This is the accessible text file for GAO report number GAO-07-942R entitled 'Management Report: Opportunities for Improvements in FDIC's Internal Controls and Accounting Procedures' which was released on June 27, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. June 27, 2007: Mr. Steven O. App: Deputy to the Chairman and Chief Financial Officer: Federal Deposit Insurance Corporation: Subject: Management Report: Opportunities for Improvements in FDIC's Internal Controls and Accounting Procedures: Dear Mr. App: In February 2007, we issued our opinions on the calendar year 2006 financial statements of the Deposit Insurance Fund (DIF) and the FSLIC Resolution Fund (FRF).[Footnote 1] We also issued our opinion on the effectiveness of the Federal Deposit Insurance Corporation's (FDIC) internal control over financial reporting (including safeguarding assets) and compliance as of December 31, 2006, and our evaluation of FDIC's compliance with significant provisions of selected laws and regulations for the two funds for the year ended December 31, 2006.[Footnote 2] The purpose of this report is to present issues identified during our audits of the 2006 financial statements regarding internal controls and accounting procedures and to recommend actions to address these issues. Although these issues were not material in relation to the financial statements, we believe they warrant management's attention. We are making seven recommendations for strengthening FDIC's internal controls and accounting procedures. We conducted our audits in accordance with U.S. generally accepted government auditing standards. Results in Brief: During our audits of the 2006 financial statements, we identified several internal control issues that affected FDIC's accounting for the funds it administers. Although we do not consider them to be material weaknesses[Footnote 3] or significant deficiencies,[Footnote 4] we believe they warrant management's consideration. Specifically, we found the following: * FDIC had inadequate or incomplete written procedures for key segments of its general ledger monthly closing process and other financial operations. The absence of adequate written procedures increases the risk that (1) all necessary steps in the monthly general ledger closing process and other processes may not be completely, correctly, and consistently performed and (2) disruptions and errors may arise when staff changes occur. This, in turn, could affect the reliability of data presented in FDIC's financial statements. * FDIC lacked adequate supervisory reviews of key tasks in the monthly general ledger closing process and other financial operations, increasing the risk that errors in preparing financial statements might not be timely detected and corrected. * FDIC incorrectly excluded certain receivership data used in the calculation of loss rates from bank failures, resulting in an error in these loss rates that could have affected the accuracy/reliability of the contingent liability presented in the financial statements. * FDIC lacked appropriate control to safeguard checks received in its Dallas mailroom and did not provide proper oversight of contractor lockbox operations, increasing the risk of theft, loss, or misappropriation of assets. We are making seven recommendations to improve FDIC's internal controls and accounting procedures. Implementation of these recommendations would strengthen FDIC's conformance with the internal control standards that federal agencies are required to follow[Footnote 5] and minimize the risk of future misstatements in the two funds' financial statements. In its comments, FDIC agreed with our recommendations and described actions it has taken or plans to take to address the control weaknesses described in this report. At the end of our discussion of each of the issues in this report, we have summarized FDIC's related comments and our evaluation. Scope and Methodology: As part of our audits of the 2006 and 2005 financial statements of the two funds administered by FDIC, we evaluated FDIC's internal controls and its compliance with selected provisions of laws and regulations. We designed our audit procedures to test relevant controls, including those intended to ensure proper authorization, execution, accounting, and reporting of transactions. We requested comments on a draft of this report from the FDIC Deputy to the Chairman and Chief Financial Officer. We received written comments and have reprinted the comments in enclosure I. Further details on our scope and methodology are included in our report on the results of our audits of the 2006 and 2005 financial statements, and are reproduced in enclosure II. General Ledger Closing and Other Financial Processing Procedures: During our observations of FDIC's monthly general ledger closing process and other financial operations related to the preparation of DIF's and FRF's financial statements, we identified several critical steps in the processes in which the documentation of procedures was either inadequate or incomplete and could be improved. These critical steps involved activities that were performed outside the automated processes of the PeopleSoft application within FDIC's financial environment. GAO's Standards for Internal Control in the Federal Government requires that internal control procedures be clearly documented in management directives, policies, or operating manuals. Further, all documentation should be properly managed and maintained. Specifically, we observed that there were inadequate written procedures covering the (1) preparation of the DIF and FRF financial