November 9, 2005
To: The Honorable Jo Anne B. Barnhart
Commissioner
This letter transmits the PricewaterhouseCoopers LLP (PwC) Report of Independent Auditors on the audit of the Social Security Administration's (SSA) Fiscal Year (FY) 2005 and 2004 financial statements. PwC's Report includes the firm's Opinion on the Financial Statements, Report on Management's Assertion About the Effectiveness of Internal Control, and Report on Compliance and Other Matters.
Objective of a Financial Statement Audit
The objective of a financial statement audit is to determine whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management as well as evaluating the overall financial statement presentation.
PwC's examination was made in accordance with generally accepted auditing standards, Government Auditing Standards issued by the Comptroller General of the United States, and Office of Management and Budget (OMB) Bulletin 01-02, Audit Requirements for Federal Financial Statements. The audit included obtaining an understanding of the internal control over financial reporting and testing and evaluating the design and operating effectiveness of the internal control. Because of inherent limitations in any internal control, there is a risk that errors or fraud may occur and not be detected. The risk of fraud is inherent to many of SSA's programs and operations, especially within the Supplemental Security Income (SSI) program. In our opinion, people outside the organization perpetrate most of the fraud against SSA.
Audit of Financial Statements, Effectiveness of Internal Control, and Compliance with Laws and Regulations
The Chief Financial Officers (CFO) Act of 1990 (P.L. 101-576), as amended, requires SSA's Inspector General (IG) or an independent external auditor, as determined by the IG, to audit SSA's financial statements in accordance with applicable standards. Under a contract monitored by the Office of the Inspector General (OIG), PwC, an independent certified public accounting firm, audited SSA's FY 2005 financial statements. PwC also audited the FY 2004 financial statements, presented in SSA's Performance and Accountability Report for FY 2005 for comparative purposes. PwC issued an unqualified opinion on SSA's FY 2005 and 2004 financial statements. PwC also reported that SSA's assertion that its systems of accounting and internal control are in compliance with the internal control objective in OMB Bulletin 01-02 is fairly stated in all material respects.
Since 1997, SSA has had a reportable condition in its internal control concerning protection of information. Specifically, PwC found weaknesses in controls over access to SSA's electronic information, technical security configuration standards, suitability, and continuity of systems operations. Access to the information, or access control, is the most important of these factors. For the FY 2005 financial statement audit, PwC views the prior reportable condition in SSA's internal control, "SSA Needs to Further Strengthen Controls to Protect Its Information," as resolved. We applaud the extraordinary efforts SSA has taken to successfully address the key issues surrounding the reportable condition.
OIG Evaluation of PwC Audit Performance
To fulfill our responsibilities under the CFO Act and related legislation for ensuring the quality of the audit work performed, we monitored PwC's audit of SSA's FY 2005 financial statements by:
Reviewing PwC's approach and planning of the audit;
Evaluating the qualifications and independence of its auditors;
Monitoring the progress of the audit at key points;
Examining its workpapers related to planning the audit and assessing SSA's internal control;
Reviewing PwC's audit report to ensure compliance with Government Auditing Standards and OMB Bulletin 01-02;
Coordinating the issuance of the audit report; and
Performing other procedures that we deemed necessary.
PwC is responsible for the attached auditor's report, dated November 7, 2005, and the opinions and conclusions expressed therein. The OIG is responsible for technical and administrative oversight regarding PwC's performance under the terms of the contract. Our review, as differentiated from an audit in accordance with applicable auditing standards, was not intended to enable us to express, and accordingly we do not express, an opinion on SSA's financial statements, management's assertions about the effectiveness of its internal control over financial reporting, or SSA's compliance with certain laws and regulations. However, our monitoring review, as qualified above, disclosed no instances where PwC did not comply with applicable auditing standards.
Patrick P. O'Carroll, Jr.
Inspector General
PricewaterhouseCoopers LLP
Suite 800W
1301 K St., N.W.
Washington DC 20005-3333
Telephone (202) 414 1000
Facsimile (202) 414 1301
www.pwc.com
REPORT OF INDEPENDENT AUDITORS
To the Honorable Jo Anne B. Barnhart
Commissioner
Social Security Administration
In our audit of the Social Security Administration (SSA), we found:
The consolidated balance sheets of SSA as of September 30, 2005 and 2004, and
the related consolidated statements of net cost, of changes in net position,
and of financing and the combined statements of budgetary resources for the
years then ended are presented fairly, in all material respects, in conformity
with accounting principles generally accepted in the United States of America;
Management fairly stated that SSA's systems of accounting and internal control
in place as of September 30, 2005, are in compliance with the internal control
objectives in the Office of Management and Budget (OMB) Bulletin No. 01-02,
Audit Requirements for Federal Financial Statements, requiring that (1) transactions
be properly recorded, processed and summarized to permit the preparation of
the consolidated and combined financial statements in accordance with accounting
principles generally accepted in the United States of America, and to safeguard
assets against loss from unauthorized acquisition, use or disposition; (2) transactions
are executed in accordance with laws governing the use of budget authority,
other laws and regulations that could have a direct and material effect on the
consolidated or combined financial statements or Required Supplemental Stewardship
Information (RSSI) and any other laws, regulations and government wide policies
identified in Appendix C of OMB Bulletin No. 01-02;
No reportable instances of noncompliance with the laws, regulations or other
matter tested.
The following sections outline each of these conclusions in more detail.
OPINION ON THE FINANCIAL STATEMENTS
We have audited the accompanying consolidated balance sheets of SSA as of September
30, 2005 and 2004, and the related consolidated statements of net cost, of changes
in net position, and of financing and the combined statements of budgetary resources
for the years then ended. These financial statements are the responsibility
of SSA's management. Our responsibility is to express an opinion on these financial
statements based on our audits.
We conducted our audits in accordance with auditing standards generally accepted
in the United States of America; the standards applicable to financial audits
contained in Government Auditing Standards, issued by the Comptroller General
of the United States; and OMB Bulletin No. 01-02. Those standards require that
we plan and perform the audit to obtain reasonable assurance about whether the
financial statements are free of material misstatement. An audit includes examining,
on a test basis, evidence supporting the amounts and disclosures in the financial
statements. An audit also includes assessing the accounting principles used
and significant estimates made by management, as well as evaluating the overall
financial statement presentation. We believe that our audits provide a reasonable
basis for our opinion.
In our opinion, the consolidated and combined financial statements referred
to above and appearing on pages 116 through 135 of this performance and accountability
report, present fairly, in all material respects, the financial
position of SSA at September 30, 2005 and 2004, and its net cost of operations,
changes in net position, budgetary
resources and financing for the years then ended in conformity with accounting
principles generally accepted in the United States of America.
REPORT ON MANAGEMENT'S ASSERTION ABOUT THE EFFECTIVENESS OF INTERNAL CONTROL
We have examined management's assertion that SSA's systems of accounting and
internal control are in compliance with the internal control objectives in OMB
Bulletin No. 01-02, requiring that (1) transactions be properly recorded, processed
and summarized to permit the preparation of the consolidated and combined financial
statements in accordance with accounting principles generally accepted in the
United States of America, and to safeguard assets against loss from unauthorized
acquisition, use or disposition; and (2) transactions are executed in accordance
with laws governing the use of budget authority, other laws and regulations
that could have a direct and material effect on the consolidated or combined
financial statements or RSSI and any other laws, regulations and government
wide policies identified in Appendix C of OMB Bulletin No. 01-02 as of September
30, 2005. We did not test all internal controls relevant to the operating objectives
broadly defined by the Federal Managers' Financial Integrity Act of 1982. SSA's
management is responsible for maintaining effective internal controls. Our responsibility
is to express an opinion on management's assertion based on our examination.
Our examination was conducted in accordance with attestation standards established
by the American Institute of Certified Public Accountants (AICPA), the standards
applicable to financial audits contained in Government Auditing Standards, issued
by the Comptroller General of the United States, and OMB Bulletin No. 01-02
and, accordingly, included obtaining an understanding of the internal control,
testing and evaluating the design and operating effectiveness of internal control,
and performing such other procedures as we considered necessary in the circumstances.
We believe that our examination provides a reasonable basis for our opinion.
Because of inherent limitations in any internal control, misstatements due to
error or fraud may occur and not be detected. Also, projections of any evaluation
of internal control to future periods are subject to the risk that the internal
control may become inadequate because of changes in conditions, or that the
degree of compliance with the policies or procedures may deteriorate.
In our opinion, management's assertion that SSA's systems of accounting and
internal control are in compliance with the internal control objectives in OMB
Bulletin No. 01-02, requiring that (1) transactions be properly recorded, processed,
and summarized to permit the preparation of the consolidated and combined financial
statements in accordance with accounting principles generally accepted in the
United States of America, and to safeguard assets against loss from unauthorized
acquisition, use or disposition; and (2) transactions are executed in accordance
with laws governing the use of budget authority, other laws and regulations
that could have a direct and material effect on the consolidated or combined
financial statements or RSSI and any other laws, regulations and government
wide policies identified in Appendix C of OMB Bulletin No. 01-02, is fairly
stated, in all material respects, as of September 30, 2005.
We did note other matters involving the internal control and its operation that
we will communicate in a separate letter.
INTERNAL CONTROL RELATED TO KEY PERFORMANCE INDICATORS AND RSSI
With respect to internal control relevant to data that support reported performance
measures on pages 16, 17 and 18 of this performance and accountability report,
we obtained an understanding of the design of significant internal control relating
to the existence and completeness assertions, as required by OMB Bulletin No.
01-02. Our procedures were not designed to provide assurance on the internal
control over reported performance measures and, accordingly, we do not express
an opinion on such control.
In addition, we considered SSA's internal control over RSSI by obtaining an
understanding of SSA's internal
control, determined whether these internal controls had been place in operation,
assessed control risk, and performed tests of controls as required by OMB Bulletin
No. 01-02 and not to provide assurance on these controls. Accordingly, we do
not provide an opinion on such controls.
REPORT ON COMPLIANCE AND OTHER MATTERS
The management of SSA is responsible for compliance with laws and regulations.
As part of obtaining reasonable assurance about whether the financial statements
are free of material misstatement, we performed tests of compliance with certain
provisions of laws and regulations, noncompliance with which could have a direct
and material effect on the determination of financial statement amounts and
certain other laws and regulations specified in OMB Bulletin No. 01-02, including
the requirements referred to in the Federal Financial Management Improvement
Act (FFMIA) of 1996. We limited our tests of compliance to these provisions,
and we did not test compliance with all laws and regulations applicable to SSA.
However, providing an opinion on compliance with those provisions was not an
objective of our audit and, accordingly, we do not express such an opinion.
The results of our tests of compliance disclosed no instances of noncompliance
with laws and regulations discussed in the preceding paragraph exclusive of
FFMIA or other matters that are required to be reported under Government Auditing
Standards or OMB Bulletin No. 01-02 as of September 30, 2005.
Under FFMIA, we are required to report whether SSA's financial management systems
substantially comply with the Federal financial management systems requirements,
applicable Federal accounting standards, and the United States Government Standard
General Ledger at the transaction level. To meet this requirement, we performed
tests of compliance with FFMIA section 803(a) requirements.
The results of our tests disclosed no instances in which SSA's financial management
systems did not substantially comply with the three requirements discussed in
the preceding paragraph as of September 30, 2005.
OTHER INFORMATION
The Management's Discussion and Analysis (MD&A) included on pages 6 and
58 Required Supplementary Information (RSI) included on pages 1 and 2, and 141
and 142, and Required Supplementary Stewardship Information (RSSI) included
on pages 143 to 161 of this performance and accountability report, are not a
required part of the financial statements but are supplementary information
required by the Federal Accounting Standards Advisory Board and OMB Circular
No. A-136, Financial Reporting Requirements. We have applied certain limited
procedures, which consisted principally of inquiries of management regarding
the methods of measurement and presentation of the MD&A, RSI and RSSI. However,
we did not audit the information and express no opinion on it.
Our audit was conducted for the purpose of forming an opinion on the consolidated
and combined financial statements of SSA taken as a whole. The Schedule of Budgetary
Resources, included on page 141of this performance and accountability report,
is not a required part of the consolidated or combined financial statements
but is supplementary information required by OMB Circular No. A-136, Financial
Reporting Requirements. This information and the consolidating and combining
information included on pages 136 to 140 of this performance and accountability
report are presented for purposes of additional analysis and are not a required
part of the consolidated or combined financial statements. Such information
has been subjected to the auditing procedures applied in the audit of the consolidated
and combined financial statements and, in our opinion, are fairly stated in
all material respects in relation to the consolidated and combined financial
statements taken as a whole.
The other accompanying information included on pages 3 to 5, 59 to 115, 162
to 164, and 169 to the end of this performance and accountability report, is
presented for purposes of additional analysis and is not a required part of
the financial statements. Such information has not been subjected to the auditing
procedures applied in the audit of the consolidated and combined financial statements
and, accordingly, we express no opinion on it.
This report is intended solely for the information and use of management and
the Inspector General of SSA, OMB, the Government Accountability Office and
Congress and is not intended to be and should not be used by anyone other than
these specified parties.