Each depositor insured to at least $250,000 per insured bank



Home > About FDIC > Financial Reports > 2005 Annual Report




2005 Annual Report

Previous | Contents | Next

V. Management Controls

Enterprise Risk Management
The Office of Enterprise Risk Management is responsible for corporate oversight of internal control and enterprise risk management. This includes ensuring that the FDIC’s operations and programs are effective and efficient and that internal controls are sufficient to minimize exposure to waste and mismanagement. The FDIC recognizes the importance of a strong risk management and internal control program and has adopted a more proactive and enterprise-wide approach to managing risk. This approach focuses on the identification, quantification and mitigation of risk consistently and effectively throughout the Corporation. An effective enterprise risk management program ensures adequate compliance with key authorities, including but not limited to the:

  • Federal Managers’ Financial Integrity Act (FMFIA)
  • Chief Financial Officers Act (CFO Act)
  • Government Performance and Results Act (GPRA)
  • Federal Information Security Management Act (FISMA)
  • OMB Circular A-123

The CFO Act extends to the FDIC the FMFIA requirements for establishing, evaluating and reporting on internal controls. The FMFIA requires agencies to annually provide a statement of assurance regarding the effectiveness of management, administrative and accounting controls, and financial management systems.

The FDIC has developed and implemented management, administrative and financial system controls that reasonably ensure that:

  • Programs are efficiently and effectively carried out in accordance with applicable laws and management polices;
  • Programs and resources are safeguarded against waste, fraud and mismanagement;
  • Obligations and costs comply with applicable laws; and
  • Reliable, complete, and timely data are maintained for decision-making and reporting purposes.
The FDIC’s control standards incorporate the GAO’s Standards for Internal Controls in the Federal Government. Good internal control systems are essential for ensuring the proper conduct of FDIC business and the accomplishment of management objectives by serving as checks and balances against undesirable actions or outcomes.

As part of the Corporation’s continued commitment to establish and maintain effective and efficient internal controls, FDIC management routinely conducts reviews of internal control systems. The results of these reviews, as well as consideration of audits, evaluations and reviews conducted by the U.S. Government Accountability Office (GAO), the Office of Inspector General (OIG) and other outside entities, are used as a basis for the FDIC’s reporting on the condition of the Corporation’s internal control activities.

Material Weaknesses
Material weaknesses are control shortcomings in operations or systems which, among other things, severely impair or threaten the organization’s ability to accomplish its mission or to prepare timely, accurate financial statements or reports. The shortcomings are of sufficient magnitude that the Corporation is obliged to report them to external stakeholders.

To determine the existence of material weaknesses, the FDIC has assessed the results of management evaluations and external audits of the Corporation’s risk management and internal control systems conducted in 2005, as well as management actions taken to address issues identified in these audits and evaluations. Based on this assessment and application of other criteria, the FDIC concludes that no material weaknesses existed within the Corporation’s operations for 2005. This is the eighth consecutive year that the FDIC has not had a material weakness; however, FDIC management will continue to focus on high priority areas, including IT systems security, the New Financial Environment, , disaster recovery, privacy, and contract oversight management, among others. The FDIC will also address all control issues raised by GAO in its 2005 financial statement audit report.

Management Report of Final Actions
As required under amended Section 5 of the Inspector General’s Act, the tables on the following pages provide information on final action taken by management on audit reports for the federal fiscal year period, October 1, 2004 – September 30, 2005.

 

Table 1
MANAGEMENT REPORT ON FINAL ACTION
ON AUDITS WITH DISALLOWED COSTS
For Fiscal Year 2005

  Audit Reports Number of Reports Disallowed Costs (000ís)
A. Management decisions Ė final action not taken at beginning of period 6 $3,764
B. Management decisions made during the period 2 $1,968
C. Total reports pending final action during the period (A and B) 8 $5,732
D. Audit reports on which final action was taken during the period:
1. Recoveries: 4 $1,324
(a) Collections & offsets 4 $1,324
(b) Other 0 $0
2. Write-offs 4 $2,4391
3. Total of 1(a), 1(b), & 2 62 $3,763
E. Audit reports needing final action at the end of the period 2 $1,9693


1.†††††††† The FDIC agreed to coordinate with the General Services Administration (GSA) on potential cost recoveries from the contractor, but after reviewing the OIGís findings, GSA declined to take action to pursue recoveries from the contractor.
2.†††††††† Two reports had both collections and write-offs, thus the total of 1(a), 1(b), and 2 is six.
3.†††††††† The total is off due to rounding.

 

Table 2
MANAGEMENT REPORT ON FINAL ACTION ON AUDITS
WITH RECOMMENDATIONS TO PUT FUNDS TO BETTER USE
For Fiscal Year 2005

  Audit Reports Number of Reports Funds Put To Better Use (000ís)
A. Management decisions Ė final action not taken at beginning of period 0 $0
B. Management decisions made during the period 1 $602
C. Total reports pending final action during the period (A and B) 1 $602
D.    Final Action taken during the period:    
1. Value of recommendations implemented (completed) 1 $602
2. Value of recommendations that management concluded should not or could not be implemented or completed 0 $0
3. Total of 1 and 2 1 $602
E. Audit reports needing final action at the end of the period 0 $0

 

Table 3: Audit Reports Without Final Actions
But With Management Decisions Over One Year Old
For Fiscal Year 2005

Management Action in Process

Report No. and Issue Date OIG Audit Finding Management Action Disallowed Costs
1. 03-007
11/27/2002
The OIG made recommendations for improvements in the FDICís internal network controls. FDIC is working to secure sensitive data in conjunction with implementation of the enterprise encryption project. Expected completion date: 1st quarter 2006. $0
2. 03-028
4/14/2003
The OIG recommended that the FDIC take a number of actions for improvements related to the public key infrastructure. Additional time is required to accomplish tasks related to the Intranet PKI components. The FDIC is in process of issuing MOUs to external users of sensitive data. Expected completion date: 2nd quarter 2006. $0
3. 03-041
9/17/2003
The OIG made recommendations related to the established process metrics for accurate insurance determinations. The FDIC agreed to establish a process to routinely test the accuracy of insurance determinations and evaluate results in relationship to established benchmarks within requirements of a proposed new system. Expected completion date: 2nd quarter 2006. $0
4. 04-002
1/15/2004
The OIG made recommendations to improve the service line rate-setting process. The FDIC agreed to explore options for estimating budgeted service line program maintenance costs and determining reasonable adjustments for such costs. It is expected that the necessary information will be available through the New Financial Environment. Expected completion date: 4th quarter 2006. $0
5. 04-016
3/30/2004
The OIG made recommendations to improve the accuracy of the data used to manage the FDICís personnel security program. The FDIC would continue with its data integrity review of the Corporate Human Resources Information System data and initiate investigations as appropriate. Expected completion date: 1st quarter 2006. $0
6. 04-019
4/30/2004
The OIG made recommendations to improve the system development control framework. Staffing of the newly created Project Management Organization is in progress. Expected completion date: 4th quarter 2005. $0
7. 04-029
8/9/2004
The OIG made recommendations to strengthen the quality of the FDICís Business Continuity Plan. The FDIC is working to ensure that current contracts essential to business continuity include backup arrangements. Additional time is required to complete the standard language and modify the effected contracts. Expected completion date: 1st quarter 2006. $0

8. 04-039
9/23/2004

The OIG made recommendations to strengthen capital planning and investment management related guidance, including guidance related to the FDICís investment management governance structure. The Chief Information Officerís Council is reviewing all information technology projects. Expected completion date: 2nd quarter 2006. $0


 


Last Updated 04/13/2006 communications@fdic.gov