Management Report: Continued Improvements Needed in FDIC's Internal Control over Contract Documentation and Payment-Review Processes
Fast Facts
The Federal Deposit Insurance Corporation helps maintain stability and public confidence in the nation's financial system.
During our 2021-2022 financial statement audit of the two funds that the FDIC administers (the Deposit Insurance Fund and the Federal Savings and Loan Insurance Corporation Resolution Fund), we continued to identify issues—what auditors call a "significant deficiency." These issues related to how the FDIC ensures that its payments to contractors are correct and contracts are sufficiently documented.
In this report to FDIC's management, we made four new recommendations to address these issues.
Highlights
What GAO Found
During the audits of the 2022 and 2021 financial statements of the two funds that the Federal Deposit Insurance Corporation (FDIC) administers—the Deposit Insurance Fund (DIF) and the Federal Savings and Loan Insurance Corporation Resolution Fund (FRF)—GAO continued to identify deficiencies in FDIC’s controls over contract documentation and payment-review processes that collectively represent a significant deficiency in FDIC’s internal control over financial reporting that merits attention by those charged with FDIC governance.
GAO communicated to FDIC management detailed information regarding these control deficiencies and made four new recommendations to address them. For three prior open recommendations GAO found that FDIC implemented corrective actions during 2022 to resolve one of these recommendations. As a result, GAO closed this recommendation. Therefore, FDIC currently has six open GAO financial audit recommendations intended to improve FDIC’s internal controls over financial reporting, as well as to bring FDIC into conformance with its own policies and Standards for Internal Control in the Federal Government.
Why GAO Did This Study
The purpose of this report is to present (1) the internal control deficiencies identified during GAO's audit testing of FDIC's 2022 nonpayroll operating expenses and (2) the status of FDIC's corrective actions to address GAO's recommendations related to internal control deficiencies identified in prior-year reports that were open as of December 31, 2021. GAO intends this report for FDIC management use.
Recommendations
GAO is making four recommendations to help FDIC improve internal controls over financial reporting by designing new or updating its existing policies and procedures. In commenting on a draft of this report, FDIC acknowledged GAO’s findings and described planned actions to address its recommendations.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Federal Deposit Insurance Corporation | The Deputy Director of the Acquisition Services Branch of the Division of Administration should design and implement a policy that (1) requires all oversight managers and contracting officers from all divisions to routinely take mandatory training in order to review and enhance their awareness of the existing policies and procedures for contract documentation and payment-review processes and (2) includes an established process for routinely tracking the completion of such training. (Recommendation 1) |
Open
In its written comments on our draft report, FDIC acknowledged our findings and provided planned corrective actions to address our recommendations. FDIC stated it will review and update existing policy related to mandatory training for contracting officers and oversight managers and require annual refresher training. It also stated it will use automated capabilities to track training completion. We will continue to monitor FDIC efforts to address this recommendation.
|
| Federal Deposit Insurance Corporation | The Chief Risk Officer should design and implement procedures for tracking and communicating to management the status of corrective actions (e.g., for considerations, observations, or takeaways) for contract monitoring reviews and testing that the Office of Risk Management and Internal Controls performs until FDIC fully implements corrective actions. (Recommendation 2) |
Open
In its written comments on our draft report, FDIC acknowledged our findings and provided planned corrective actions to address our recommendations. FDIC stated it will use its Audit Report Tracking System to track and periodically communicate to management the status of corrective actions for contract monitoring reviews and testing performed until risks in this area are mitigated. We will continue to monitor FDIC efforts to address this recommendation.
|
| Federal Deposit Insurance Corporation | The Deputy Director of the Acquisition Services Branch of the Division of Administration should update FDIC's existing policies and procedures to prohibit contracting officers and oversight managers from using hard drives to store and maintain contract documentation, in order to mitigate the risk of losing documentation and making improper payments. (Recommendation 3) |
Open
In its written comments on our draft report, FDIC acknowledged our findings and provided planned corrective actions to address our recommendations. FDIC stated it will update existing policies and procedures to clarify final contractual documentation requirements. We will continue to monitor FDIC efforts to address this recommendation.
|
| Federal Deposit Insurance Corporation | The Deputy Director of the Acquisition Services Branch of the Division of Administration should update FDIC's existing policies and procedures to define acceptable time frames for uploading contract documentation to a centralized location in order to reasonably assure that contracting officers and oversight managers properly document and support contracts in a timely manner. (Recommendation 4) |
Open
In its written comments on our draft report, FDIC acknowledged our findings and provided planned corrective actions to address our recommendations. FDIC stated it reviewed its policies and procedures and determined that the time frames were acceptable and appropriate. However, our review of FDIC's policy found that it does not provide clear time frames for uploading contract documentation to a centralized location. It also stated that it issued a new Quality Assurance process in April 2023, which implements more detailed reviews of contract documentation and the timely storage of contract documentation. We will continue to monitor FDIC efforts to address this recommendation.
|