a letter to the 
appropriate contractors stating that, consistent with the contract 
terms, their invoices will not be paid until all supporting 
subcontractor invoices are submitted to FDIC for review. 

FDIC Comments and Our Evaluation: 

FDIC agreed with our recommendations. FDIC stated that it will issue 
another memorandum to all division and office directors and oversight 
managers restating their responsibilities, including the responsibility 
to ensure all required supporting documentation are provided and 
reviewed before approving payment. Additionally, FDIC stated that the 
memorandum will instruct the oversight managers to issue "invoice 
rejection letters" to contractors if contractors submit invoices 
without appropriate supporting documentation, including subcontractor 
invoices. The "invoice rejection letter" will inform the contractor 
that the invoice will not be paid until a proper invoice is received, 
reviewed and approved by the FDIC. FDIC stated that it will issue the 
memorandum to oversight managers by July 17, 2006. We will evaluate the 
effectiveness of FDIC's actions during our 2006 financial audit. 

Supplemental Payment System: 

During our testing of operating expenses, we identified a deficiency in 
the compensating controls FDIC put in place to allocate certain 
expenses processed by the Supplemental Payment System (SPS) among the 
funds. This deficiency resulted in incorrect expense charges to the 
three funds in 2005. GAO's Standards for Internal Control in the 
Federal Government requires agencies to implement internal control 
procedures to ensure the accurate and timely recording of transactions 
and events. In addition, these standards require that qualified and 
continuous supervision be provided to ensure that internal control 
objectives are achieved. 

FDIC uses the SPS to record and process supplemental employee payments 
such as relocation payments, commuter reimbursements, travel expenses, 
and employment buyouts. SPS also determines the applicable withholding 
taxes on supplemental employee payments; prevents FDIC from over 
withholding certain payroll taxes (e.g., social security and Medicare); 
accumulates supplemental payments made to each employee into one 
supplemental W-2; and generates this W-2 separately from the W-2 that 
the National Finance Center processes to cover its payroll-related 
payments. In implementing its new accounting system in May 2005, FDIC 
decided that it was not cost beneficial to customize SPS for automatic 
allocation of the tax expense processed within it to the three funds; 
to compensate, FDIC requires that manual journal entries be created by 
FDIC personnel and entered into the accounting system to allocate the 
SPS processed tax related charges among the funds. 

In testing transactions from SPS as part of our overall operating 
expense sample testing, we identified a $1,839 transaction related to 
the tax portion of an employee's relocation payment that was charged 
entirely to BIF, but which should have been allocated to BIF, SAIF, and 
FRF. Subsequent follow-up related to this transaction revealed that 
manual journal entries routinely prepared to allocate the SPS processed 
tax related transactions omitted three accounts. For 2005, these 
omissions resulted in BIF being overcharged $358,026, and SAIF and FRF 
being undercharged $273,785 and $84,241, respectively for expenses 
processed through SPS. These errors were not corrected in 2005. Going 
forward, FDIC officials stated that the corporation will manually 
allocate tax expenses from these three accounts to ensure the funds are 
being charged for appropriate costs. 

Recommendation: 

To address the limitation associated with expense transactions 
processed within the Supplemental Payment System, we recommend that 
FDIC review all of the general ledger accounts within the new 
accounting system that are processed through SPS to ensure that they 
are properly allocated to the appropriate funds. 

FDIC Comments and Our Evaluation: 

FDIC agreed with our recommendation. In response to our finding, FDIC 
stated that it has already reviewed the accounts processed through the 
SPS and confirmed that there are no other affected accounts. Going 
forward, FDIC stated that it will ensure these expenses are allocated 
appropriately. We will evaluate the effectiveness of FDIC's actions 
during our 2006 financial audit. 

