Management Report: Improvements Needed in FDIC's Internal Control over Contract-Payment Review Processes
Fast Facts
The Federal Deposit Insurance Corporation (FDIC) helps maintain stability and public confidence in the nation's financial system.
During our 2019-2020 financial statement audit of the two funds that the FDIC administers (the Deposit Insurance Fund and the Federal Savings and Loan Insurance Corporation Resolution Fund), we found issues—what auditors call a "significant deficiency." These issues related to how the FDIC ensures that its payments to contractors are correct.
In this report to FDIC's management, we made some recommendations to address these issues.
Highlights
What GAO Found
During the audit of the 2020 and 2019 financial statements of the two funds the Federal Deposit Insurance Corporation (FDIC) administers—the Deposit Insurance Fund (DIF) and the Federal Savings and Loan Insurance Corporation Resolution Fund (FRF)—GAO identified deficiencies in FDIC's controls over contract-payment review processes that collectively represent a significant deficiency in FDIC's internal control over financial reporting that merits attention by those charged with FDIC governance. GAO communicated to FDIC management detailed information regarding these control deficiencies and made two new recommendations to address this significant deficiency that are intended to improve FDIC's internal controls over financial reporting, as well as to bring FDIC into conformance with its own policies and Standards for Internal Control in the Federal Government. In commenting on a draft of this report, FDIC stated it is committed to implementing appropriate improvements to ensure it maintains effective internal controls. FDIC agreed with GAO's two recommendations and described planned actions to address each recommendation.
Why GAO Did This Study
The purpose of this report is to present the internal control deficiencies identified during GAO's audit of FDIC's 2020 and 2019 financial statements of the DIF and the FRF. This report provides two new recommendations to address these internal control deficiencies. GAO had no prior open recommendations to FDIC related to the financial statement audit or internal controls over financial reporting. This report is intended for FDIC management use.
Recommendations
GAO is making two new recommendations to address the significant deficiency identified during its audit of FDIC’s 2020 and 2019 financial statements. These recommendations are intended to help FDIC reasonably assure that it follows its own policies and procedures for contract-payment review processes. FDIC agreed with GAO’s two recommendations and described planned actions to address each recommendation.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Federal Deposit Insurance Corporation | The Chief Financial Officer and the Chief Operating Officer should direct oversight managers and processing approvers to review and follow FDIC's existing policies and procedures for contract-payment review processes, to reasonably assure FDIC sufficiently documents and properly supports contract payments. (Recommendation 1) |
Closed – Implemented
In commenting on our draft report, FDIC concurred with this recommendation and stated that the Chief Operating Officer and the Chief Financial Officer will communicate to all oversight managers and contract payment processing approvers the importance of following FDIC's existing policies and procedures for contract payment review processes, emphasizing that contract payment decisions should be sufficiently documented and properly supported before making payments. In June 2021, FDIC's Chief Financial Officer (CFO) and Chief Operating Officer (COO) sent a memo via email notifying oversight managers and supervisors responsible for contract-payment review processes of the deficiencies that we identified, and directed them to review and follow FDIC's existing policies and procedures for contract-payment review processes. Based on our review of the notification, we determined that FDIC took sufficient corrective actions to close this recommendation.
|
| Federal Deposit Insurance Corporation | The Chief Risk Officer should establish a process to coordinate with the Division of Administration and the Division of Finance, as appropriate, to periodically train, monitor, and ensure that oversight managers and processing approvers sufficiently and accurately follow FDIC's existing policies and procedures for contract payments. (Recommendation 2) |
Closed – Implemented
In commenting on our draft report, FDIC concurred with this recommendation and stated that the Chief Risk Officer convened an interdivisional working group of key stakeholders to strengthen the FDIC's contract oversight management. As of 2023, FDIC implemented additional training and developed a monitoring process to conduct transaction testing of contract-related expense transactions, and additional detailed reviews of contract documentation. Supporting documentation for these reviews became part of the official Prepared By Client documentation requested for the annual financial statement audit in 2023, indicating that these reviews were now part of their established processes. As a result, we determined that the FDIC has taken sufficient corrective actions to address this recommendation.
|