Management Report: Improvements Needed in FDIC's Internal Control over Contract Documentation and Payment-Review Processes
The Federal Deposit Insurance Corporation (FDIC) helps maintain stability and public confidence in the nation's financial system.
During our 2020-2021 financial statement audit of the two funds that the FDIC administers (the Deposit Insurance Fund and the Federal Savings and Loan Insurance Corporation Resolution Fund), we continued to identify issues—what auditors call a "significant deficiency." These issues related to how the FDIC ensures that its payments to contractors are correct and sufficiently documented.
In this report to FDIC's management, we made two new recommendations to address these issues.
What GAO Found
During the audits of the 2021 and 2020 financial statements of the two funds that the Federal Deposit Insurance Corporation (FDIC) administers—the Deposit Insurance Fund (DIF) and the Federal Savings and Loan Insurance Corporation Resolution Fund (FRF)—GAO continued to identify deficiencies in FDIC’s controls over contract documentation and payment-review processes that collectively represent a significant deficiency in FDIC’s internal control over financial reporting that merits attention by those charged with FDIC governance.
GAO communicated to FDIC management detailed information regarding these control deficiencies and made two new recommendations to address them. For one of the two recommendations related to FDIC’s contract payment-review processes from GAO’s prior-year report, GAO found that FDIC implemented corrective actions during 2021 to resolve the deficiency. As a result, this recommendation was closed. Therefore, FDIC currently has three GAO financial audit recommendations to address. These recommendations are intended to improve FDIC’s internal controls over financial reporting as well as to bring FDIC into conformance with its own policies and Standards for Internal Control in the Federal Government. In commenting on a draft of this report, FDIC agreed with the two new recommendations and described planned actions to address each recommendation.
Why GAO Did This Study
The purpose of this report is to present the internal control deficiencies identified during GAO’s audit testing of FDIC’s 2021 non-payroll operating expenses, GAO’s two new recommendations related to these new deficiencies, and the status of corrective actions FDIC took to address GAO’s prior-year recommendations. This report is intended for FDIC management’s use.
GAO is making two recommendations to help FDIC reasonably assure that contracting officers follow existing policies and procedures. FDIC agreed with GAO’s two recommendations and described planned actions to address each recommendation.
Recommendations for Executive Action
|Federal Deposit Insurance Corporation||The Deputy Director of the Acquisition Services Branch of the Division of Administration should direct contracting officers to review and follow FDIC's existing policies and procedures for documenting and approving contract modifications to reasonably assure that FDIC sufficiently documents and properly supports contracts. (Recommendation 1)||
In commenting on our draft report, FDIC concurred with this recommendation. FDIC also stated that on December 30. 2021, an email was sent to the Acquisition Services Branch staff, including contracting officers, reminding staff about the importance of adequate modification documentation. In addition, concurrent with the effort to update the Acquisition Policy Manual, contracting officers will be reminded about the importance of following policies and procedures for documenting and approving contract modifications. We will evaluate these efforts during our audit of FDIC's 2022 financial statements.
|Federal Deposit Insurance Corporation||The Deputy Director of the Acquisition Services Branch of the Division of Administration should establish a process to periodically monitor the operating effectiveness of existing policies and procedures to reasonably assure that contracting officers sufficiently and accurately follow existing policies and procedures for contracts. (Recommendation 2)||
In commenting on our draft report, FDIC concurred with this recommendation. FDIC also stated that to ensure contracting officers and oversight managers comply with existing policies and procedures, it has instituted recurring independent reviews of contract billing transactions and individual contracts to assess contract administration, oversight management, and invoice review and payment. In addition, FDIC is working to implement a quality review process to provide reasonable assurance that contracting officers follow acquisition policies and procedures. FDIC stated that this process will include periodic reviews of contracting officer awards or modifications for compliance, documenting findings, and providing corrective actions. We will evaluate these efforts during our audit of FDIC's 2022 financial statements.