As part of the Corporation's continued commitment to establish and maintain effective and efficient internal controls, FDIC management routinely conducts ongoing reviews of internal accounting and administrative control systems. The results of these reviews, as well as consideration of audits, evaluations and reviews conducted by the U.S. General Accounting Office (GAO), the Office of Inspector General (OIG) and other outside entities, are used as a basis for the FDIC's reporting on the condition of the Corporation's internal controls.
The FDIC's standards incorporate the GAO's Standards for Internal Controls in the Federal Government. Good internal control systems are essential for ensuring the proper conduct of FDIC business and the accomplishment of management objectives by serving as checks and balances against undesired action.
The FDIC's management concludes that the system of internal accounting and administrative controls at the FDIC, taken as a whole, complies with internal control standards prescribed by the GAO and provides reasonable assurance that the related objectives are being met. This standard reflects the fact that all internal control systems, no matter how well designed, have inherent limitations and should not be relied upon to provide absolute assurance, and that control systems may vary over time because of changes in conditions.
The Corporation's evaluation processes, the OIG audits and evaluations, and the GAO financial statements audits have identified certain areas where existing internal controls should be improved. FDIC management uses the chart below in the evaluation process to determine the appropriate classification for these areas.
Effectiveness of Internal Controls
Controls are working as intended
Controls are not working as intended, but mitigating controls exist
Controls are not working as intended and minor/no mitigating controls exist
*High, Medium, and Low are measured on how potentially critical the area or operation is to achieving the mission and objectives of the Corporation. Additionally, consideration is given to the risk to the Corporation, absent the area or operation.
For purposes of this report, FDIC management considers a weakness material if it:
Violates statutory or regulatory requirements;
Significantly weakens safeguards against waste, loss, unauthorized use or misappropriation of funds, property or other assets;
Significantly impairs the mission of the FDIC;
Fosters a conflict of interest;
Deprives the public of needed services; or
Merits the attention of the Chairman, the FDIC Board of Directors or Congress.
To determine the existence of material weaknesses, the FDIC has assessed the results of management evaluations and external audits of the Corporation's risk management and internal control systems conducted in 2003, as well as management actions taken to address issues identified in these audits and evaluations. Based on this assessment and application of the above criteria, the FDIC concludes that no material weaknesses existed within the Corporation's operations for 2002 and 2003.