Receivership Receipts (Mailroom Controls): 

During our testing of the corporation's internal controls, we 
identified several control deficiencies in the mailroom operation of 
its Dallas field office that increased the risk of theft, loss, or 
misappropriation of receipts. GAO's Standards for Internal Control in 
the Federal Government requires agencies to establish physical control 
to secure and safeguard vulnerable assets. Examples include security 
for, and limited access to, assets such as cash, securities, 
inventories, and equipment that might be vulnerable to risk of loss or 
unauthorized use. 

The mailroom of the Dallas field office is responsible for opening mail 
and monetary receipts for receivership activities. These receipts 
generally consist of loan repayments from debtors of failed financial 
institutions. For calendar year 2005, the mailroom of the Dallas field 
office processed 2,051 checks totaling approximately $19 million. 

In our tests of controls of FDIC's Dallas field office mailroom 
operations, we found the following deficiencies: 

* The mailroom entry door did not provide adequate physical security. 
The entry door was comprised of two half doors, with only the bottom 
half being closed and locked while the top half was left open. We 
observed several people bypassing the special access badge reader by 
reaching over the top of the bottom locked door and opening it using 
the inside handle. 

* FDIC's mail was not opened under dual control. Although FDIC stated 
that at least two contractor employees concurrently opened mail in the 
Dallas mailroom, we observed that they were not following the dual 
control procedure which calls for observing each other when opening 
official FDIC mail. 

* The mailroom staff logged in all checks at one time after all the 
mail was opened, instead of immediately at the time of their extraction 
as required by FDIC's Standard Operating Procedures. 

Safeguarding controls are critical in preventing the theft of cash or 
checks. The lack of effective safeguarding controls increases the risk 
of theft, loss, or misappropriation of assets. 

Recommendations: 

To improve its physical security over the Dallas field office mailroom 
operations, we recommend that FDIC: 

* instruct its contractor employees to follow FDIC's policy and 
procedures to specifically use the access card when entering the 
mailroom entry door; 

* close both half doors so that access can only be made by authorized 
personnel using the access card; 

* require personnel to open official FDIC mail under dual control; and: 

* log check receipts into the Daily Check Log immediately at the time 
of their extraction rather than at the completion of the mail-opening 
process. 

FDIC Comments and Our Evaluation: 

FDIC agreed with our recommendations. In response to our findings, FDIC 
stated that it had already taken action to address these issues and 
noted that, as of January 31, 2006: 

* the mail room door can only be opened by authorized personnel using 
their access card; 

* both half doors have been closed and secured so that access can only 
be made by authorized personnel using their access cards; 

* it has defined "dual control" in its mail opening policy to ensure 
that at least one employee or contractor oversees another employee or 
contractor when opening official FDIC mail. As an internal control, 
periodic observation for compliance is conducted by the oversight 
manager via a monitoring camera that can be viewed in the security 
area; and: 

* the oversight manager has instructed mailroom contractors to log 
checks into the daily check log immediately at the time of their 
extraction rather than at the completion of the mail opening process. 

We will evaluate the effectiveness of FDIC's actions during our 2006 
financial audit. 

This report contains recommendations to you. We would appreciate 
receiving a description and status of your corrective actions within 30 
days of the date of this letter. 

This report is intended for use by FDIC management, members of the FDIC 
Audit Committee, and the FDIC Inspector General. We are sending copies 
of this report to the Chairman and Ranking Minority Member of the 
Senate Committee on Banking, Housing, and Urban Affairs; the Chairman 
and Ranking Minority Member of the House Committee on Financial 
Services; the Chairman of the Board of Directors of the Federal Deposit 
Insurance Corporation; the Chairman of the Board of Governors of the 
Federal Reserve System; the Comptroller of the Currency; the Director 
of the Office of Thrift Supervision; the Secretary of the Treasury; the 
Director of the Office of Management and Budget; and other interested 
parties. In addition, this report will be available at no charge on 
GAO's Web site at [Hyperlink http://www.gao.gov].  

We acknowledge and appreciate the cooperation and assistance provided 
by FDIC management and staff during our audits of FDIC's 2005 and 2004 
financial statements. If you have any questions about this report or 
need assistance in addressing these issues, please contact me at (202) 
512-3406 or by e-mail at sebastians@gao.gov. Contact points for our 
Offices of Congressional Relations and Public Affairs may be found on 
the last page of this report. GAO staff who made major contributions to 
this report are listed in enclosure III. 

Sincerely yours, 

Signed by: 

Steven J. Sebastian: 
Director: 
Financial Management and Assurance: 

Enclosures: 

[End of Section] 

Enclosure I: 

Comments from the Federal Deposit Insurance Corporation: 

Federal Deposit Insurance Corporation: 
550 17th Street NW, 
Washington, D.C. 20429-9990: 

Deputy to the Chairman and CFO: 

June 28, 2006: 

Mr. Steven J. Sebastian, Director Financial Management and Assurance: 
U.S. Government Accountability Office: 
441 G Street, NW: 
Washington, DC 20548: 

Dear Mr. Sebastian: 

Thank you for the opportunity to respond to the draft report titled, 
Management Report: Opportunities for Improvements in FDIC's Internal 
Controls and Accounting Procedures, GAO-06-772R. The report discusses 
issues that were identified during the 2005 financial statements audit 
regarding internal controls and accounting procedures that could be 
improved, and recommendations to address these issues. We were pleased 
to have the Government Accountability Office (GAO) acknowledge that, 
although these issues warranted management's attention, they were not 
material in relation to the financial statements. 

Overall, FDIC agrees with the results presented in the draft report and 
recognizes the need to strengthen our internal control environment to 
ensure the accurate and timely recording of transactions and events. We 
are committed to identifying opportunities for improvement and ensuring 
that internal control objectives are achieved. Our corrective action 
plan in response to the recommendations is discussed below. 

Expense Allocation: 

GAO found that FDIC made errors in several of its operating expense 
allocation percentages. These errors resulted in misstatements in the 
Bank Insurance Fund (BIF), the Savings Association Insurance Fund 
(SAIF), and the FSLIC Resolution Fund (FRF) financial statements, 
though the misstatements were not considered material. 

Recommendation 1: 

To minimize the risk of incorrect expense allocation among the funds, 
GAO recommended that FDIC issue a formal notice to all individuals who 
review and approve journal entries for the expense allocation 
percentages reminding them of their responsibility to properly review 
proposed changes to these percentages. 

Management Response: 

We concur with the recommendation and agree that there were four 
erroneous expense allocation percentages used in the common services 
expense allocation process. The initial percentages were set up in the 
New Financial Environment (NFE) prior to implementation. These 
percentages were set up using the workflow approval process and were 
approved by an individual with the General Ledger (GL) Manager approval 
role at the time. After NFE implementation, personnel with this role 
are housed in the General Ledger Unit, Accounting Operations Section. 

The process within the General Ledger Unit is to review journal entries 
to ensure they are correct, which includes ensuring that percentages 
processed in the allocation journal correspond to the percentages 
submitted in the budget process. Regardless, FDIC will reemphasize to 
personnel possessing the GL Manager role in NFE that one of their 
primary responsibilities is to properly review all journals, including 
journals adjusting the allocation percentages. 

Procurement Process: 

GAO found that FDIC did not detect several internal control 
deficiencies in its procurement process; two of which resulted in 
misstatements of the BIF, SAIF, and FRF financial statements, though 
the misstatements were not considered material. 

Recommendation 2: 

To improve internal controls over FDIC's procurement process and to 
minimize the potential for erroneous charges and misallocation of 
charges to the funds, GAO recommended that FDIC reissue a formal notice 
to all individuals who review and approve procurement-related 
transactions again reminding them of their responsibilities to ensure 
that terms and conditions of the contract are complied with or changed 
if appropriate and that transactions are properly recorded. 

Management Response: 

We concur with the recommendation. In response to GAO's internal 
controls and accounting procedures audit report for the calendar year 
2004, FDIC issued a memorandum on May 10, 2005 (see attached), to 
headquarters and regional office oversight managers, technical 
monitors, and Acquisition Services Branch (ASB) personnel reminding 
oversight managers of their critical responsibility for reviewing and 
approving contractor invoices. FDIC will issue another memorandum to 
all division and office directors and oversight managers to restate 
their responsibilities, including the responsibility to ensure all 
required supporting documentation, such as subcontractor invoices, are 
provided and reviewed before approving payment. Guidance designed to 
prevent misallocation of funds and ensure proper reporting of 
transactions will also be included in this memorandum. FDIC will issue 
the memorandum to oversight managers by July 17, 2006. 

In addition, on May 26, 2006, ASB issued a notice (see attached) to 
FDIC contracting personnel to remind them of their role in appointing 
oversight managers and technical monitors and ensuring oversight 
managers properly perform their contract oversight responsibilities in 
accordance with applicable policies and procedures. Contracting 
officers were also reminded to monitor how well oversight managers 
perform their functions and to take appropriate action if oversight 
managers do not perform their oversight duties diligently. 

Recommendation 3: 

To improve internal controls over FDIC's procurement process and to 
minimize the potential for erroneous charges and misallocation of 
charges to the funds, GAO recommended that FDIC require contract 
oversight managers to send a letter to the appropriate contractors 
stating that, consistent with the contract terms, their invoices will 
not be paid until all supporting subcontractor invoices are submitted 
to FDIC for review. 

Management Response: 

We concur with the recommendation. While we concur that the issue needs 
to be addressed, we believe there is a more efficient and cost 
effective solution. To address this concern, we will issue a memorandum 
to all oversight managers no later than July 17, 2006, as specified in 
the above response. This memorandum will instruct the oversight 
managers to issue "invoice rejection letters" to contractors if 
contractors submit invoices without appropriate supporting 
documentation, including subcontractor invoices, or if invoices do not 
specify the accounting information as required by the contract. The 
"invoice rejection letter" will inform the contractor that the invoice 
will not be paid until a proper invoice is received, reviewed and 
approved by the FDIC. We believe this approach is a more efficient and 
cost effective solution and should achieve the overall goal of the 
GAO's recommendation. 

Supplemental Payment System: 

GAO found that FDIC did not detect allocation errors in its 
Supplemental Payment System. These errors resulted in misstatements in 
the BIF, SAY, and FRF financial statements, though the misstatements 
were not considered material. 

Recommendation 4: 

To address the limitation associated with expense transactions 
processed within the Supplemental Payment System (SPS), GAO recommended 
that FDIC review all of the general ledger accounts within the new 
accounting system that are processed through SPS to ensure that they 
are properly allocated to the appropriate funds. 

Management Response: 

We concur with the recommendation and as noted in greater detail below, 
have already implemented it. We agree that employer matching tax 
expenses and gross up expenses related to the Supplemental Payment 
System (SPS) were not allocated to the funds correctly. The SPS 
(essentially the PeopleSoft (PS) Payroll System) would have required 
considerable modifications to allow for the posting of these tax 
expenses by the fund where the expense originated. The system's 
accounting entry process is designed around the use of account codes 
representing a combination of chartfields and SPS assigns only one 
account code for the employer matching and gross-up expenses. During 
the NFE design process, it was determined that customizing the system 
would not be cost beneficial in this instance. However, the 
implementation team, while identifying the need to allocate these tax 
expenses to various department and program codes outside the SPS 
system, overlooked the need for allocating these expenses across the 
funds. 

The FDIC has already reviewed the accounts processed through the SPS 
and confirmed that the only accounts having the issue described above 
are the three accounts relating to employer matching and gross-up 
expenses. Going forward, FDIC will ensure these expenses are allocated 
appropriately. We note however, with the Bank Insurance Fund and the 
Savings Association Insurance Fund merging into the Deposit Insurance 
Fund and the continuing decline in the size of the FRF, FDIC is now in 
the process of reviewing whether it is proper to continue allocating 
these types of expenses to the FRF. 

Receivership Receipts (Mailroom Controls): 

GAO found that FDIC lacked the appropriate level of control over checks 
in its Dallas mailroom. The lack of effective safeguarding control 
procedures increased the risk of theft, loss, or misappropriation of 
assets. 

Recommendation 5: 

To improve its physical security over the Dallas field office mailroom 
operations, GAO recommended that FDIC instruct its contractor employees 
to follow FDIC's policy and procedures to specifically use the access 
card when entering the mailroom entry door. 

Management Response: 

We concur with the recommendation. In GAO's Matters for Further 
Consideration (MFC-2) dated January 18, 2006, GAO identified this 
issue, as well as others, and requested a response. We addressed and 
resolved this issue in our response dated January 31, 2006. For your 
convenience, we restate our earlier response here. As of January 31, 
2006, both "halves" of the mail room door have been closed and secured 
so that access can only be obtained via the card reader to authorized 
personnel. Business transactions take place through the counter window 
which is locked when the mail room is closed. 

Recommendation 6: 

To improve its physical security over the Dallas field office mailroom 
operations, GAO recommended that FDIC close both half doors so that 
access can only be made by authorized personnel using the access card. 

Management Response: 

We concur with the recommendation and restate our earlier response 
dated January 31, 2006. As of January 31, 2006, both "halves" of the 
mail room door have been closed and secured so that access can only be 
obtained via the card reader to authorized personnel. Business 
transactions take place through the counter window which is locked when 
closed. 

Recommendation 7: 

To improve its physical security over the Dallas field office mailroom 
operations, GAO recommended that FDIC require personnel to open 
official mail under dual control. 

Management Response: 

We concur with the recommendation. FDIC Mail Operations Standard 
Operating Procedures clearly require that all mail should be opened 
under dual control to ensure adequate internal controls and 
accountability. The intent of this policy is to ensure that at least 
one employee or contractor oversees another employee or contractor when 
opening official FDIC mail. To address GAO's concerns and eliminate any 
ambiguity regarding FDIC's mail opening policy, we have defined "dual 
control," as it relates to the process for opening mail, in guidance 
issued and implemented on January 31, 2006. This guidance was provided 
in our response to GAO's Matter for Further Consideration (MFC-2). As 
an internal control, periodic observation for compliance is conducted 
by the oversight manager via a monitoring camera that can be viewed in 
the security area. 

Recommendation 8: 

To improve its physical security over the Dallas field office mailroom 
operations, GAO recommended that FDIC log check receipts into the Daily 
Check Log immediately at the time of their extraction rather than at 
the completion of the mail-opening process. 

Management Response: 

We concur with the recommendation and restate our earlier response. In 
our January 31, 2006, response to GAO's Matters for Further 
Consideration (MFC-2), we noted that the oversight manager instructed 
mailroom contractors to log checks into the daily check log immediately 
at the time of their extraction rather than at the completion of the 
mail opening process.  

We appreciate GAO's assistance in these matters. If you have any 
questions relating to these FDIC management responses, please contact 
James H. Angel, Jr., Director, Office of Enterprise Risk Management, at 
703-562-6456. 

Sincerely, 

Signed by: 

Steven O. App: 
Deputy to the Chairman and Chief Financial Officer: 

Attachments: 

cc: John F. Bovenzi: 
Fred S. Selby: 
Arleas Upton Kea: 
James H. Angel, Jr. 
Alice C. Goodman: 

FDIC: 

Federal Deposit Insurance Corporation: 
550 17th St. 
NW Washington DC, 20429 

Division of Administration: 

May 10, 2005: 

To: Headquarters and Regional Office Oversight Managers and Technical 
Monitors And Acquisition Services Branch Personnel: 

From: Ann Bridges Steely, Associate Director Acquisition Services 
Branch: 

Subject: Invoice Review and Approval: 

The FDIC pays contractor costs that are allowable by the terms of the 
contract and are reasonable in nature and amount The Oversight Manager 
is responsible for the review and approval of contractor invoices. It 
is of. critical importance that all invoices be thoroughly reviewed 
prior to approval to ensure that contractors have fully complied with 
the terms of the contract. Oversight Managers must ensure the FDIC is 
billed only for goods and services that are contained in the contract, 
at the rates quoted within the contract, and only for. goads or 
services that the FDIC has received and which are acceptable to the 
FDIC. The Oversight Manages is also responsible for monitoring total 
payments to the contractor to ensure that they do no exceed the 
contract ceiling. Any questions regarding invoices and adherence to 
contractual terms should be directed to your Contract Specialist or 
Contracting Officer prior to approving any invoice. 

Refer to the Acquisition Policy Manual Section 5.H., Contract Payments, 
for further guidance. 

Questions regarding this memorandum should be addressed to Ann Bridges 
Steely at (202) 942-3010. 

May 26, 2006: 
Procurement Administrative Bulletin No. 2006-05: 

This PAB provides a list of general reminders for Contracting Officers 
with respect to appointing Oversight Managers, changing Oversight 
Managers, and taking appropriate action when Oversight Managers do not 
fulfill their designated roles and responsibilities during contract 
administration. 

Subject: General Reminders of Contracting Officer's Role In Appointing 
Oversight Managers: 

Background: 
APM REference: Section 5.A.6; 
General Policy Description: Requires Contracting Officers to appoint 
Oversight Managers (OMs) for all contracts awarded using ASB's formal 
contracting procedures. 

APM Reference: Section 5.A.7; 
General Policy Description: Addresses the policy for changing Oms. 

APM Reference: Section5.A.11; 
General Policy Description: Requires Oms to take the FDIC's web-based 
OM training course before the Contracting Officer can appoint them as 
OM. 

[End of Table] 

General Reminder: 

As a general reminder, it is important for Contracting Officers to: 

* Ensure that OM's have successfully completed the FDIC Oversight 
Manager on-line training course be ore issuing a Letter of OM 
Confirmation (Exhibit XVI to the APM). Document the file with a copy of 
the OM's Corporate University transcript which verifies successful 
course completion. 

* Verify that the OM has obtained approval from DIT (via the AASA form 
process) to approve invoices in NFE and also approval for access to 
CeFile. To do this: 

(1) Look up the OM's name on the NFE PO Header Details page. 

(2) Look up the OM's name on the `CeFile Acq OM' user access list in 
CeFile. 

* Issue OM Confirmation Letters immediately following the award of the 
Contract. 

* Forward a copy of the signed OM Confirmation Letter to the contractor 
upon award to ensure that that contractor has been advised of the OM's 
roles and responsibilities. 

* Monitor how well OMs are performing, and take appropriate action if 
they do not perform their roles and responsibilities (e.g., notify the 
OM and elevate the matter to the ASB Assistant Director). 

* To replace an OM with a new OM during contract administration, the 
above mentioned general reminders apply. In addition, make sure you: 

(1) Terminate the existing Letter of OM Confirmation in writing. 

(2) Provide a copy to the contractor to inform them of the change, 
along with a new OM Confirmation Letter with the name of the new OM. 

(3) Change the name of the OM in NFE immediately upon issuance of the 
new OM Confirmation Letter to ensure future invoices will be routed to 
the new OM. 

(4) Update the CeFile access list to remove the existing OM's name and 
replace it with the name of the new OM. (Note. Only the `owner' of the 
file in CeFile can update the access list.) 

* Copies of signed OM Confirmation Letters must be retained in the 
official contract file in CeFile. 

Questions regarding this PAB should be addressed to Julie Rothermel at 
(703) 562-2212.

[End of Section] 

Enclosure II: 

Details on Audit Methodology: 

To fulfill our responsibilities as auditor of the financial statements 
of the three funds administered by the FDIC, we did the following: 

* examined, on a test basis, evidence supporting the amounts and 
disclosures in the financial statements; 

* assessed the accounting principles used and significant estimates 
made by management; 

* evaluated the overall presentation of the financial statements; 

* obtained an understanding of internal controls related to financial 
reporting (including safeguarding assets) and compliance with selected 
laws and regulations; 

* tested relevant internal controls over financial reporting and 
compliance, and evaluated the design and operating effectiveness of 
internal control; 

* considered FDIC's process for evaluating and reporting on internal 
control based on criteria established by 31 U.S.C. � 3512 (c), (d), 
(commonly referred to as the Federal Managers' Financial Integrity 
Act); and: 

* tested compliance with applicable laws and regulations, including 
selected provisions of the Federal Deposit Insurance Act, as amended, 
and the Chief Financial Officers Act of 1990. 

[End of Section] 

Enclosure III: 

Acknowledgments: 

The following individuals made major contributions to this report: 
Gloria Cano, Gary Chupka, Julia Duquette, Wing Lam, Richard Larsen, and 
Greg Ziombra. 

(196107): 

FOOTNOTES 

[1] GAO, Financial Audit: Federal Deposit Insurance Corporation Funds' 
2005 and 2004 Financial Statements, GAO-06-146 (Washington, D.C.: Mar. 
2, 2006). 

[2] Material weaknesses are defined as a condition in which the design 
or operation of one or more of the internal control components does not 
reduce to a relatively low level the risk that misstatements caused by 
error or fraud in amounts that would be material in relation to the 
financial statements may occur and not be detected within a timely 
period by employees in the normal course of performing their assigned 
functions. 

[3] Reportable conditions are defined as significant deficiencies in 
the design or operation of internal control that could adversely affect 
the entity's ability to record, process, summarize, and report 
financial data consistent with the assertions of management in the 
financial statements. 

[4] GAO, Standards for Internal Control in the Federal Government, GAO/ 
AIMD-00-21.3.1 (Washington, D.C.: November 1999). 

[5] On February 8, 2006, the President signed into law the Federal 
Deposit Insurance Reform Act of 2005. Among its provisions, the act 
calls for merging the Bank Insurance Fund and Savings Association 
Insurance Fund into a single Deposit Insurance Fund. The merger 
occurred on March 31, 2006. 

GAO's Mission: 

The Government Accountability Office, the investigative arm of 
Congress, exists to support Congress in meeting its constitutional 
responsibilities and to help improve the performance and accountability 
of the federal government for the American people. GAO examines the use 
of public funds; evaluates federal programs and policies; and provides 
analyses, recommendations, and other assistance to help Congress make 
informed oversight, policy, and funding decisions. GAO's commitment to 
good government is reflected in its core values of accountability, 
integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains 
abstracts and full-text files of current reports and testimony and an 
expanding archive of older products. The Web site features a search 
engine to help you locate documents using key words and phrases. You 
can print these documents in their entirety, including charts and other 
graphics. 

Each day, GAO issues a list of newly released reports, testimony, and 
correspondence. GAO posts this list, known as "Today's Reports," on its 
Web site daily. The list contains links to the full-text document 
files. To have GAO e-mail this list to you every afternoon, go to 
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order 
GAO Products" heading. 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office 

441 G Street NW, Room LM 

Washington, D.C. 20548: 

To order by Phone: 

Voice: (202) 512-6000: 

TDD: (202) 512-2537: 

Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: www.gao.gov/fraudnet/fraudnet.htm 

E-mail: fraudnet@gao.gov 

Automated answering system: (800) 424-5454 or (202) 512-7470: 

Public Affairs: 

Jeff Nelligan, managing director, 

NelliganJ@gao.gov 

(202) 512-4800 

U.S. Government Accountability Office, 

441 G Street NW, Room 7149 

Washington, D.C. 20548: