This is the accessible text file for GAO report number GAO-09-943R entitled 'Management Report: Opportunities for Improvements in FDIC’s Internal Controls and Accounting Procedures' which was released on September 15, 2009. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. GAO-09-943R: United States Government Accountability Office: Washington, DC 20548: September 15, 2009: The Honorable Steven O. App: Deputy to the Chairman and Chief Financial Officer: Federal Deposit Insurance Corporation: Subject: Management Report: Opportunities for Improvements in FDIC’s Internal Controls and Accounting Procedures: Dear Mr. App: In May 2009, we issued our opinions on the calendar year 2008 financial statements of the Deposit Insurance Fund (DIF) and the FSLIC[Footnote 1] Resolution Fund (FRF). We also issued our opinion on the effectiveness of the Federal Deposit Insurance Corporation’s (FDIC) internal control over financial reporting (including safeguarding assets) as of December 31, 2008, and our evaluation of FDIC’s compliance with provisions of selected laws and regulations for the two funds for the year ended December 31, 2008.[Footnote 2] The purpose of this report is to present issues identified during our audit of the 2008 financial statements regarding certain internal controls and accounting procedures and to recommend actions to address these issues. We are making four recommendations for strengthening FDIC’s internal controls and accounting procedures. Results in Brief: During our audits of the 2008 financial statements, we identified four internal control issues that affected FDIC’s accounting for the funds it administers. Although we do not consider them to be material weaknesses or significant deficiencies,[Footnote 3] and thus do not consider them to be material in relation to DIF’s and FRF’s financial statements, we believe that they warrant management’s attention and action. These issues concern the following: * Written policies and procedures were not updated to document FDIC’s new methodology used to determine the estimated cash recovery of receivership assets. * Controls did not ensure that correct amounts were paid for services provided by contractors and that operating expenses were appropriately allocated among the funds FDIC administers. * Oversight of contracted lockbox operations did not provide adequate assurance that controls were effectively designed to minimize the risk of loss, theft, and misreporting of receivership receipts. * Controls over the processing of receivership receipt transactions did not result in transactions being timely applied to the appropriate receivership accounts. These issues increase the risk that FDIC would not prevent or timely detect (1) errors or inconsistencies in valuing failed bank assets, (2) erroneous payments and errors in allocating operating expenses, (3) loss or theft of receivership receipts processed at a contractor- operated lockbox facility, or (4) misstatements in receivership accounts. At the end of our discussion of each of these issues in the following sections, we make recommendations for strengthening FDIC’s internal controls or accounting procedures. These recommendations are intended to improve management’s oversight and controls, decrease the risk of theft or misappropriation of assets, and minimize the risk of misstatements in DIF’s and FRF’s financial statements. In its comments, FDIC agreed with our recommendations and described actions it has taken or plans to take to address the control weaknesses described in this report. At the end of our discussion of each of the issues in this report, we have summarized FDIC’s related comments and our evaluation. Scope and Methodology: As part of our audits of the 2008 and 2007 financial statements of the two funds administered by FDIC, we evaluated FDIC’s internal controls and tested its compliance with selected provisions of laws and regulations. We designed our audit procedures to test relevant controls over financial reporting, including those designed to provide reasonable assurance that transactions are properly recorded, processed, and summarized to permit the preparation of DIF’s and FRF’s financial statements in conformity with U.S. generally accepted accounting principles, and that assets are safeguarded against loss from unauthorized acquisition, use, or disposition. We requested comments on a draft of this report from the FDIC Deputy to the Chairman and Chief Financial Officer. We received written comments from FDIC and have reprinted the comments in their entirety in enclosure I. We conducted our audits in accordance with U.S. generally accepted government auditing standards. Further details on our scope and methodology are included in our May 2009 report on the results of our audits of the 2008 and 2007 financial statements and are summarized in enclosure II. Receivership Asset Valuations: During 2008, FDIC changed its valuation methodology for estimating the recoveries FDIC expects to receive from the disposition of assets of failed financial institutions in receivership. While we concluded based on our audit work that the new methodology resulted in reasonable estimates, we determined that FDIC had not documented the new process to ensure its consistent and proper application in subsequent years. When a federally insured financial institution fails, the institution is placed into a receivership administered by FDIC. As part of this process, FDIC, through the DIF, will either close the institution and pay off insured depositors outright, operate the institution until it can find another institution to acquire some or all of the failed institution’s assets and liabilities, or sell some or all of the failed institution to an acquiring institution. The amounts FDIC disburses on behalf of the DIF to pay off insured depositors or to pay an acquiring institution to assume responsibility for some or all of the failed institution’s liabilities represents a claim, or receivable, the DIF has against the failed institution’s receivership, which is also operated by FDIC. Subsequent to the closing and initial disbursement of funds, the FDIC, through DIF, may periodically advance additional funds to the failed institution receivership to cover operating costs while the assets and liabilities of the receivership are sold or otherwise disposed of. These subsequent advances add to the DIF’s claim, or receivable, against the receivership. Proceeds from the servicing, sale, or disposition of the failed institution receivership’s assets are used to pay off, or reduce the DIF’s outstanding receivable. For financial reporting purposes, FDIC must periodically estimate what portion of the outstanding balance of the DIF’s receivable from resolutions is collectible. This estimate is primarily based on the amounts FDIC expects DIF will recover through the servicing, sale, and disposition of the receivership’s assets. The difference between the outstanding receivable balance and the amount FDIC estimates will ultimately be collected represents the allowance for losses on the receivable to be included in DIF’s financial statements. In prior years, FDIC used a standardized methodology—the Standard Asset Valuation Estimation methodology, or SAVE—to estimate the dollar value of recoveries from failed institution receivership assets. This methodology involved selecting a statistical sample from the complete inventory of DIF receivership assets at midyear and, through application of a set of procedures, deriving an expected recovery for those assets. The results were then statistically projected to the population of receivership assets to derive an overall recovery estimate for the assets. However, this approach had limitations that proved substantial in 2008. Specifically, in order for this approach to produce reliable results in time to prepare year-end financial statements, the vast majority of the failed institutions’ assets in a given year would have to be included in the DIF’s inventory of receivership assets by midyear. However, in 2008, the vast majority of institution failures, and resulting failed institution assets to be included in DIF’s inventory of receivership assets, did not occur until the latter half of the year. As a result, FDIC was unable to use its standard methodology to derive the year-end estimated recovery value for the DIF receivership assets and related allowance for losses on DIF’ s receivables. FDIC developed a new methodology for valuing receivership assets in 2008 that employed a combination of information on current or pending asset sales, failed institution-specific asset valuation data, aggregate asset valuation data on several recently failed or troubled institutions, and empirical asset recovery data based on historical information on institution failures. We reviewed and tested this process and concluded that it generated reasonable estimates of asset recovery values and, consequently, in a reliable estimate of DIF’s allowance for losses on its receivables from resolutions for financial reporting. However, FDIC had not documented this new process in formal guidance for its staff. Standards for Internal Control in the Federal Government[Footnote 4] provides that internal controls are to be clearly documented in official procedural guidance. FDIC expects the rate of failures of financial institutions to continue to be high throughout 2009 and into 2010. Consequently, FDIC will likely need to continue to utilize this new methodology for the foreseeable future. Without clearly documented guidance, which is disseminated to staff involved in the estimation process, and effective implementation of this guidance, FDIC increases the risk that receivership assets will not be valued in a consistent or appropriate manner. This, in turn, could impact the consistency and reasonableness of FDIC’s calculation of DIF’s allowance for losses on its receivables from resolutions. Recommendation: We recommend that the Chief Financial Officer (1) document procedural guidance for estimating failed financial institution receivership asset recoveries to derive the allowance for losses on the DIF’s receivables from resolutions, (2) disseminate the guidance to appropriate staff, and (3) effectively implement the guidance. FDIC Comments and Our Evaluation: FDIC agreed with this recommendation and stated that the corporation would develop procedural guidance that reflects the new methodology for estimating receivership asset recoveries used for determining the allowance for loss on DIF receivables from resolutions. FDIC further stated the updated guidance would be formally implemented and disseminated with appropriate staff by September 30, 2009. We will evaluate FDIC’s documentation of the new procedures and its implementation thereof during our 2009 financial audit. Operating Expenses: During our testing of operating expense transactions conducted as part of our 2008 audit, we found that FDIC’s internal controls did not effectively ensure that correct amounts were paid for services provided by contractors, or that operating expenses were appropriately allocated among the funds FDIC administers. We found that a contractor overbilled for certain services, and that FDIC inaccurately allocated expenses incurred from that contractor between DIF and FRF. Specifically, in two of the operating expense transactions we tested, we found that a contractor charged FDIC incorrect amounts by using the wrong rates in billing for services provided. We notified the FDIC official responsible for monitoring and evaluating this contractor’s performance—-the oversight manager—-who stated that her review did not identify the mistake. FDIC’s written procedures require that the oversight manager review invoices to ensure they are in compliance with the terms of the contract. After learning of the error, FDIC reviewed other invoices from this contractor and determined that the vendor used the wrong billing rates in 43 invoices and that FDIC overpaid the vendor about $4,700. We also found that FDIC misallocated operating expenses between the DIF and FRF. Two of the transactions we tested were for shredding and general records services performed by a contractor. To allocate shared expenses to each fund, FDIC used a spreadsheet called the fund distribution schedule. However, FDIC officials did not properly enter invoice information into appropriate sections of the fund distribution schedule, resulting in a misallocation of expenses between the DIF and FRF. We notified FDIC about the misallocation and the manager agreed that the total invoice amounts were entered incorrectly. Based on our findings, FDIC reviewed past cost allocations related to services provided by this contractor and determined there were errors in allocating the expenses from eight invoices. FDIC corrected these errors by posting adjustments to the DIF and FRF. The adjustments resulted in a $700,000 decrease in DIF’s operating expenses and a corresponding $700,000 increase in FRF’s operating expenses. We determined that FDIC did not have documented operating procedures or instructions for entering data into the fund distribution schedule, nor were there documented procedures for independent review or verification of the cost allocations before they were entered into FDIC’s general ledger system. Standards for Internal Control in the Federal Government provides that agencies are to implement procedures to ensure the accurate and timely recording of transactions and events. This includes documenting operating procedures and internal controls. The standards also provide that qualified and continuous supervision be provided to ensure that internal control objectives are achieved. The lack of written instructions and independent review increases the risk that FDIC’s process for allocating shared costs and posting expenses into the general ledger will not always timely prevent or detect errors, and that operating expenses may be incorrectly classified and presented in DIF’s and FRF’s financial statements. Subsequent to the completion of our testing, FDIC issued new procedures for the independent review of both invoices and the fund distribution schedule. The additional review is intended to provide added assurance that all discrepancies in billing rates are identified and the data entered into the schedule are accurate. However, the new procedures do not contain instructions for entering information into the fund distribution schedule. Recommendation: We recommend that the Chief Financial Officer document and implement the procedures to be followed for entering data into the fund distribution schedule. FDIC Comments and Our Evaluation: FDIC agreed with this recommendation and stated that it would revise the procedures for the invoice review process for this contract, including procedures for entering the invoice data into the fund distribution schedule, by September 30, 2009. We will evaluate the design and the implementation of these new procedures during our 2009 financial audit. Oversight of Lockbox Bank: During our 2008 audit, we found that FDIC did not effectively monitor the safeguarding and processing of receivership receipts at the Dallas lockbox facility[Footnote 5] operated by JPMorgan Chase Bank, N.A. (JPMorgan). As a result, FDIC did not have adequate assurance about whether the controls in place at this facility were designed and operating effectively to minimize the risk of misappropriation and misreporting of receivership receipts. FDIC, in its receivership capacity, receives payments either at its Dallas field office cashier unit or through the lockbox. Receivership receipts include payments on loans serviced by FDIC, proceeds from the sale of various assets of failed financial institutions in receivership, restitution payments, and amounts from professional liability claims. Receipts received at the Dallas lockbox facility are processed by JPMorgan. Similarly, receipts that are received at the FDIC Dallas field office cashier unit are forwarded to the lockbox facility where they are processed. In 2008, the Dallas lockbox received, processed, and recorded almost $46 million in FDIC receivership receipts. We previously reported[Footnote 6] that FDIC’s policies and procedures do not require the examination of internal controls at the Dallas lockbox facility to ensure those controls are effective and operating as intended. Safeguarding controls over lockbox operations are critical in preventing the theft, loss, or misappropriation of cash or checks. We recommended that FDIC modify its policies and procedures to require regular review and take appropriate actions to address the results of examinations of internal controls at the lockbox facility to ensure that controls are effective and operating as intended. In response, FDIC modified its policies and procedures to 1) regularly obtain JPMorgan’s annual financial audit reports, 2) review them for any deficiencies related to controls, and 3) require that any identified deficiencies be corrected by JPMorgan in a timely manner. FDIC also requested copies of JPMorgan’s internal audit reports or SAS 70 reports [Footnote 7] for the lockbox operation, but the bank reported that it had not engaged a public accounting firm to perform a SAS 70 examination on its cash management product operations and, therefore could not provide a SAS 70 report. Although FDIC reviews JPMorgan’s annual report, the accompanying auditor’s report is limited to an audit of the bank’s financial reporting and it did not consider the effectiveness of internal controls over the Dallas lockbox operations. Additionally, while FDIC modified its policies and procedures to require review of these annual reports, it did not require obtaining and evaluating internal audit reports or other reports covering the internal controls of the lockbox facility. During our 2008 audit, FDIC officials stated that they did not request internal audit reports specifically related to the lockbox operations because in prior years JP Morgan did not share these reports due to concern with the possible release of proprietary information. Standards for Internal Control in the Federal Government provides that agencies are to establish appropriate accounting and physical controls to record, secure, and safeguard vulnerable assets. It is FDIC’s responsibility to ensure that all receivership receipts are safeguarded and properly recorded. When this assurance is dependent on the internal controls of an outside entity—or service provider—it is up to FDIC management to monitor whether these controls are effective and functioning as intended. This is especially important in this case because FDIC does not have a record of all the receivership receipts that are sent to the Dallas lockbox, and therefore must fully rely upon the internal controls at the lockbox facility to ensure that all cash and checks received are protected, fully accounted for, and accurately reported. Because the annual reports gathered and reviewed by FDIC do not evaluate lockbox operations and are not designed to identify weaknesses in the design or implementation of the lockbox facility’s internal controls, FDIC management does not have information to determine whether appropriate and effective controls exist over receivership receipts sent to the lockbox. The increasing number of bank failures has resulted, and will continue to result, in a growing volume of receivership receipts processed at the lockbox facility, thereby increasing the importance of effective internal controls over its operation. Safeguarding controls are critical in preventing the theft of cash or checks. The lack of effective oversight and monitoring of safeguarding controls increases the risk of theft, loss, or misappropriation of assets. Recommendation: We recommend that the Chief Financial Officer revise procedures to obtain assurance—through such means as SAS 70 reports, internal audit reports, and other monitoring processes—that internal controls over receivership receipts are in place and functioning properly at the Dallas lockbox facility. FDIC Comments and Our Evaluation: FDIC agreed with this recommendation. FDIC stated it had requested a SAS 70 report from JPMorgan's Customer Representative. However, because JPMorgan did not have a SAS 70 assessment of its lockbox operations conducted, it provided a letter detailing the specific components of the risk management framework over its cash management product operations. Further, FDIC stated that on or before December 31, 2009, it would revise procedures over the Dallas lockbox facility to include requesting the SAS 70 or other similar reports on JPMorgan's lockbox services. We will evaluate the effectiveness of FDIC’s actions during our 2009 financial audit. Processing Receivership Receipts: During our testing of receivership receipts conducted as part of our 2008 audit, we found that FDIC did not always timely apply payments to the appropriate receivership assets (and other) accounts. When FDIC, in its receivership capacity, receives a payment, the receipt is deposited and initially recorded in the receivership’s general ledger as an asset (cash) with an offsetting entry to the cash-in-process suspense account (a liability account). Until FDIC determines how to apply the receipt, it remains in this account, and other receivership accounts are misstated until the receipts are properly applied to those accounts. In our sampling of 45 receivership receipts, we found that 7 receipts were not cleared from the suspense account and applied to the correct accounts within 90 days. As of the date of our testing, these 7 receipts had been in the suspense account from 118 to 366 days. We also reviewed all the receivership receipts in the suspense account as of January 2, 2009, and determined that 203 receipts (totaling $12 million) had been in the suspense account for more than 90 days. While FDIC officials we spoke with stated that they try to clear receipts from the suspense account within 90 days, FDIC had no written policy establishing time frames for how quickly receipts should be cleared from the suspense account and applied to the appropriate asset account on the receivership books. The officers also stated that the delay in applying the payments and clearing these accounts was due to the increased workload resulting from the increased number of bank failures in 2008. Standards for Internal Control in the Federal Government provides that agencies are to implement procedures to ensure the timely and accurate recording of transactions and events. While there ultimately was no impact on DIF’s and FRF’s financial statements, the lack of a formal policy for applying payments in a timely manner increases the risk that receivership receipts will not be timely processed, resulting in misstating the receivership’s financial records. Recommendation: We recommend that the Chief Financial Officer document and implement a policy regarding a time frame, such as the current target of 90 days, by which receivership receipts are to be applied to the appropriate receivership accounts. FDIC Comments and Our Evaluation: FDIC agreed with this recommendation, and stated that by December 31, 2009, it would document and implement a policy regarding the time frame by which receivership receipts are to be applied to the appropriate receivership accounts. We will evaluate the effectiveness of FDIC’s actions during our 2009 financial audit. This report contains recommendations to you. We would appreciate receiving a description and status of your corrective actions within 30 days of the date of this report. This report is intended for use by FDIC management, members of the FDIC Audit Committee, and the FDIC Inspector General. We are sending copies of this report to the Chairman and Ranking Member of the Senate Committee on Banking, Housing, and Urban Affairs; the Chairman and Ranking Member of the House Committee on Financial Services; the Chairman of the Board of Directors of the Federal Deposit Insurance Corporation; the Chairman of the Board of Governors of the Federal Reserve System; the Comptroller of the Currency; the Director of the Office of Thrift Supervision; the Secretary of the Treasury; the Director of the Office of Management and Budget; and other interested parties. In addition, this report will be available at no charge on GAO’ s Web site at [hyperlink, http://www.gao.gov]. We acknowledge and appreciate the cooperation and assistance provided by FDIC management and staff during our audits of FDIC’s 2008 and 2007 financial statements. If you have any questions about this report or need assistance in addressing these issues, please contact me at (202) 512-3406 or sebastians@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are William Cordrey, Assistant Director; Gloria Cano; Jody Ecie; Gary Chupka; Nina Crocker; Teressa Broadie-Gardner; Angel Sharma; Jay Thomas; J. Mark Yoder; and Gregory Ziombra. Sincerely yours, Signed by: Steven J. Sebastian: Director: Financial Management and Assurance: Enclosures - 2: [End of section] Enclosure I: Comments from the Federal Deposit Insurance Corporation: FDIC: Federal Deposit Insurance Corporation: Deputy to the Chairman and CFO 550 17th Street NW: Washington, D.C. 20429-9990: September 3, 2009: Mr. Steven J. Sebastian: Director, Financial Management and Assurance: U.S. Government Accountability Office: Washington, DC 20548: Dear Mr. Sebastian: Thank you for providing the U.S. Government Accountability Office's (GAO) draft report titled, Management Report: Opportunities for Improvements in FDIC's Internal Controls and Accounting Procedures (GAO- 09-943R) for review and comment. The report discusses the matters that were identified during the audits of the Federal Deposit Insurance Corporation's (FDIC) 2008 financial statements regarding internal controls and accounting procedures and the recommendations for strengthening them. Although GAO believes that these matters warrant management's attention, we are pleased that GAO acknowledged that they are not material in relation to the financial statements and does not consider them to be material weaknesses or significant deficiencies. FDIC appreciates the work that GAO performed on the 2008 audits and recognizes the benefit of the recommendations that were made. As stated in the report, these recommendations are intended to improve management's oversight and controls, decrease the risk of theft or misappropriation of assets, and minimize the risk of misstatements in FDIC's financial statements. Management fully understands that effective internal control helps FDIC achieve its operations, financial reporting, and compliance objectives. Our detailed management responses are provided in Attachment 1. We look forward to continuing our productive working relationship with the GAO during the 2009 audits. Please contact James H. Angel, Jr., Director, Office of Enterprise Risk Management, at 703-562-6456, if you have any questions. Sincerely, Signed by: Steven O. App: Deputy to the Chairman and Chief Financial Officer: Attachment: cc: Bret Edwards: Mitchell Glassman: Arleas Upton Kea: James H. Angel, Jr. Audit Committee: [End of letter] Attachment I: FDIC Responses To 2008 GAO Management Report: Receivership Asset Valuations: GAO reported that written policies and procedures were not updated to document FDIC's new methodology used to determine the estimated cash recovery of receivership assets. Recommendation 1: GAO recommended that the FDIC I) document procedural guidance for estimating failed financial institution receivership asset recoveries to derive the allowance for losses on the Deposit Insurance Fund's receivables from resolutions, 2) disseminate the guidance to appropriate staff, and 3) effectively implement the guidance. Management Response: DOF concurs with this recommendation. DOF will work with DRR to ensure that DOF and DRR procedural guidance relevant to the estimation of receivership asset recoveries used for determining the allowance for loss on DIF receivables from resolutions is updated to document the new valuation methodology. DOF will ensure that the updated guidance is formally implemented and disseminated with appropriate staff. The completion date is September 30, 2009. Operating Expenses: GAO reported that controls did not ensure that correct amounts were paid for services provided by contractors and that operating expenses were appropriately allocated among the funds FDIC administers. Recommendation 2: GAO recommended that the FDIC document and implement the procedures to be followed for entering data into the fund distribution schedule. Management Response: DOA concurs with this recommendation. DOA will revise the procedures for the invoice review process for this contract to include procedures for entering the invoice data into the fund distribution schedule. The completion date is September 30, 2009. Oversight of Lockbox Bank: GAO reported that oversight of contracted lockbox operations did not provide adequate assurance that controls were effectively designed to minimize the risk of loss, theft, and misreporting of receivership receipts. Recommendation 3: GAO recommended that the FDIC revise procedures to obtain assurance- through such means as SAS 70 reports, internal audit reports, and other monitoring processes-that internal controls over receivership receipts are in place and functioning properly at the Dallas lockbox facility. Management Response: DRR agrees with the recommendation and requested the SAS 70 report from JPMorgan Chase's Customer Representative. Because JPMorgan Chase did not perform a SAS 70 assessment, they provided a letter which detailed the specific components of the risk management framework over the cash management product operations. In addition, on or before December 31, 2009, DRR will revise procedures over the Dallas lockbox facility to include requesting the SAS 70 or other similar reports on JPMorgan Chase's lockbox services. Processing Receivership Receipts: Controls over the processing of receivership receipt transactions did not result in transactions being timely applied to the appropriate receivership accounts. Recommendation 4: GAO recommended that the FDIC document and implement a policy regarding a timeframe, such as the current target of 90 days, by which receivership receipts are to be applied to the appropriate receivership accounts. Management Response: DRR agrees with the recommendation. On or before December 31, 2009, DRR will document and implement a policy regarding the time frame by which receivership receipts are to be applied to the appropriate receivership accounts. [End of section] Enclosure II: Details on Audit Scope and Methodology: To fulfill our responsibilities as auditor of the financial statements of the two funds administered by the Federal Deposit Insurance Corporation (FDIC), we did the following: * Examined, on a test basis, evidence supporting the amounts and disclosures in the financial statements. * Assessed the accounting principles used and significant estimates made by FDIC management. * Evaluated the overall presentation of the financial statements. * Obtained an understanding of FDIC and its operations, including its internal control related to financial reporting (including safeguarding assets) and compliance with laws and regulations. * Assessed the risk that a material misstatement exists. * Tested relevant internal controls over financial reporting and compliance, and evaluated the design and operating effectiveness of FDIC’s internal control based on the assessed risk. * Considered FDIC’s process for evaluating and reporting on internal control based on criteria established by the Federal Managers’ Financial Integrity Act of 1982. * Tested compliance with certain laws and regulations, including selected provisions of the Federal Deposit Insurance Act, as amended, and the Federal Deposit Insurance Reform Act of 2005. * Performed such other procedures as we considered necessary in the circumstances. [End of section] Footnotes: [1] The Federal Savings and Loan Insurance Corporation (FSLIC) was a government corporation that administered deposit insurance for savings and loan institutions in the United States. FSLIC’s responsibilities were transferred to the FDIC in the late 1980s. [2] GAO, Financial Audit: Federal Deposit Insurance Corporation Funds' 2008 and 2007 Financial Statements, [hyperlink, http://www.gao.gov/products/GAO-09-535] (Washington, D.C.: May 28, 2009). [3] A significant deficiency is a control deficiency, or combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. A material weakness is a deficiency, or a combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis. [4] GAO, Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: November 1999). [5] A lockbox bank is a commercial bank with a designated post office address to which payments and related documents for FDIC receiverships are to be sent. The lockbox bank processes the documents, deposits the receipts, and then forwards the documents and data to FDIC. The intent of the lockbox program is to accelerate the deposit of receipts and increase interest savings, thus enhancing the efficiency of cash management. [6] GAO, Management Report: Opportunities for Improvement’s in FDIC’s Internal Controls and Accounting Procedures, [hyperlink, http://www.gao.gov/products/GAO-07-942R] (Washington, D.C.: June 27, 2007). [7] SAS 70 reports refer to reports typically prepared by an independent auditor based on a review of the internal controls over an entity’s servicing operations as discussed in the American Institute of Certified Public Accountants (AICPA)'s Statement on Auditing Standards (SAS) No. 70, Service Organizations. A service organization provides services to the entity whose financial statements are being audited. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: