III. Financial Statements and Notes - Management's Response
Federal Deposit Insurance Corporation 550 17th St. NW Washington, DC, 20429 Deputy to the Chairman & Chief Financial Officer
February 9, 2004
Mr. David M. Walker
Comptroller General of the United States
U. S. General Accounting Office
441 G Street, NW
Washington, DC 20548
Re: FDIC Management Response on the
GAO 2003 Financial Statements Audit Report
Dear Mr. Walker:
Thank you for the opportunity to comment on the U. S. General Accounting Office’s (GAO)
draft audit report titled, Financial Audit: Federal Deposit Insurance Corporation Funds’
2003 and 2002 Financial Statements, GAO-04-429. The report presents GAO’s opinions
on the calendar year 2003 financial statements of the Bank Insurance Fund (BIF), the
Savings Association Insurance Fund (SAIF), and the Federal Savings and Loan Insurance
Corporation Resolution Fund (FRF). The report also presents GAO’s opinion on the
effectiveness of FDIC’s internal controls as of December 31, 2003 and GAO’s evaluation
of FDIC’s compliance with applicable laws and regulations.
We are pleased to accept GAO’s unqualified opinions on the BIF, SAIF, and FRF financial
statements and to note that there were no material weaknesses identified during the 2003
audits. The GAO reported that: the funds’ financial statements were presented fairly and in
conformity with U. S. generally accepted accounting principles; FDIC had effective internal
control over financial reporting (including safeguarding of assets) and compliance with laws
and regulations; and there were no instances of noncompliance with selected provisions of
laws and regulations.
GAO identified the need to improve internal control over FDIC’s information systems (IS)
and issued a reportable condition. Although GAO identified weaknesses in FDIC’s IS
controls, the audit team noted that significant improvements had been made during the past
year, and that the weaknesses did not materially affect the 2003 financial statements.
We acknowledge GAO’s assessment of both the status and the substantial progress made
in addressing the IS control environment. During 2003, FDIC’s accomplishments included
implementation of a recurring IS controls self assessment program, implementation of
more stringent contractor personnel clearance and site security policies and procedures,
and establishment of an aggressive patch management program. The FDIC will continue
efforts to strengthen its ongoing, comprehensive information security program during 2004.
If you have any questions or concerns, please let me know.
Steven O. App
Deputy to the Chairman and Chief Financial Officer