statements, (2) closing out of terminated receiverships, (3) review of the vendor maintenance log, and (4) number and types of oversight reports and audit logs that are used to monitor financial processes, including documentation of the periodic review of these reports and audit logs. We also identified the following activities in the monthly general ledger closing process where the extent of written procedures could be improved: * Preparation and entering spreadsheet adjustments to the general ledger for (1) estimated legal contingent liabilities, (2) loan loss reserve, and (3) accounts payable accruals. * Preparation and recording entries to the general ledger for the payroll liability accruals. * Preparation of final accounts payable accrual analysis reports. Additionally, we found that there was incomplete detailed documentation (run sheets) for automated transactions used to accomplish the monthly closing process. According to FDIC officials, the lack of adequate written procedures was caused by the fact that management attention and resources have been devoted to higher priorities in ensuring the successful implementation of the new financial management system. Nonetheless, inadequate or incomplete written procedures reduce the assurance that critical processes and operating activities have been completely, correctly, and consistently performed; increase the risk of disruption and errors when staff changes occur; and could affect the reliability of data presented in FDIC's financial statements. Recommendation: We recommend that FDIC improve its written procedures by describing more explicitly the steps required to accomplish and document each significant activity in the monthly general ledger closing process and other financial operations related to financial statement preparation in order to help ensure that such steps are completely, consistently, and accurately performed. FDIC Comments and Our Evaluation: FDIC agreed with our recommendation. In response to our finding, FDIC stated that existing procedures and process documentation will be enhanced to more explicitly capture the key steps and activities required to support the monthly general ledger closing process and other related financial operation areas. FDIC further stated that this procedures work is scheduled to be completed in phases, starting with the most critical areas by June 30, 2007, and the other processes completed by December 31, 2007. We will evaluate the effectiveness of FDIC's actions during our 2007 financial audit. Supervisory Review of General Ledger Closing and Other Financial Operations: During our observations of the monthly general ledger closing process and related activities, we identified several instances in which there was inadequate supervisory review of key tasks or activities outside the automated financial processes. Supervisory review of key activities is important to ensure that errors in the data or processes leading to preparation of the annual financial statements are timely detected and corrected. GAO's Standards for Internal Control in the Federal Government requires agencies to implement internal control procedures to ensure the accurate and timely recording of transactions and events. In addition, these standards require that qualified and continuous supervision be provided to ensure that internal control objectives are achieved. Specifically, we identified the following activities in the monthly general ledger closing and related processes where there was inadequate supervisory review: * Manual compilation of spreadsheets containing expense accrual data used to update monthly balances prior to the system upload. * Manual compilation of final expense accrual analysis reports prior to distribution. * Preparation of reports relating to fiscal year comparisons and the corporate closing trial balance prior to the fiscal year end system close. * Changes to business rules that specify how certain financial transactions are to be processed. * Override of accounts payable match exception transactions. According to FDIC officials, the lack of adequate supervisory review was caused by management's attention being devoted to higher priorities in ensuring the successful implementation of new financial management processes and the administrative challenges posed by the merger of the Bank Insurance Fund and the Savings Association Insurance Fund. Nonetheless, inadequate supervisory review of the activities noted above increases the risk to FDIC that errors might not be detected and corrected in a timely manner. This, in turn, increases the risk of misstatements in the DIF's and FRF's financial statements. Recommendation: We recommend that FDIC emphasize to its staff the importance of completing required supervisory review of key transactions and procedures in the monthly general ledger closing process and other financial operations to ensure that they are properly executed and that these reviews are documented. FDIC Comments and Our Evaluation: FDIC agreed with our recommendation. FDIC stated that it has and will continue to emphasize to staff the importance of documented supervisory review of key tasks and activities. We will evaluate the effectiveness of FDIC's actions during our 2007 financial audit. Calculation of Loss Rates for Anticipated Bank Failures: During our testing of contingencies related to the anticipated failures of insured institutions, we identified an error in one of the statistical analysis programs FDIC uses to estimate expected loss rates for various categories of assets. Specifically, FDIC incorrectly excluded certain asset data for an individual receivership from this statistical program. GAO's Standards for Internal Control in the Federal Government requires agencies to implement internal control procedures to ensure the accurate and timely recording of transactions and events. In addition, these standards require that qualified and continuous supervision be provided to ensure that internal control objectives are achieved. FDIC records a contingent liability and loss provision for DIF-insured institutions that are likely to fail within 1 year of the financial statement reporting date, absent some favorable event such as obtaining additional capital or merging, when the liability becomes probable and reasonably estimable. The contingent liability is derived by applying expected failure and loss rates to institutions based on supervisory ratings, balance sheet characteristics, and projected capital levels. To derive expected loss rates, FDIC uses historical information from receiverships to compute actual losses on six categories of assets that constitute total bank assets: installment loans, commercial loans, securities, mortgages, other real estate owned, and all other assets. These actual losses are converted to expected loss rates for each asset category. These expected loss rates are then applied to the book value of each asset category of the institution deemed likely to fail to determine the total loss anticipated from the likely institution failure. To perform the analysis necessary to derive the expected loss rates and the contingent liability, FDIC uses statistical programs. However, during our audit, we found an error in the program used to estimate loss rates on the six categories of assets. Specifically, FDIC incorrectly included loss rates on securities of a receivership it intended to exclude, while mistakenly excluding loss rates of securities of another receivership. FDIC did not identify this error because it resulted from a transposition error that was not detected in FDIC's routine review of its statistical program. After we brought this error to FDIC's attention, FDIC corrected the error and recalculated the loss rates for 2006. While this revised calculation showed that the error had an immaterial effect on the loss rate computation in this instance, such an error, if undetected and uncorrected, could have had a significant effect on the calculation of loss rates and thus on the contingent liability presented in the financial statements. Recommendation: We recommend that FDIC emphasize to its staff the importance of thoroughly verifying the accuracy of all data elements included in the calculation of loss rates used in estimating the contingent liability for anticipated failures. FDIC Comments and Our Evaluation: FDIC agreed with our recommendation. FDIC stated that at the time of the review existing audit procedures required the review of all statistical programs but focused primarily on program logic. After GAO identified the error, FDIC modified the review process to also check any hard-coded data for errors. Additionally, FDIC stated that its staff was apprised of the new procedures, which became effective January 31, 2007. We will evaluate the effectiveness of FDIC's actions during our 2007 financial audit. Receivership Receipts (Mailroom and Cashier Controls): During our testing of FDIC's internal controls in the mailroom and cashier operations of its Dallas field office, we identified deficiencies in controls over checks received that increased the risk of theft, loss, or misappropriation of receipts. GAO's Standards for Internal Control in the Federal Government requires agencies to establish physical control to secure and safeguard vulnerable assets. Examples include security for, and limited access to, assets such as cash, securities, inventories, and equipment that might be vulnerable to risk of loss or unauthorized use. The mailroom of the Dallas field office is responsible for opening mail, including monetary receipts for receivership activities. These receipts are in the form of checks that generally consist of loan repayments from debtors of failed financial institutions. For those checks not received in the Dallas mailroom, FDIC uses a lockbox administered by JPMorgan Chase Bank, N.A. (JPMorgan). The lockbox is emptied several times a day and the checks are deposited in an FDIC account at JPMorgan. Each day, JPMorgan forwards to FDIC online image copies of the checks deposited that day and all supporting documentation received with the checks. For calendar year 2006, the mailroom of the Dallas field office directly processed 1,870 checks totaling approximately $31.9 million, while the lockbox operation processed 1,758 checks totaling approximately $5.2 million. Whether checks are received in the mailroom or lockbox, the Cashiers Unit is responsible for accounting for all receivership receipts. In our tests of controls of FDIC's Dallas field office mailroom and Cashiers Unit operations, we found the following control deficiencies: * The mailroom contractor staff did not adequately account for checks upon receipt and prior to storing the checks in a safe. Specifically, we found that the check log prepared upon extraction of receipts from the envelopes was not reconciled to the total number of checks and the total dollar value of checks received. Additionally, the check log was not initialed and dated by the preparer, and a tape recording agreement of checks to the check log was not prepared. Finally, we observed that the checks were not locked in a secured bag. * The file cabinet used by the Cashiers Unit to store checks overnight requires only one person to open it. We observed that four individuals had keys and unlimited access to the file cabinet. In addition, we found that FDIC's policies and procedures do not require the examination of any internal audit reviews of internal controls at JPMorgan's lockbox operation to ensure that these controls are effective and operating as intended. We were informed that JPMorgan's internal audit department conducts periodic reviews of lockbox operations using a risk-based approach. This approach includes an assessment of the key risks and processes within lockbox operations and an evaluation of associated controls, as well as an examination of policies and procedures to determine their overall effectiveness. JPMorgan's internal audit department completed its most recent review of lockbox operations in August 2006. However, its reviews are not required to be obtained and evaluated by FDIC. Safeguarding controls are critical in preventing the theft of cash or checks. The lack of effective safeguarding controls increases the risk of theft, loss, or misappropriation of assets. Recommendations: To improve physical security in the Dallas field office mailroom and cashier operations, we recommend that FDIC instruct: * mailroom contractor employees to reconcile checks received to the check log, initial and date the log, and prepare a tape recording agreement of the checks to the check log; * mailroom contractor employees to lock the checks in a secured bag immediately upon receipt and prior to storing the checks in a safe; and: * Cashiers Unit employees to store checks overnight in a locked file cabinet that requires two individuals to open it. In addition, we recommend that FDIC modify its policies and procedures to require regular review and take appropriate actions to address the results of examinations of internal controls at the contractor's lockbox operation to ensure that controls are effective and operating as intended. FDIC Comments and Our Evaluation: FDIC agreed with the intent of our recommendations. In response to our findings related to FDIC's Dallas field office mailroom and Cashiers Unit, FDIC cited corrective actions completed by January 31, 2007, that address the issues we identified and are consistent with the intent of our recommendations. As to FDIC's policies and procedures related to the internal audit reviews of internal controls at JPMorgan's lockbox operation, FDIC stated that its policies and procedures will be modified by June 30, 2007, to request annual audit reports from JPMorgan and for FDIC to review those reports for possible internal control weaknesses and proposed corrective actions. We will evaluate the effectiveness of FDIC's actions during our 2007 financial audit. This report contains recommendations to you. We would appreciate receiving a description and status of your corrective actions within 30 days of the date of this report. This report is intended for use by FDIC management, members of the FDIC Audit Committee, and the FDIC Inspector General. We are sending copies of this report to the Chairman and Ranking Minority Member of the Senate Committee on Banking, Housing, and Urban Affairs; the Chairman and Ranking Minority Member of the House Committee on Financial Services; the Chairman of the Board of Directors of the Federal Deposit Insurance Corporation; the Chairman of the Board of Governors of the Federal Reserve System; the Comptroller of the Currency; the Director of the Office of Thrift Supervision; the Secretary of the Treasury; the Director of the Office of Management and Budget; and other interested parties. In addition, this report will be available at no charge on GAO's Web site at http://www.gao.gov. We acknowledge and appreciate the cooperation and assistance provided by FDIC management and staff during our audits of FDIC's 2006 and 2005 financial statements. If you have any questions about this report or need assistance in addressing these issues, please contact me at (202) 512-3406 or sebastians@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are listed in enclosure III. Sincerely yours, Signed by: Steven J. Sebastian: Director: Financial Management and Assurance: Enclosures - 3: [End of section] Enclosure I: Comments from the Federal Deposit Insurance Corporation: Federal Deposit Insurance Corporation: 550 17th Street NW, Washington, D.C. 20429-9990: Deputy to the Chairman and CFO: June 15, 2007: Mr. Steven J. Sebastian, Director: Financial Management and Assurance: U.S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Dear Mr. Sebastian, Thank you for the opportunity to respond to the draft report entitled, Management Report: Opportunities for Improvement in FDIC's Internal Controls and Accounting Procedures, GAO-07-942R. The report discusses matters that were identified during the 2006 financial statements audit regarding internal controls and accounting procedures that could be improved, and recommendations to address them. Although the Government Accountability Office (GAO) believes that these matters warrant management's attention, we are pleased that GAO acknowledged that they were not material in relation to the financial statements and does not consider them to be material weaknesses or significant deficiencies. We welcome your recommendations to improve our internal controls and recognize the benefit of implementing them. The FDIC has already completed actions to address some of the recommendations and we look forward to completing the corrective actions on the remaining ones. Our detailed management responses to the recommendations are provided in Attachment 1. We appreciate your diligent work on these matters. If you have any questions relating to the responses, please contact James H. Angel, Jr., Director, Office of Enterprise Risk Management, at 703-562-6456. Sincerely, Signed by: Steven O. App: Deputy to the Chairman and Chief Financial Officer: Attachment: cc: John F. Bovenzi: Bret D. Edwards: Arthur J. Murton: Arleas Upton Kea: Mitchell Glassman: James H. Angel, Jr. Alice C. Goodman: FDIC Responses to 2006 Management Report: Attachment 1: General Ledger Closing and Other Financial Processing Procedures: GAO found that FDIC had inadequate or incomplete written procedures for key segments of its general ledger monthly closing process and other financial operations. The absence of adequate written procedures increases the risk that 1) all necessary steps in the closing process may not be completely, correctly, and consistently performed and 2) disruptions and errors may arise when staff changes occur. This could impact the reliability of data presented in FDIC's financial statements. Recommendation 1: GAO recommended that FDIC improve its written procedures by describing more explicitly the steps required to accomplish and document each significant activity in the monthly general ledger closing process and other financial operations related to financial statement preparation in order to help ensure that such steps are completely, consistently, and accurately performed. Management Response: We concur with the recommendation and agree that existing procedures and process documentation can be enhanced to more explicitly capture the key steps and activities required to support the monthly general ledger closing process and other financial operation related areas. This procedures work is scheduled to be completed in phases, starting with the most critical areas by June 30, 2007, and other processes completed by December 31, 2007. Supervisory Review of General Ledger Closing and Other Financial Operations: GAO found that FDIC lacked adequate supervisory reviews of key tasks in the closing process and other financial operations, increasing the risk that errors in preparing financial statements might not be timely detected and corrected. Recommendation 2: GAO recommended that FDIC emphasize to its staff the importance of completing required supervisory review of key transactions and procedures in the monthly general ledger closing process and other financial operations to ensure that they are properly executed and that these reviews be documented. Management Response: We concur with the recommendation and have and will continue to emphasize to staff the importance of documented supervisory review of key tasks and activities. Additionally, we believe the enhanced procedures referred to in the previous response will more explicitly detail the supervisory review steps and required documentation. Calculation of Loss Rates for Anticipated Bank Failures: GAO found that FDIC incorrectly excluded certain receivership data used in the calculation of loss rates from bank failures, resulting in an error in these loss rates which could have impacted the accuracy/ reliability of the contingent liability presented in the financial statements. Recommendation 3: GAO recommended that FDIC emphasize to its staff the importance of thoroughly verifying the accuracy of all data elements included in the calculation of loss rates used in estimating the contingent liability for anticipated failures. Management Response: We concur with the recommendation. At the time of the review, existing audit procedures required the review of all statistical programs, which focused primarily on program logic. After the identification of the error, which GAO acknowledges had no material effect on the loss rate computation, the review process was immediately modified also to check any hard-coded data as part of the audit of program files. The staff was apprised of the new procedures, which became effective January 31, 2007. Receivership Receipts (Mailroom and Cashier Controls): GAO found FDIC did not maintain adequate control to safeguard checks received in its Dallas mailroom and did not provide proper oversight of contractor lock box operations, increasing the risk of theft, loss, or misappropriation of assets. Recommendation 4: To improve its physical security over the Dallas field office mailroom operations, GAO recommended that FDIC instruct mailroom contractor employees to reconcile checks received to the check log, initial and date the log, and prepare a tape recording agreement of the checks to the check log. Management Response: We concur with the recommendation. To improve the security over these checks, the mailroom check processing procedures were revised in January 2007. As has been the mailroom's practice, all checks received must be promptly recorded. The revised procedures instruct the mailroom staff to run a tape of the checks as they are received, initial and date the tape, and attach the tape to the checks. Additionally, as part of the revised process, the mailroom staff must place the checks and tapes in a sealed envelope, place that envelope into a wall mounted safe depository drop box, and contact the Division of Resolutions and Receiverships (DRR) Cashier Unit for pickup. The Cashier Unit maintains the key to the safe depository and retrieves the checks upon notification by the mailroom staff. Under this new process, the Cashier sends an email confirmation of the pick-up indicating the number of checks, total amount, and receipt date. The email is then reconciled to the check log. We have attached the revised Mailroom Check Processing procedures as well as a description of the secure drop box used for check depository. The corrective actions were completed January 31, 2007. Recommendation 5: To improve its physical security over the Dallas field office mailroom operations, GAO recommended that FDIC instruct mailroom contractor employees to lock the checks in a secured bag immediately upon receipt and prior to storing the checks in a safe. Management Response: This recommendation is not applicable since the Division of Administration (DOA) no longer uses a secured bag to lock and store checks. As stated in our response to Recommendation 4, the DOA mailroom staffputs checks into a sealed envelope immediately upon receipt and places the envelope into a wall mounted locked safe depository drop box for pickup by the Cashier Unit. This process replaced the use of a secured bag and safe. The drop box can only be opened by the Cashier Unit. This process satisfies the intent of the recommendation. Recommendation 6: To improve its physical security over the Dallas field office cashier operations, GAO recommended that the Cashiers Unit employees store checks overnight in a locked file cabinet that requires two individuals to open. Management Response: We concur with the recommendation. The corrective activity for this recommendation was implemented during the audit. The file cabinet used by the Cashier Unit is a locking fire proof cabinet within a secure room. A combination lock was added to the file cabinet with access given to DRR accounting personnel who do not have a key to the file cabinet lock or knowledge of the cipher lock combination to the room. All monetary items in the possession of the Cashier Unit are secured in the file cabinet requiring two individuals to unlock the cabinet. This corrective activity was coordinated with DOA in conjunction with changes to the DOA mailroom procedures. A second lock was installed on the cashiers file on or about January 12, 2007. Recommendation 7: GAO recommended that FDIC modify its policies and procedures to require regular review and take appropriate actions to address the results of examinations of internal controls at the contractor's lock box operation to ensure that controls are effective and operating as intended. Management Response: We concur with the recommendation. DRR will modify its procedures and policies by June 30, 2007, to require annual requests of external audit reports of JPMorgan Chase Bank and will review those reports for possible internal control weaknesses and proposed corrective actions. [End of section] Enclosure II: Details on Audit Scope and Methodology: To fulfill our responsibilities as auditor of the financial statements of the two funds administered by FDIC, we did the following: * examined, on a test basis, evidence supporting the amounts and disclosures in the financial statements; * assessed the accounting principles used and significant estimates made by management; * evaluated the overall presentation of the financial statements; * obtained an understanding of internal controls related to financial reporting (including safeguarding assets) and compliance with selected laws and regulations; * tested relevant internal controls over financial reporting and compliance, and evaluated the design and operating effectiveness of internal control; * considered FDIC's process for evaluating and reporting on internal control based on criteria established by 31 U.S.C. § 3512 (c), (d), (commonly referred to as the Federal Managers' Financial Integrity Act); and: * tested compliance with applicable laws and regulations, including selected provisions of the Federal Deposit Insurance Act, as amended, and the Chief Financial Officers Act of 1990. [End of section] Enclosure III: Acknowledgments: The following individuals made major contributions to this report: Gary Chupka, Assistant Director; Verginie Amirkhanian; Gloria Cano; Nina Crocker; Mickie Gray; David Hayes; Wing Kwong; Mary Osorno; Eduvina Rodriguez; and Greg Ziombra. [End of section] (196161): FOOTNOTES [1] On February 8, 2006, the President signed into law the Federal Deposit Insurance Reform Act of 2005 (the Act). Among its provisions, the Act called for the merger of the Bank Insurance Fund (BIF) and Savings Association Insurance Fund (SAIF) into DIF. In accordance with the Act, the Federal Deposit Insurance Corporation merged BIF and SAIF into the newly established DIF on March 31, 2006. The financial results of the newly formed DIF were retrospectively applied as though they had been combined at the beginning of 2006, as well as for prior periods presented for comparative purposes. [2] GAO, Financial Audit: Federal Deposit Insurance Corporation Funds' 2006 and 2005 Financial Statements, GAO-07-371 (Washington, D.C.: Feb. 13, 2007). [3] A material weakness is a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected. [4] A significant deficiency is a control deficiency, or combination of deficiencies, that adversely affects the entity's ability to initiate, authorize, record, process, or report financial data reliably in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the entity's financial statements that is more than inconsequential will not be prevented or detected. [5] GAO, Standards for Internal Control in the Federal Government, GAO/ AIMD-00-21.3.1 (Washington, D.C.: November 1999). GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to www.gao.gov and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, D.C. 20548: Public Affairs: Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: