IV. Management Controls - Internal Controls and Risk Management Program
FDIC Circular 4010.3, "FDIC Internal Control Programs and Systems," outlines steps necessary to remain in compliance with provisions of the Chief Financial Officers Act by establishing FDIC internal control objectives, describing internal control standards, and identifying and monitoring risk management internal control programs and systems. The process focuses on areas of high risk to provide reasonable assurance that the following objectives are met:
Programs are efficiently and effectively carried out in accordance with applicable laws and management policies;
Assets are safeguarded against waste, loss, unauthorized use or misappropriation;
Systems are established to alert management of potential weaknesses;
Obligations and costs comply with applicable laws; and
Revenues and expenditures applicable to the FDIC's operations are recorded and properly accounted for, so that accounts and reliable financial and statistical reports may be prepared and accountability of assets may be maintained.
Division and office directors are required to submit a certification statement annually, addressed to the Chairman asserting that their internal control systems: (1) comply with the FDIC's internal control standards and (2) provide reasonable assurance that the FDIC internal control objectives are achieved. The certification statement also reports whether material weaknesses, high vulnerability issues, or matters for continued monitoring exist in the internal control systems and, if so, provides a description of the deficiency and planned corrective action(s). These certification statements are used as support for the Corporation's Statements on Internal Accounting and Administrative Controls.