Summary

Established in 1934 to enforce the securities laws and protect investors, the Securities and Exchange Commission (SEC) plays an important role in maintaining the integrity of the U.S. securities markets. Pursuant to the Accountability for Tax Dollars Act of 2002, the SEC is required to prepare and submit to Congress and the Office of Management and Budget audited financial statements. GAO agreed, under its audit authority, to perform the initial audit of SEC's financial statements. GAO's audit was done to determine whether, in all material respects, (1) SEC's fiscal year 2004 financial statements were reliable, (2) SEC's management maintained effective internal control over financial reporting and compliance with laws and regulations, and (3) SEC's management complied with applicable laws and regulations.

In GAO's opinion, SEC's fiscal year 2004 financial statements were fairly presented in all material respects. However, because of material internal control weaknesses in the areas of recording and reporting disgorgements and penalties, preparing financial statements and related disclosures, and information security, in GAO's opinion, SEC did not maintain effective internal control over financial reporting as of September 30, 2004. SEC did maintain in all material respects effective internal control over compliance with laws and regulations material in relation to the financial statements as of September 30, 2004. In addition, GAO did not find reportable instances of noncompliance with laws and regulations it tested. SEC prepared its first complete set of financial statements for fiscal year 2004 and made significant progress during the year in building a financial reporting structure for preparing financial statements for audit. However, GAO identified inadequate controls over SEC's disgorgements and civil penalties activities, increasing the risk that such activities will not be completely, accurately, and properly recorded and reported for management's use in its decision making. In addition, GAO identified inadequate controls over SEC's financial statement preparation process including a lack of sufficient documented policies and procedures, support, and quality assurance reviews, increasing the risk that SEC management will not have reasonable assurance that the balances presented in the financial statements and related disclosures are supported by SEC's underlying accounting records. GAO also found that SEC has not effectively implemented information system controls to protect the integrity, confidentiality, and availability of its financial and sensitive data, increasing the risk of unauthorized disclosure, modification, or loss of the data, possibly without detection. The risks created by these information security weaknesses are compounded because the SEC does not have a comprehensive monitoring program to identify unusual or suspicious access activities. SEC is currently working to improve controls in all these areas.