GAO-07-482R, Internal Control: Improvements Needed in SEC's Accounting and Operational Procedures


This is the accessible text file for GAO report number GAO-07-482R 
entitled 'Internal Control: Improvements Needed in SEC's Accounting and 
Operational Procedures' which was released on April 4, 2007. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

April 3, 2007: 

The Honorable Christopher Cox: 
Chairman: 
U.S. Securities and Exchange Commission: 

Subject: Internal Control: Improvements Needed in SEC's Accounting and 
Operational Procedures: 

Dear Mr. Cox: 

On November 15, 2006, we issued our report[Footnote 1] on the U.S. 
Securities and Exchange Commission's (SEC) fiscal years 2006 and 2005 
financial statements and on SEC's internal control as of September 30, 
2006. We also reported on the results of our tests of SEC's compliance 
with selected provisions of laws and regulations during fiscal year 
2006. 

The purpose of this report is to discuss issues identified during our 
fiscal year 2006 audit concerning internal controls and accounting/ 
operational procedures that could be improved.[Footnote 2] This report 
contains six recommendations to SEC to improve these internal controls 
and procedures. These recommendations are in addition to those we 
already provided to SEC as a result of our prior audits of SEC's 
financial statements.[Footnote 3] 

Results in Brief: 

Our November 15, 2006, report concluded that based on SEC's efforts to 
address concerns with controls over disgorgements and penalties and 
over information systems, and based on improvements that we found in 
these areas during the fiscal year 2006 audit, we no longer considered 
these two previously reported weaknesses to be material 
weaknesses.[Footnote 4] However, because many of these efforts 
represent compensating controls rather than permanent systemic 
solutions, we still considered these areas to be reportable 
conditions.[Footnote 5] We also concluded that SEC had taken sufficient 
action in the area of controls over the financial reporting process 
such that we no longer consider this issue to be a material weakness or 
reportable condition. In addition, we identified a new reportable 
condition concerning SEC's controls over recording property and 
equipment. 

Tables 1 and 2 of enclosure I indicate the status of recommendations 
from our prior audits of SEC's financial statements.[Footnote 6] As of 
January 2007, SEC had taken actions to fully implement 18 of 35 open 
recommendations from our audits of the agency's 2004 and 2005 financial 
statements. 

We also identified other internal control issues that although not 
considered to be material weaknesses or reportable conditions, we 
believe warrant management's consideration. These issues concern (1) 
payroll system access, approval of time and attendance records, and 
process documentation and (2) comparison of furniture and equipment 
received and ordered. 

Our six recommendations follow the sections in which the corresponding 
issues are discussed. In commenting on a draft of this report, the 
Chairman cited actions taken and in progress with respect to our 
recommendations, and indicated that SEC made progress in fiscal year 
2006 in addressing its internal control weaknesses and has redoubled 
its efforts in fiscal year 2007. The Chairman identified specific 
actions and initiatives undertaken since the completion of our fiscal 
year 2006 audit. 

Scope and Methodology: 

As part of our audit of SEC's fiscal years 2006 and 2005 financial 
statements, we evaluated SEC's internal controls and tested its 
compliance with selected provisions of laws and regulations. We 
designed our audit procedures to test relevant controls over financial 
reporting, including those designed to provide reasonable assurance 
that transactions are properly recorded, processed, and summarized to 
permit the preparation of the financial statements in conformity with 
U.S. generally accepted accounting principles, and that assets are 
safeguarded against loss from unauthorized acquisition, use, or 
disposition. This report is based on the work performed during our 
audit of SEC's fiscal years 2006 and 2005 financial statements. We 
requested comments on a draft of this report from the Chairman of SEC. 
SEC's written comments are reprinted in enclosure II. We conducted our 
audit in accordance with U.S. generally accepted government auditing 
standards. Further details on our scope and methodology are included in 
our report on the results of our audits of SEC's fiscal years 2006 and 
2005 financial statements[Footnote 7] and are reproduced in enclosure 
III. 

Disgorgements and Penalties: 

As part of its enforcement responsibilities, SEC issues and administers 
judgments ordering, among other things, disgorgements, civil monetary 
penalties, and interest against violators of federal securities laws. 
These transactions involve material amounts of collections and the 
recording and reporting of fiduciary and custodial liability balances 
on the financial statements.[Footnote 8] 

Our audit testing for fiscal year 2006 noted significant management 
oversight and efforts to address weaknesses in the internal controls 
over recording and reporting disgorgement and penalty information. 
During the year, SEC finalized policies and procedures for reporting 
disgorgement and penalty activity, improved reconciliations of 
disgorgement and penalty transactions, established an internal audit 
function within the Division of Enforcement, and had better and more 
timely coordination between the two key SEC units responsible for 
reporting and recording disgorgements and penalties. Of particular note 
was a comprehensive initiative SEC undertook during the year (referred 
to as the Delinquent Debt Project) to review and verify all the 
outstanding disgorgement and penalty debts. Through this project, SEC 
identified and corrected numerous errors in the database used to record 
and report disgorgements and penalties. These errors involved amounts 
due, judgment and due dates, the payees, and status of the cases. This 
project also identified steps needed with respect to collecting or 
terminating the debts. Because of the limitations of the current case- 
tracking system for disgorgements and penalties, SEC's efforts to 
determine the reliability of the data were far more than what would 
ordinarily be necessary under a more effective system. These efforts 
will most likely continue until SEC improves its financial system for 
recording and reporting disgorgement and penalty information. 

Even with SEC's increased efforts to address concerns over reporting of 
disgorgements and penalties, our audit work for fiscal year 2006 
continued to identify risks concerning the completeness of the 
disgorgement and penalty receivable amounts. For example, we identified 
a $21 million disgorgement case that was erroneously omitted from SEC's 
disgorgement receivable balance at June 30, 2006. This is largely 
because SEC's process for determining its disgorgement and penalty 
receivable balances relies heavily on information being submitted to 
SEC's Office of Financial Management (OFM) from individual attorneys 
working on each case. To compensate for the risk presented by this 
process, in fiscal year 2006, SEC instituted a compensating control in 
which the Enforcement office heads were asked to certify the 
completeness and accuracy of the recorded disgorgement receivable 
balances at June 30, 2006, and at fiscal year-end. Through this 
certification process, a number of disgorgement cases were identified 
as not having current information related to dollar amounts, due dates, 
and payees in the case-tracking system used to establish the amounts 
receivable at a given date. While none of these instances resulted in a 
material misstatement to the receivable balance reported on the 
financial statements, relying on a decentralized detective control such 
as this certification process requires significant analysis, data 
gathering, and follow-up, and increases the risk that disgorgement and 
penalty debts and related activity may not get recorded in a timely 
manner or in the proper period. 

We are encouraged by SEC's commitment and management attention to 
strengthening controls over disgorgement and penalty activity to date, 
as well as SEC's planned future actions in this area. As discussed in 
its Management's Discussion and Analysis, SEC has designed procedures, 
controls, and documentation to track disgorgement and penalty actions 
from the time they are approved by the commission to their recording in 
the case-tracking system; these controls involve the participation of 
the Office of the Secretary and OFM, in addition to the Division of 
Enforcement. 

Also, this past year SEC has begun training attorneys handling the 
cases on the steps necessary to maintain strong internal controls over 
updating and communicating information that could affect financial 
reporting. In its Management's Discussion and Analysis, SEC stated that 
the Division of Enforcement will continue its efforts to educate all 
enforcement attorneys about the additional steps necessary to maintain 
strong internal controls at SEC and to ensure transparency and 
uniformity in the agency's approach to monetary sanctions. 

In addition, in fiscal year 2006, SEC designed a new financial 
management system for tracking disgorgements and penalties--known as 
Phoenix--that will replace the financial portion of the existing case- 
tracking system. SEC expects the new controls discussed above and the 
new disgorgement financial system to be fully operational in fiscal 
year 2007. 

Until a permanent and systemic process is fully and effectively 
implemented and operational, SEC will not have sufficient assurance 
over the accuracy and completeness of its reporting and tracking of 
disgorgements and penalties. Therefore, we consider this area to still 
be a reportable condition. 

SEC should continue to build on the significant progress already made 
in this area to fully resolve remaining open recommendations. These 
recommendations and the status of their resolution are included in 
tables 1 and 2 of enclosure I. We are not making any new 
recommendations in this area as a result of our 2006 audit of SEC's 
financial statements. 

Property and Equipment: 

SEC's property and equipment consists of software and general purpose 
equipment used by the agency, capital improvements made to buildings 
leased by SEC for office space, and internal use software development 
costs for projects in development. The reported book value of property 
and equipment increased from approximately $73 million at September 30, 
2005, to nearly $104 million at September 30, 2006. The significant 
increase in property and equipment is primarily due to SEC occupying 
new office space in Washington, D.C., Boston, and New York during 
fiscal year 2006. 

During the course of testing fiscal year 2006 additions, we noted 
numerous instances of inaccuracies in recorded acquisition costs and 
dates for furniture and equipment purchases, as well as unrecorded 
capitalization of furniture and equipment purchases and unrecorded 
depreciation, and errors in amounts capitalized for internal use 
software projects. Specifically, an inaccurate acquisition cost was 
recorded for 18 of 51 furniture and equipment purchases that we 
reviewed, including 1 for which an inaccurate date was also recorded. 
Inaccurate acquisition dates were also recorded for 17 other items. For 
the 18 items with an inaccurate cost recorded, we found the following: 

* Amounts recorded for 9 items--8 information technology (IT) equipment 
items and 1 bulk purchase of furniture--were based on a vendor price 
quote, procurement requisition, or purchase order rather than a final 
invoice. 

* Amounts recorded for 7 IT equipment items--3 servers, 3 routers, and 
a mass storage device--were incomplete because the cost of equipment 
components was excluded. 

* We could not readily determine the basis of amounts recorded for 2 
other IT equipment items (controller and mass storage device). 

We also noted that 18 of the 51 items we tested had inaccurate 
acquisition dates recorded. Of those 18 items, 15 were copier machines 
with a date of October 1, 2005, originally entered instead of the 
correct date of October 1, 2004. According to SEC staff, this was 
likely caused by an administrative error. Based on our follow-up 
inquiry regarding the copier machines, we learned that the Office of 
Administrative Services (OAS) had already corrected the date for these 
items (and 15 other copiers not included in our samples, for a total of 
30) in the asset-tracking system after an inconsistency was noted by 
OFM staff. Therefore, the dates recorded as of fiscal year-end were 
correct, but as a result of the errors, in fiscal year 2006, SEC 
recorded depreciation expense that should have been recorded in fiscal 
year 2005. Regarding the other 3 items for which inaccurate acquisition 
dates were recorded, all were bulk purchases of furniture with recorded 
dates that were inconsistent with receipt documentation. In 2 of the 
cases, it appeared that the dates recorded were based on the dates of 
corresponding purchase orders. In all 3 cases, SEC corrected the errors 
after we identified them, and the recorded fiscal year 2006 
depreciation expense was correct. 

According to the Associate Executive Director of OAS, actions have 
already been taken in response to our acquisition cost/date findings. 
Specifically, the OAS Property Specialist is now verifying all costs 
and dates before they are entered into the asset-tracking system; in 
addition, daily transaction reports are being used to identify errors 
and inconsistencies in recorded costs and dates. We plan to evaluate 
these new procedures as part of our fiscal year 2007 financial audit. 

We identified approximately $6.2 million of fiscal year 2006 furniture 
and equipment purchases that was not capitalized as of September 30, 
2006. Most of this amount was for furniture and equipment that SEC 
purchased for its new Washington, D.C., office space, with the 
remaining amount attributable to a new phone system. Regarding the 
furniture and equipment for the new headquarters office space, amounts 
involved were being tracked by SEC staff as part of managing the 
ongoing contractor invoicing process. However, there was a conscious 
decision to delay entering these amounts in SEC's official asset- 
tracking system until all items constituting the corresponding bulk 
purchases had been identified and properly categorized. Although the 
amounts were ultimately submitted for entry into the tracking system on 
September 27, 2006, these amounts were not entered in time to be 
reflected in the September 30, 2006, financial statements. Regarding 
the phone system, we concluded that the overall purchase, consisting of 
multiple components, was not properly identified as an asset that 
should be capitalized in accordance with SEC's established criteria. 

In addition to the unrecorded furniture and equipment for the new 
Washington, D.C., headquarters office space, we also identified an 
unrecorded bulk purchase of furniture associated with office space in 
New York. Specifically, based on our interim testing of furniture 
purchased in February 2006 for the new office space in New York, we 
determined that approximately $425,000 of furniture purchased in May 
2003 for the previous space was moved to the new space but had not been 
capitalized. We were unable to determine why this purchase had not been 
recorded in the asset-tracking system. SEC acknowledged this error and 
recorded the furniture in the tracking system during the fourth quarter 
of fiscal year 2006, more than 3 years after its purchase. As a result, 
the furniture was included in SEC's financial statements, but this 
significant delay resulted in SEC recording 29 months of prior years' 
depreciation expense in fiscal year 2006. 

We found errors in nearly half of the capitalized amounts that we 
tested for SEC internal use software projects. Specifically, we found 
errors in 7 of 16 amounts tested. Of the 7 total errors, 4 capitalized 
amounts were incomplete and 3 amounts included costs that should not 
have been capitalized. The largest error involved an addition of 
approximately $360,000, all of which, in accordance with applicable 
generally accepted accounting principles, should have been expensed 
rather than capitalized. Most of this amount consisted of licenses for 
the software. One of the incomplete capitalization amounts resulted 
from the combination of transposing an amount from one invoice and 
inadvertently excluding an amount from another invoice. Another of the 
overstated amounts was caused by including hardware and product support 
costs that should not have been capitalized. Most of the 7 errors did 
not have an impact on amortization expense because nearly all of the 
corresponding projects were under development (software in progress) 
rather than in production; thus, SEC had correctly not yet begun 
amortizing capitalized amounts. 

The Office of Information Technology (OIT) provides software project 
cost data to OFM based on quarterly data calls to project managers who 
are guided by SEC's Capital Asset Policy and OIT's Implementing 
Instruction for Software Capitalization. Based on our understanding of 
OIT's process for compiling these data, and the large number of errors 
identified in our testing, we concluded that (1) there is not a 
consistent understanding among project managers of the requirements 
that should govern their quarterly data submissions and (2) the data 
submitted by project managers are not subject to detailed supervisory 
review within OIT before being forwarded to OFM. In response to our 
findings, OIT officials informed us that detailed review of quarterly 
data submissions by the responsible assistant director would be 
implemented. We plan to evaluate OIT's implementation of detailed 
review during our fiscal year 2007 financial audit. 

Overall, the systemic errors that we found did not materially affect 
the balances reported for property and equipment or the corresponding 
depreciation and amortization expense amounts in SEC's financial 
statements for fiscal year 2006. However, these conditions evidence a 
significant deficiency in control over the recording of property and 
equipment that while not material, affects the reliability of reported 
balances. Without a process that integrates controls over capitalizing 
and recording property and equipment purchases, SEC does not have 
sufficient assurance over the accuracy and completeness of its reported 
balances for property and equipment. 

GAO's Standards for Internal Control in the Federal Government[Footnote 
9] provide an overall framework for establishing and maintaining 
internal control, including a discussion of control activities, for 
example, accurate and timely recording of transactions. Specifically, 
transactions should be accurately and promptly recorded to maintain 
their relevance and value to management in controlling operations and 
making decisions. 

In its Management's Discussion and Analysis, SEC acknowledges the need 
to strengthen control over this area. Specifically, SEC indicates that 
it will update the agency's property management policies in fiscal year 
2007 to reflect the current organizational structure and revised 
business processes, train staff on the new policies, and increase 
quality checks throughout the year. In addition, SEC indicates that it 
has begun preparing requirements to replace the agency's current 
outdated asset management system to enhance data integrity and maximize 
integration of its financial systems. These steps, if properly 
implemented, would significantly address the reportable condition. 
However, as indicated below, there are additional actions that SEC 
should take to fully address the deficiencies in this area. 

Recommendations: 

We recommend that SEC take the following specific actions as part of 
its planned corrective measures to improve property and equipment 
controls: 

1. Include, in its updated property management policies, detailed 
procedures for recording proper acquisition costs and dates in its 
asset-tracking system, and take steps to ensure that these procedures 
are being consistently implemented. 

2. Implement procedures requiring periodic comparisons of related 
details in disbursement and property/equipment subsidiary records to 
identify any unrecorded purchases that satisfy established 
capitalization criteria. 

3. Implement procedures to ensure that internal use software project 
managers have a complete and consistent understanding of the 
requirements that should govern compilation of cost data submitted for 
capitalization, including consideration of joint OIT and OFM training 
to software project managers on the requirements of applicable 
generally accepted accounting principles. 

4. Implement procedures whereby OFM staff routinely review capitalized 
amounts for software projects against supporting documentation to 
provide additional assurance that the recorded amounts are accurate and 
complete. 

Other Issues: 

Although not considered to be reportable conditions, the following 
weaknesses warrant management's consideration. 

Payroll System Access, Approval of Time and Attendance Records, and 
Process Documentation: 

During our fiscal year 2006 audit, we identified an excessive number of 
staff in SEC's Office of Human Resources (OHR) with the capability to 
initiate and approve both personnel actions and time cards. We also 
identified several cases in which administrative officers had approved 
time and attendance (T&A) for higher-level employees on a regular basis 
during fiscal year 2006. In addition, we determined that SEC lacks 
formal, comprehensive documentation of T&A and personnel action 
processes. We presented these findings to SEC officials in August 2006. 
As of the completion of our audit in November 2006, OHR had taken or 
planned corrective actions to address these issues. 

SEC uses the Federal Personnel and Payroll System (FPPS), a system 
developed and maintained by the Department of the Interior's National 
Business Center in Denver, Colorado, to process personnel actions and 
payroll transactions. During our audit, we found that all 11 
specialists and 8 assistants within OHR had FPPS access privileges 
allowing them to initiate and approve personnel actions for any SEC 
employee. In addition, all 19 staff had access privileges to initiate 
and approve time cards for employees within the offices that they 
service, including 3 who could do so for any SEC employee. According to 
OHR officials, these access privileges were put in place primarily for 
emergency situations where key staff may be unavailable. This condition 
introduces a risk factor from a segregation of duties perspective in 
that one individual could control all key aspects of personnel and 
payroll processing. 

In late September 2006, OHR removed certain access privileges for 16 of 
its 19 specialists and assistants. The overall result was a reduction 
in the number of staff who can both initiate and approve a personnel 
action and initiate and approve a time card from 19 to 3. Going 
forward, OHR is planning to monitor personnel action processing on a 
monthly basis by producing a report of all actions initiated and 
approved by the same staff member that will be reviewed and signed by 
both (1) one of OHR's three branch chiefs (on a rotating basis) and (2) 
the assistant director. In addition, OHR plans to implement branch team 
leader review of all personnel actions prior to final processing as an 
internal operating procedure. 

During our audit, we reviewed 45 payroll expenditures, including 
testing for proper T&A approval. We identified 3 cases in which an 
administrative officer approved the time card of a higher-level 
employee. After further inquiries and testing, we determined that time 
cards for all three employees had been improperly approved by an 
administrative officer on a regular basis during fiscal year 2006. 
GAO's guidance on controls over T&A reporting[Footnote 10] emphasizes 
that the integrity of the information in a T&A reporting system depends 
largely on the conscientious exercise of the supervisor (or other 
official) of his/her approval authority and an appropriate basis for 
such approval. 

In response to the results of our payroll expenditure testing, OHR 
issued two memos in September 2006--one to division directors/office 
heads and one to administrative officers--emphasizing that 
administrative officers (1) have been given T&A certification authority 
for emergency situations only and (2) are not to certify T&A for higher-
level officials on an ongoing basis. While such memos can serve as a 
useful reminder of current policy, we emphasized to OHR officials that 
active monitoring of compliance with current policy is a critical 
internal control. In this regard, OHR is planning to monitor the levels 
of staff that are approving time cards, with a focus on organizations 
in which exceptions were noted. 

Consistent with GAO's Standards for Internal Control in the Federal 
Government, internal control should be clearly documented and the 
documentation readily available for examination. During the course of 
our audit, OHR management readily acknowledged the lack of written 
procedures governing personnel action and payroll processing. As a 
result, OHR is planning to incorporate these areas into a larger 
initiative to document "core processes" across its functional areas. 

Given our understanding of SEC's overall control environment for 
personnel action and payroll processing, and the results of our current 
and prior year detail testing in these areas, we concluded that the 
deficiencies discussed above do not constitute reportable conditions. 
However, they are key components of SEC's system of internal control 
that warrant strengthening. The commission acknowledged in its 
Management's Discussion and Analysis that actions are needed to 
strengthen controls in these areas. 

Overall, we are encouraged by the actions taken and planned by SEC to 
strengthen these areas. However, continued management attention will be 
critical to ensuring that actions already taken are periodically 
reassessed for adequacy, and that planned actions are effectively 
implemented. We plan to evaluate SEC's corrective actions during our 
fiscal year 2007 financial audit. 

Recommendation: 

We recommend that SEC evaluate the overall effectiveness of its actions 
taken in response to our findings regarding payroll and personnel 
action processing, when fully implemented, to determine whether any 
modifications, additional actions, or both are needed. 

Comparison of Furniture and Equipment Received and Ordered: 

In addition to the inaccuracies in recording acquisition costs and 
dates, we found that SEC did not have evidence that showed a comparison 
of the quantity and type of item received against the corresponding 
order(s) for most furniture and equipment items that we tested. 
Specifically, we received adequate evidence of this comparison in only 
10 of 49 cases tested for this attribute. Although we concluded that 
these comparisons are being performed, consistent with our Standards 
for Internal Control in the Federal Government, this fundamental 
component of procurement control activities should be consistently 
documented. 

According to SEC's Property Management Program Manual (SECM9-1), upon 
receipt of property, staff are to sign and date the shipping receipt to 
evidence that the quantity and type of property received agrees with 
the corresponding purchase order. According to the Associate Executive 
Director of OAS, the current policy is outdated and comparisons are not 
being consistently documented in this manner. Therefore, the Associate 
Executive Director stated that SECM9-1 will be updated by OAS in 
cooperation with OIT's Asset Management Branch. Overall, the outdated 
policy and lack of documented evidence of a key control reflect a need 
for SEC to improve the "audit trail" for key asset management processes 
rather than a significant internal control deficiency. 

Recommendation: 

We recommend that SEC retain, in its updated property management 
policy, a procedure to document comparison of quantity and type of item 
received with the corresponding purchase order, and take actions to 
ensure that the comparisons are being consistently documented. 

Agency Comments: 

In commenting on a draft of this report, the Chairman indicated that 
SEC made progress in fiscal year 2006 in addressing its internal 
control weaknesses. The Chairman identified specific actions and 
initiatives undertaken since the completion of our fiscal year 2006 
audit that are not included in this report. The actions cited by the 
Chairman include: 

* implementing the new system (Phoenix) in February 2007 for tracking 
disgorgement and penalty receivable and collection activity; 

* implementing--in conjunction with the rollout of the Phoenix system-- 
new policies and procedures, as well as mandatory computer-based 
training modules for mid-and senior-level managers in the Division of 
Enforcement; 

* hiring a contractor to update SEC's property and equipment policies 
and to develop procedures directed at ensuring proper implementation; 

* implementing a semiannual process to compare invoices paid to 
property system data to identify any unrecorded purchases that meet 
established capitalization criteria; and: 

* instituting detailed supervisory-level review of all internal use 
software capitalization data provided by project managers. 

With respect to fiscal year 2007, the Chairman stated that SEC has 
redoubled its efforts. Specifically, the Chairman cited plans to 
improve the process for recording and reporting disgorgement and 
penalty activity by further automation and review of the manual 
compensating controls currently in place, provide training to software 
project managers on generally accepted accounting principles applicable 
to internal use software, and evaluate the effectiveness of revised 
payroll and personnel action processes to determine if any 
modifications are necessary or new processes needed. We will evaluate 
SEC's actions and initiatives during our fiscal year 2007 audit. 

SEC's written comments are reprinted in enclosure II of this report. 

This report contains recommendations to you. The head of a federal 
agency is required by 31 U.S.C. � 720 to submit a written statement on 
actions taken on the recommendations to the Senate Committee on 
Homeland Security and Governmental Affairs and the House Committee on 
Oversight and Government Reform not later than 60 days from the date of 
this report. A written statement also must be sent to the House and 
Senate Committees on Appropriations with agency's first request for 
appropriations made more than 60 days after the date of this report. 

This report is intended for use by management of SEC. We are sending 
copies of this report to the Chairmen and Ranking Minority Members of 
the Senate Committee on Banking, Housing, and Urban Affairs; the Senate 
Committee on Homeland Security and Governmental Affairs; the House 
Committee on Financial Services; and the House Committee on Oversight 
and Government Reform. We are also sending copies to the Secretary of 
the Treasury, the Director of the Office of Management and Budget, and 
other interested parties. In addition, this report will be available at 
no charge on GAO's Web site at http://www.gao.gov. 

We acknowledge and appreciate the cooperation and assistance provided 
by SEC management and staff during our audit of SEC's fiscal years 2006 
and 2005 financial statements. If you have any questions about this 
report or need assistance in addressing these issues, please contact me 
at (202) 512-9471 or by e-mail at franzelj@gao.gov. Contact points for 
our Offices of Congressional Relations and Public Affairs may be found 
on the last page of this report. 

Sincerely yours, 

Signed by: 

Jeanette M. Franzel: 
Director: 
Financial Management and Assurance: 

Enclosures - 3: 

Enclosure I: Status of Previously Reported Recommendations: 

This enclosure indicates the status of the U.S. Securities and Exchange 
Commission's (SEC) efforts to implement our previous recommendations 
related to opportunities for improvements in SEC's internal control and 
accounting and financial reporting procedures identified during our 
audits of SEC's 2004 and 2005 financial statements.[Footnote 11] Table 
1 lists the recommendations from our 2004 audit that we previously 
reported as open at the conclusion of our 2005 audit. Table 2 lists the 
recommendations from our 2005 audit. The status reflects our assessment 
of whether the issues that gave rise to the recommendations have been 
effectively and fully addressed based on the work performed during our 
fiscal year 2006 financial audit. As of January 2007, SEC had taken 
actions to close 18 of the 35 open recommendations from our audits of 
the agency's 2004 and 2005 financial statements. Effectively 
implementing recommendations is critical for SEC to resolve its 
financial management challenges. 

Table 1: Recommendations from 2004 Audit Reported as Open at Conclusion 
of 2005 Audit: 

Audit area/recommendation: Disgorgements and penalties: Implement a 
system that is integrated with the accounting system or that provides 
the necessary input to the accounting system to facilitate timely, 
accurate, and efficient recording and reporting of disgorgement and 
penalty activity; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Disgorgements and penalties: Review the 
disgorgement and penalty judgments and subsequent activities documented 
in each case file by defendant to determine whether the individual 
amounts recorded in the case-tracking system are accurate and reliable; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Disgorgements and penalties: Implement 
controls so that the ongoing activities involving disgorgements and 
penalties are properly, accurately, and timely recorded in the 
accounting system; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Disgorgements and penalties: Strengthen 
coordination, communication, and data flow among staff of SEC's 
Division of Enforcement and Office of Financial Management (OFM) who 
share responsibility for recording and maintaining disgorgement and 
penalty data; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Disgorgements and penalties: Develop and 
implement written policies covering the procedures, documentation, 
systems, and responsible personnel involved in recording and reporting 
disgorgement and penalty financial information. The written procedures 
should also address quality control and managerial review 
responsibilities and documentation of such a review; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Financial statement preparation and 
reporting: Develop written policies and procedures that provide 
sufficient guidance for the year-end closing of the general ledger as 
well as the preparation and analysis of quarterly and annual financial 
statements; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Financial statement preparation and 
reporting: Prepare a crosswalk between the financial statements and the 
source systems, general ledger accounts, and the various account 
queries and analyses that make up key balances in the financial 
statements; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Financial statement preparation and 
reporting: Maintain subsidiary records or ledgers for all significant 
accounts and disclosures so that the amounts presented in the financial 
statements and footnotes can be supported by the collective 
transactions making up the balances; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Financial statement preparation and 
reporting: Perform monthly reconciliations of subsidiary records and 
summary account balances; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Financial statement preparation and 
reporting: Consider a "formal closing" of all accounts at an interim 
date(s), which will reduce the level of accounting activity and 
analysis required at year-end. The formal closing entails ensuring that 
all transactions are recorded in the proper period through month's end; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Financial statement preparation and 
reporting: Require supervisory review for all entries posted to the 
general ledger and financial statements, including closing entries. A 
supervisor should review revisions to previously approved entries and 
revised financial statements and footnotes. All entries and reviews 
should be documented; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Financial statement preparation and 
reporting: Establish milestones for preparing and reviewing the 
financial statements by setting dates for critical phases such as 
closing the general ledger; preparing financial statements, footnotes, 
and the performance and accountability report; and performing specific 
quality control review procedures; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Financial statement preparation and 
reporting: Utilize established tools (i.e., checklists and 
implementation guides) available for assistance in compiling and 
reviewing financial statements; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Financial statement preparation and 
reporting: Maintain documentation supporting all information included 
in the financial statements and footnotes. This documentation should be 
more self-explanatory than what has been retained in the past. The 
documentation should be at a level of detail to enable a third party, 
such as an auditor, to use the documentation for substantiating 
reported data without extensive explanation or re-creation by the 
original preparer; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Financial statement preparation and 
reporting: Take advantage of in-house resources and expertise in 
establishing financial reporting policies, internal controls, and 
business practices, as well as in the review of financial statement and 
footnote presentation; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Financial statement preparation and 
reporting: Develop or acquire an integrated financial management system 
to provide timely and accurate recording of financial data for 
financial reporting and management decision making; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Cash receipts:  Periodically reconcile the 
cash receipts log to the documentation supporting the deposit amount in 
the general ledger;  
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Property and equipment leases: Review all 
existing leases for property and equipment to determine if they should 
be capitalized or expensed and make any necessary adjustments to the 
related general ledger balances; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Property and equipment leases: Develop 
policies and procedures to properly account for future property and 
equipment leases on an ongoing basis; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Federal Personnel and Payroll System data: 
Periodically reconcile its active employees to Federal Personnel and 
Payroll System (FPPS). To do this, consideration should be given to 
maintaining an independent database of active employees and other 
payroll-related information, wherein active employee data could be 
readily compared with and reconciled to FPPS-generated payroll records. 
This reconciliation should be documented; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Closing recommendations to address Federal 
Managers' Financial Integrity Act weaknesses: Require documented 
support and review of SEC's corrective actions to provide evidence that 
actions taken in response to audit recommendations fully correct 
identified deficiencies prior to closing out the audit issues in the 
tracking system; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Source: GAO. 

Note: Recommendations made in GAO-05-691R and GAO-05-693R. 

[End of table] 

Table 2: Recommendations from 2005 Audit: 

Audit area/recommendation: Financial statement preparation and 
reporting: Staff OFM with the collective knowledge, skills, and 
experience necessary to achieve effective implementation of internal 
control over the financial statement preparation and reporting process; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Financial statement preparation and 
reporting: Finalize formal, written policies and procedures governing 
financial reporting processes and related internal control and quality 
assurance, including the basic documentation, audit trails, and 
crosswalks needed to support financial statement amounts, to facilitate 
management review of financial information; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Financial statement preparation and 
reporting: Formalize and place into operation a senior management 
council or committee to oversee financial reporting activities; provide 
advice; and regularly review the agency's financial information, 
operations, and policies; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Financial statement preparation and 
reporting: Determine cutoff dates for significant account balances that 
are both appropriate and practical to facilitate interim financial 
reporting and meeting year-end financial reporting deadlines; 
Status of recommendation: Closed: [Empty];  
Status of recommendation: Open: X. 

Audit area/recommendation: Financial statement preparation and 
reporting: Prepare interim footnote disclosures to facilitate meeting 
year-end financial reporting deadlines; 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Disgorgements and penalties: Develop, 
document in writing, and implement comprehensive policies, procedures, 
and controls over disgorgement and penalty transactions that include 
the following (see items 6-9): An accounting policy for disgorgements 
and penalties that will provide SEC management with reasonable 
assurance that the subsidiary ledger for disgorgement/penalty 
receivables is accurate and complete; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Disgorgements and penalties: Develop, 
document in writing, and implement comprehensive policies, procedures, 
and controls over disgorgement and penalty transactions that include 
the following (see items 6-9): The type of documentation and procedures 
needed to record the termination or waiver of a debt and the proper 
notification and communication for approved terminations and waivers, 
such that management has assurance that only valid and approved 
terminations are recorded; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Disgorgements and penalties: Develop, 
document in writing, and implement comprehensive policies, procedures, 
and controls over disgorgement and penalty transactions that include 
the following (see items 6-9): The recording of activity by case for 
fiduciary balances, including monthly reconciliations and management 
review, to ensure that balances by case are accurate; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Disgorgements and penalties: Develop, 
document in writing, and implement comprehensive policies, procedures, 
and controls over disgorgement and penalty transactions that include 
the following (see items 6-9): The initiation, recording, and 
monitoring of investments, including the monthly reconciliation of 
investment activity, to provide assurance that these fiduciary amounts 
are accurate and complete; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Responsibilities of contracting officer's 
technical representative (COTR): Clarify guidance regarding policies 
and procedures (as described in SECR10-8 and SECR10-15) for the COTR's 
responsibilities and take actions to help ensure existing policies and 
procedures are being followed consistently; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Internal review of filing fee calculations: 
Take action to help ensure that its policy on recalculating fee-bearing 
filing amounts is consistently followed; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Internal review of filing fee calculations: 
Take action to help ensure that the recalculation of the required 
filing fees is clearly documented; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X. 

Audit area/recommendation: Compliance with Prompt Payment Act: 
Incorporate a review of the invoice receipt date as part of its daily 
review of Momentum (SEC's general ledger) invoice entries to ensure the 
invoice receipt dates are accurately entered into Momentum. 
Status of recommendation: Closed: X; 
Status of recommendation: Open: [Empty]. 

Audit area/recommendation: Compliance with Prompt Payment Act: Take 
action to help ensure that the policy requiring the timely return of 
improper invoices to the vendor to allow for timely payment is 
followed; 
Status of recommendation: Closed: [Empty]; 
Status of recommendation: Open: X[A]. 

Source: GAO. 

Note: Recommendations from GAO-06-459R. 

[A] SEC has taken actions to address this recommendation. We plan to 
evaluate the effectiveness of these actions during our 2007 audit. 

[End of table] 

[End of section] 

Enclosure II: Comments from the U.S. Securities and Exchange 
Commission: 

Christopher Cox Chairman: 
Headquarters: 
100 F Street, NE: 
Washington, DC 20549: 

United States: 
Securities And Exchange Commission: 
Regional Offices: 
New York, Chicago, Los Angeles, Denver, Miami: 
District Offices: 
Boston, Philadelphia, Atlanta, Fort Worth, Salt Lake City, San 
Francisco: 

Ms. Jeanette M. Franzel: 
Director: 
Financial Management and Assurance: 
Government Accountability Office: 
441 G Street, N.W. 
Washington, D.C. 20548: 

Dear Ms. Franzel: 

Thank you for the opportunity to review and comment on the draft report 
of the Government Accountability Office (GAO) entitled Internal 
Control: Improvements Needed in SEC's Accounting/Operational 
Procedures, GAO-07-482R. The report discusses issues identified in 
GAO's fiscal years (FY) 2006 and 2005 audit of the financial statements 
of the Securities and Exchange Commission (SEC) and reflects the state 
of the SEC's internal controls as of September 30, 2006. I would like 
to acknowledge and commend your efforts and those of the GAO staff in 
working with the SEC to meet our financial reporting deadlines and 
improve the SEC's control over financial reporting. 

I am pleased that the GAO's FY 2006 audit found that the SEC's 
financial statements and notes were presented fairly, in all material 
respects, and in conformity with U.S. generally accepted accounting 
principles; that the SEC had effective internal controls over financial 
reporting and compliance with laws and regulations, although certain 
controls should be improved; and that there were no instances of 
reportable noncompliance with laws and regulations tested by the GAO. 

The GAO's draft report provides additional information and 
recommendations with respect to two of the three reportable conditions 
that existed at the end of last year's audit: controls over recording 
and reporting disgorgement and penalty activity, and controls over 
property and equipment activity. Although not considered reportable 
conditions, the report also provides information and a recommendation 
regarding payroll and personnel action processing. The SEC's 
information security controls are addressed in a separate GAO report. 

As the GAO recognized, the SEC made progress in addressing its internal 
control deficiencies in FY 2006, and we have redoubled our efforts in 
FY 2007. Specifically, since the end of last year's audit, the SEC has 
taken steps to implement GAO's recommendations through several actions 
that are not reflected in the Management Letter. 

With respect to the recording and reporting of disgorgement and penalty 
activity, we have made substantial progress in addressing each of the 
GAO's recommendations. We are pleased to report that on February 26, 
2007, we implemented a new information technology system (Phoenix) for 
tracking disgorgement and penalty receivable and collection activity. 
The system has been designed to strengthen the SEC's internal controls 
so that all ongoing activities are properly, accurately and timely 
recorded. In conjunction with the rollout of the Phoenix system, the 
SEC implemented new policies and procedures as well as mandatory 
computer based training modules for approximately 200 mid-and senior-
level managers in the Division of Enforcement. We plan to continue to 
improve the process by further automation and will review the manual 
compensating controls currently in place. 

With respect to the recording and control of property and equipment 
activity, we have made progress in addressing each of the GAO's 
recommendations. We have hired a contractor to update the SEC's 
policies and to develop procedures and audit steps to ensure proper 
implementation. The revised policy on property and equipment is 
projected to be in place by the end of the fiscal year. In addition, we 
recently implemented a semi-annual audit to compare invoices paid to 
property system data to identify any unrecorded purchases that satisfy 
established capitalization criteria. 

With respect to the recording of internal use software, we have 
implemented a number of initiatives to improve the accuracy of the 
amounts capitalized. We have instituted a detailed supervisory level 
review of all capitalization data provided by project managers, and we 
have restructured our accounting code classification to segregate 
capitalized software from non-capitalized software. We concur with your 
recommendation to provide training to the software project managers on 
the applicable generally accepted accounting principals and expect to 
deliver training this fiscal year. 

The SEC has also made improvements over payroll and personnel action 
processing. We significantly reduced system access privileges to allow 
only a few people to be able to initiate and approve an action; we 
improved the approval process for time and attendance certification; 
and we began work on documenting procedures for payroll and personnel 
actions. As recommended in your report, we plan to evaluate the 
effectiveness of the revised processes to determine if any further 
modifications are necessary or if any new processes are needed. 

As Chairman, I remain committed to improving the SEC's financial 
integrity and operational efficiencies, so that the agency can lead by 
example when it comes to establishing and maintaining effective 
internal control over financial reporting. I appreciate your support of 
these efforts, and look forward to continuing our productive dialogue 
during the course of this year's audit. 

Thank you again for the opportunity to comment on this report. If you 
have any questions relating to our response, please contact our Chief 
Financial Officer, Kristine Chadwick, at 202-551-7836. 

Sincerely, 

Signed by: 

Christopher Cox: 
Chairman: 

[End of section] 

Enclosure III: Details on Audit Scope and Methodology[Footnote 12]:  

To fulfill our responsibilities as auditor of the financial statements 
of SEC, we did the following: 

* Examined, on a test basis, evidence supporting the amounts and 
disclosures in the financial statements. 

* Assessed the accounting principles used and significant estimates 
made by management. 

* Evaluated the overall presentation of the financial statements. 

* Obtained an understanding of internal controls related to financial 
reporting and compliance with laws and regulations. 

* Obtained an understanding of the recording, processing, and 
summarizing of performance measures as reported in Management's 
Discussion and Analysis. 

* Tested relevant internal controls over financial reporting and 
compliance, and evaluated the design and operating effectiveness of 
internal control. 

* Considered SEC's process for evaluating and reporting on internal 
control and financial management systems under the Federal Managers' 
Financial Integrity Act of 1982. 

* Tested compliance with selected provisions of the following laws and 
regulations: the Securities Exchange Act of 1934, as amended; the 
Securities Act of 1933, as amended; the Anti-Deficiency Act; laws 
governing the pay and allowance system for SEC employees; and the 
Prompt Payment Act. 

We requested comments on a draft of this report from the Chairman of 
SEC. We received written comments from SEC. We conducted our audit in 
accordance with U.S. generally accepted government auditing standards. 

(194648): 

FOOTNOTES 

[1] GAO, Financial Audit: Securities and Exchange Commission's 
Financial Statements for Fiscal Years 2006 and 2005, GAO-07-134 
(Washington, D.C.: Nov. 15, 2006). 

[2] The internal control issues concerning information security are 
discussed in a separate report: GAO, Information Security: Sustained 
Progress Needed to Strengthen Controls at the Securities and Exchange 
Commission, GAO-07-256 (Washington, D.C.: Mar. 27, 2007). 

[3] Recommendations were addressed in our internal control reports 
issued as part of our fiscal year 2004 and 2005 SEC financial statement 
audits: GAO, Material Internal Control Issues Reported in SEC's Fiscal 
Year 2004 Financial Statement Audit Report, GAO-05-691R (Washington, 
D.C.: July 27, 2005); Management Report: Opportunities for Improvements 
in SEC's Internal Controls and Accounting Procedures, GAO-05-693R 
(Washington, D.C.: Aug. 12, 2005); and Internal Control: Improvements 
Needed in SEC's Accounting and Financial Reporting Procedures, GAO-06- 
459R (Washington, D.C.: Apr. 21, 2006). 

[4] A material weakness is a condition in which the design or operation 
of one or more of the internal control components does not reduce to a 
relatively low level the risk that errors, fraud, or noncompliance in 
amounts that would be material to the financial statements may occur 
and not be detected promptly by employees in the normal course of their 
duties. 

[5] Reportable conditions are defined as significant deficiencies in 
the design or operation of internal control that could adversely affect 
the entity's ability to record, process, summarize, and report 
financial data consistent with the assertions of management in the 
financial statements. 

[6] GAO-05-691R, GAO-05-693R, and GAO-06-459R. 

[7] GAO-07-134. 

[8] Fiduciary activities represent the moneys collected from federal 
securities law violators and maintained by SEC to be distributed to 
harmed investors. Custodial activities represent the moneys collected 
by SEC from violators of federal securities laws that are returned to 
the Treasury, as nonfederal individuals or entities do not have an 
ownership interest in such amounts. 

[9] GAO, Standards for Internal Control in the Federal Government, GAO/ 
AIMD-00-21.3.1 (Washington, D.C.: November 1999). 

[10] GAO, Maintaining Effective Control over Employee Time and 
Attendance Reporting, GAO-03-352G (Washington, D.C.: January 2003). 

[11] GAO, Material Internal Control Issues Reported in SEC's Fiscal 
Year 2004 Financial Statement Audit Report, GAO-05-691R (Washington, 
D.C.: July 27, 2005); Management Report: Opportunities for Improvements 
in SEC's Internal Controls and Accounting Procedures, GAO-05-693R 
(Washington, D.C.: Aug. 12, 2005); and Internal Control: Improvements 
Needed in SEC's Accounting and Financial Reporting Procedures, GAO-06- 
459R (Washington, D.C.: Apr. 21, 2006). 

[12] For further explanation of our audit scope and methodology, see 
the financial audit report (GAO-07-134). 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts 
newly released reports, testimony, and correspondence on its Web site. 
To have GAO e-mail you a list of newly posted products every afternoon, 
go to www.gao.gov and select "Subscribe to Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office 441 G Street NW, Room LM 
Washington, D.C. 20548: 

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 
512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. 
Government Accountability Office, 441 G Street NW, Room 7125 
Washington, D.C. 20548: 

Public Affairs: 

Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 
U.S. Government Accountability Office, 441 G Street NW, Room 7149 
Washington, D.C. 20548: