Federal Deposit Insurance Corporation
550 17th St. NW Washington DC, 20429 Deputy to the Chairman & Chief Financial Officer
March 21, 2003
Mr. David M. Walker
Comptroller General of the United States
U. S. General Accounting Office
441 G Street, NW
Washington, D.C. 20548
Re: FDIC Management Response on the GAO 2002 Financial Statements Audit Report
Dear Mr. Walker:
Thank you for the opportunity to comment on the U. S. General Accounting Office's (GAO) draft audit report titled, Financial Audit: Federal Deposit Insurance Corporation Funds' 2002 and 2001 Financial Statements, GAO-03-543. The report presents GAO's opinions on the calendar year 2002 financial statements of the Bank Insurance Fund (BIF), the Savings Association Insurance Fund (SAIF), and the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund (FRF). The report also presents GAO's opinion on the effectiveness of FDIC's internal controls as of December 31, 2002 and GAO's evaluation of FDIC's compliance with laws and regulations.
We are pleased to accept GAO's unqualified opinions on the BIF, SAIF, and FRF financial statements and to note that there were no material weaknesses identified during the 2002 audits. The GAO reported that: the funds' financial statements were presented fairly and in conformity with U. S. generally accepted accounting principles; FDIC had effective internal control over financial reporting (including safeguarding of assets) and compliance with laws and regulations; and there were no instances of noncompliance with selected provisions of laws and regulations.
GAO identified the need to improve internal control over FDIC's information systems (IS) and issued a reportable condition. Although GAO identified weaknesses in FDIC's IS controls, the audit team noted that significant improvements had been made over the last eighteen months, and that the weaknesses did not materially affect the 2002 financial statements. We agree with GAO's assessment of both the status and the progress made in addressing IS general control weaknesses. During 2002, FDIC's accomplishments included completion of the first IS controls self assessment, implementation of the Information Security Manager (ISM) program, and development of an information security tactical plan to support FDIC's information security strategic plan. The FDIC will continue efforts to strengthen its IS program and to incorporate GAO's recommendations into its security plans for 2003.
If you have any questions or concerns, please let me know.
Steven O. App
Deputy to the Chairman and Chief Financial Officer