Semiannual Report to Congress
Other format: PDF (215 MB) (Download Accessible PDF Plug-in)
Board of Governors of the Federal Reserve System
Semiannual Report to Congress
October 1, 2006 – March 31, 2007
OFFICE OF INSPECTOR GENERAL
|
BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, D. C. 20551 |
|
| OFFICE OF INSPECTOR GENERAL | ||
|
April 30, 2007
|
The Honorable Ben S. Bernanke
Chairman
Board of Governors of the Federal Reserve System
Washington, DC 20551
Dear Chairman Bernanke:
We are pleased to present our Semiannual Report to Congress which summarizes the activities of our office for the reporting period October 1, 2006, through March 31, 2007. The Inspector General Act requires that you transmit this report to the appropriate committees of Congress within thirty days of receipt, together with a separate management report and any comments you wish to make.
This will be my last semiannual report given I will be retiring on May 4, 2007. It has been a privilege serving as the Board’s Inspector General and I appreciate the support that you and other members of the Board have shown me and our office.
Sincerely,
/signed/
Barry R. Snyder
Inspector General
Enclosure
Board of Governors of the Federal Reserve System
Semiannual Report to Congress
October 1, 2006 – March 31, 2007
OFFICE OF INSPECTOR GENERAL
TABLE OF CONTENTS
Introduction Return to table of contents
Consistent with the Inspector General Act of 1978 (IG Act), as amended, the mission of the Office of Inspector General (OIG) of the Board of Governors of the Federal Reserve System (Board) is to
- conduct and supervise independent and objective audits, investigations, and other reviews of Board programs and operations;
- promote economy, efficiency, and effectiveness within the Board;
- help prevent and detect fraud, waste, and mismanagement in the Board’s programs and operations;
- review existing and proposed legislation and regulations and make recommendations regarding possible improvements to the Board’s programs and operations; and
- keep the Chairman and Congress fully and currently informed of problems.
Congress has also mandated additional responsibilities that impact where the OIG directs its resources. For example, section 38(k) of the Federal Deposit Insurance Act, as amended, 12 U.S.C. 1831o(k), requires the Board’s OIG to review failed financial institutions supervised by the Board that result in a material loss to the bank insurance funds, and to produce, within six months of the loss, a report that includes possible suggestions for improvement in the Board’s banking supervision practices. In the information technology arena, the Federal Information Security Management Act of 2002 (FISMA), Title III of Public Law 107-347, provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets. Consistent with FISMA’s requirements, we perform an annual independent evaluation of the Board’s information security program and practices, which includes evaluating the effectiveness of security controls and techniques for selected information systems.
OFFICE OF INSPECTOR GENERAL
April 2007
OIG Staffing
| Auditors |
17
|
| Information Technology Auditors |
6
|
| Investigators |
5
|
| Attorney |
2
|
| Administrative |
2
|
| Information Systems Analysts |
3
|
|
Total Positions |
35 |
Goals and Objectives Return to table of contents
The OIG has identified three strategic goals and developed corresponding objectives to guide our work through 2008. For each strategic goal, we have also identified specific strategies to help achieve the underlying objectives. The diagram below depicts the relationship of the various elements of our strategic plan, within the context of our mission and values.
Audits and Attestations Return
to table of contents
The OIG’s audit and attestation activities are designed to evaluate or examine certain aspects of the economy, efficiency, and overall effectiveness of the Board's programs and operations; the presentation and accuracy of the Board's financial statements, budget data, and financial performance reports; the effectiveness of internal controls governing the Board's contracts and procurement activities; the adequacy of controls and security measures governing the Board's financial and management information systems and the safeguarding of the Board's assets and sensitive information; and the degree of compliance with applicable laws and regulations related to the Board's financial, administrative, and program operations. The information below summarizes our work completed during the period, including our follow-up activities.
Audit of the Board's Payroll Process
During this reporting period, we completed an audit of the Board’s payroll processes. Based on a risk analysis performed during our initial scoping work, we focused our audit fieldwork on the Board's higher-risk core payroll processes, including the new hire process, the biweekly payroll cycle, and the processing of overtime and other types of premium pay. We performed this audit to ensure that the processes were adequately controlled, that they operated efficiently and effectively, and that they resulted in accurate pay and deduction calculations.
Overall, we did not identify significant data errors, and a survey of all employees hired during 2005 did not identify any systemic problems. We found, however, that the Board’s payroll processes were inappropriately controlled, relying more on people than processes to pay Board staff. As a result, payroll-related activities are labor-intensive and inefficient, characterized by multiple data transcriptions, unnecessary document hand-offs, and redundant record-keeping. Our fieldwork showed that staff involved in payroll processes are conscientious, dedicated individuals who collectively possess considerable institutional knowledge. However, we also found that responsibilities were misaligned between benefits and payroll staff and that processes for recording overtime and other types of premium pay were inconsistent and relied on manual forms and multiple spreadsheets to process the same information. In addition, our field work identified opportunities to increase the use of, and strengthen the controls over, automation.
Our testing also identified compliance issues related to the payment of overtime for law enforcement personnel and the withholding of state income taxes for a defined group of employees. Specifically, our review of overtime payments identified about $487,000 paid to law enforcement personnel that was not paid in accordance with established Board guidelines; we classified these payments as questioned costs. We also found that the Board did not comply with requirements to withhold state taxes for employees who live and work outside the Washington, D.C., metropolitan area.
We believe that the Board needs to fundamentally redesign its payroll-related processes. In our opinion, this redesign effort needs to be completed before payroll can be outsourced as currently contemplated, and before an opinion is requested on the adequacy of internal controls as part of future financial statement audits. Our report contains five recommendations related to control and process efficiency concerns. Our report also contains two recommendations to address the compliance issues described above.
We provided a copy of our report to the director of the Management Division (MGT) for review and comment. We also provided copies of process flowcharts and narratives prepared during the audit to MGT staff for their use in ongoing work related to documenting and evaluating the adequacy of internal controls over financial reporting. In the director’s response, she indicated agreement with the report recommendations and discussed actions already underway or that will be taken to implement the recommendations.
During the course of our audit, we also identified potential issues related to compliance with requirements of the Fair Labor Standards Act (FLSA) and the computation of overtime in accordance with the Board’s policy. We performed additional fieldwork related to these issues, and separately reported on the results of our analysis as discussed below. Our audit work also identified several records management issues related to electronic and hard-copy document retention. Although we did not consider these issues significant enough to include in our audit report, we provided the director of MGT with a separate letter discussing our concerns to assist in implementing our payroll audit recommendations.
Audit of the Board’s Compliance with Overtime Requirements of the Fair Labor Standards Act
As a result of the questions raised during our audit of the Board’s payroll process, we performed additional audit work related to the Board’s compliance with FLSA overtime requirements. Our audit objectives were to determine whether the Board’s payroll system correctly calculates FLSA overtime premiums and whether Board employees eligible to receive the premium have been appropriately identified in the system. As part of our audit, we analyzed payroll data and reviewed appropriate policies, laws, and regulatory guidance.
Overall, we found that the software calculations for the FLSA overtime premium were correct and that the payroll system correctly identified staff eligible to receive premium, in accordance with current Board practice. However, we found that payroll staff must manually initiate the process to compute the premium and we identified instances where the payments were not processed. Our audit work also identified other opportunities to enhance controls related to FLSA processing, as well as areas where Board policy does not adequately describe the current methods of calculating overtime for all Board employees. Our report contains two recommendations to address these concerns. We presented our audit results in a briefing to responsible MGT and Legal Division (Legal) officials. During the briefing, MGT officials generally concurred with our findings and discussed actions that have been or will be taken to address the recommendations.
Audit of the Federal Financial Institutions Examination Council’s Financial Statements for the Year Ended December 31, 2006
Each year, we contract for an independent public accounting firm to audit the financial statements of the Federal Financial Institutions Examination Council (FFIEC); the Board performs the accounting function for the FFIEC. KPMG LLP, our current contract auditors, planned and performed the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. The audit included examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. The audit also included an assessment of the accounting principles used and significant estimates made by management, as well as an evaluation of overall financial statement presentation.
During the reporting period, the auditors completed fieldwork related to the FFIEC audit and issued the audit report. In the auditors’ opinion, the FFIEC’s financial statements present fairly, in all material respects, the FFIEC’s financial position as of December 31, 2006, and the results of operations and cash flows for the year then ended, in conformity with accounting principles generally accepted in the United States of America.
To determine the auditing procedures needed to express an opinion on the financial statements, the auditors considered the FFIEC’s internal controls over financial reporting. Although the auditors’ consideration of the internal controls would not necessarily disclose all matters that might be material weaknesses, they noted no such matters. As part of obtaining reasonable assurance about whether the financial statements are free of material misstatement, the auditors also performed tests of the FFIEC’s compliance with certain provisions of laws, regulations, and contracts since noncompliance with these provisions could have a direct and material effect on the determination of the financial statement amounts. The results of the auditors’ tests disclosed no instances of noncompliance required to be reported under Government Auditing Standards.
Agreed-Upon Procedures Reports
During this period, we issued three agreed-upon procedures reports to help MGT officials respond to the recommendations made during the 2005 financial statement audit and to assist them in verifying the accuracy of census data files. Specifically, the System’s actuary provided census data supporting certain financial statement disclosures for retirement and benefit amounts which we compared to data retrieved from the Board’s human resources management system. Our work was conducted in accordance with generally accepted government auditing standards, which incorporate financial audit and attestation standards established by the American Institute of Certified Public Accountants. These standards also provide guidance for performing and reporting the results of agreed-upon procedures.
Information Security Work
During the reporting period, we continued ongoing work related to our information security responsibilities under FISMA. We updated our control testing methodology to reflect revised guidance in the National Institute of Standards and Technology (NIST) Special Publication 800-53, Recommended Security Controls for Federal Information Systems (SP800-53), and began two system control reviews using the revised assessment tool. We also completed fieldwork and issued three restricted reports related to information security, as described below.
- Audit of Configuration Settings
During our 2006 information security audit, our work on configuration management identified several issues regarding the Board’s processes for establishing, implementing, and maintaining baseline system configurations. We performed this audit work in order to address reporting requirements established by the Office of Management and Budget (OMB) pursuant to FISMA. In July 2006, OMB issued memorandum M-06-20 to assist agencies in fulfilling their FISMA evaluation and reporting requirements. M-06-20 requires each agency’s OIG to report on specific security-related performance measures, including whether the agency has established an agencywide security configuration policy and the extent of the policy’s implementation regarding various hardware and software products.
Based on OMB’s requirement, we reviewed pertinent documentation, interviewed staff responsible for establishing and maintaining configuration settings, and performed testing of actual configuration settings. We found that the Board’s Information Security Officer (ISO) had not developed specific procedures for establishing, monitoring, and remediating security settings. We also identified a few configuration settings in the production environment that differed from the documented baselines. We provided the Board’s Chief Information Officer (CIO) with two recommendations to address these concerns. In her response, the CIO partially agreed with our recommendations, but identified actions that, if fully implemented, will generally meet the intent of our recommendations.
- Security Control Review of the Central Document and Text Repository System
During the previous reporting period, we began a control review over a banking supervision and regulation system maintained at the Board. Our objective, consistent with FISMA’s requirements, was to evaluate the adequacy of control techniques in place for protecting the system’s data from unauthorized access, modification, destruction, or disclosure.
Our review showed that information security controls need to be strengthened in eight of the seventeen control families included in SP800-53. Because some of the issues we identified are more significant—either alone or in combination with other weaknesses—we classified several of our findings as “control deficiencies.” Our restricted report to management contained sixteen recommendations to address the weaknesses we identified. We provided our report to the directors of the Division of Information Technology, MGT, and the Division of Banking Supervision and Regulation (BS&R) for review and comment, and we will follow-up on the implementation of the recommendations as part of our future audit activities related to the Board’s continuing implementation of FISMA
- Security Control Review of the Internet Electronic Submission System
During the previous reporting period, we also began a control review over a system developed and maintained by the Federal Reserve Bank of New York (FRBNY) on behalf of the Board’s Division of Monetary Affairs (MA). Our objective was to evaluate the adequacy of control techniques in place for protecting the system’s data from unauthorized access, modification, destruction, or disclosure.
Our review showed that the system does not fully comply with the security requirements established by FISMA and implemented by the Board’s Security Program. We found that the Board had not provided guidance regarding FISMA or the Board’s Security Program to FRBNY staff responsible for the system. The system instead complies with requirements established by the security policies and procedures defined in the System’s new Information Security Manual (nISM) and Risk Management Process (RMP). While the nISM and RMP share similar objectives with FISMA and may have similar requirements in some areas, they differ from FISMA in their approach to information security protection as well as the extent to which standards promulgated by NIST apply. Our control review report contains thirteen recommendations designed to improve the system’s security controls. A joint response from MA and FRBNY states that they will work together to address the report’s recommendations.
Follow-up Work
Report on the Audit of the Board’s Outsourcing Operations Process and the Report on the Effectiveness of Administrative Controls over an Outsourced Contract
During this reporting period, we completed a follow-up of our April 2004 Review of the Board’s Outsourcing Operations Process and our June 2004 Review on the Effectiveness of Administrative Controls over an Outsourced Contract. Our outsourcing audit report contained three recommendations designed to enhance the management of outsourcing contracts and the Board’s overall outsourcing approach; our audit report regarding administrative controls over a specific contract contained two recommendations related to contract modifications and use of the General Services Administrative (GSA) schedules.
Our follow-up work showed that sufficient action has been taken to close all five recommendations. Specifically:
- MGT and Legal rewrote and updated contract language to standardize and clarify the terms and conditions applicable to formal contracts. Procurement staff revised procurement procedures to be consistent with the Acquisition Policy and developed three Statements of Work templates for Board staff to use when preparing outsourcing or other contractual arrangements.
- The Board revised the Acquisition Policy to clarify which contracts require Legal’s review and the purpose of the review.
- During the most recent budget formulation process, divisions were asked to study the feasibility of outsourcing certain functions. In addition, MGT is currently reviewing support activities that may be candidates for outsourcing.
- The Board amended the Acquisition Policy to require a “confirming order” if a purchase is made without following Board policy. The revised policy requires the division director of the acquiring division to submit a memorandum to MGT explaining how and why the purchase was made without following Board policy and describing the actions taken by the division to prevent reoccurrence. MGT also instituted mandatory training courses for Contracting Officer’s Technical Representatives (COTRs) which includes COTR responsibilities and limitations, statement of work preparation, evaluation criteria, and product acceptance criteria.
- The Board modified the Acquisition Policy to require approval by the director of MGT for exceptions to competitive acquisition methods. The revised policy also provides additional guidance on using the GSA schedule and requires comparing at least three vendors when obtaining services from the GSA Multiple Award Schedule.
Although we closed all of our recommendations related to our outsourcing audit work, we plan to periodically review outsourced contracts as part of future audit, inspection, and evaluation activities to ensure that the elements contained in our recommendations continue to be addressed. In communicating the results of our follow-up work to management, we also encouraged the Board to incorporate outsourcing requirements into future budget formulation processes.
Information Security Follow-up Work
As part of our ongoing FISMA-related audit work, we have followed-up on outstanding recommendations related to information security. Our follow-up work found that sufficient action has been taken to close three of the open recommendations related to prior system control reviews. In addition, we have closed two outstanding recommendations from security-related audit reports as shown in the following table.
| Report Title | Recommendation | Actions Taken |
|---|---|---|
| 2004 Report on the Audit of the Board’s Information Security Program | We recommend that the CIO expand the Board’s reporting of security incidents to include all five incident priority levels, as well as incidents that occur at the Reserve Banks and other third-party contractors. | The Board now reports all incident categories and the ISO prepared a new Information Security Incident Handling Policy that describes the Board’s procedures for addressing the detection, response, and reporting of information security incidents that may compromise the availability, integrity, and confidentiality of Board data and information technology resources. BS&R and the Division of Consumer and Community Affairs also issued supervisory guidance for Reserve Bank staff to report security-related incidents to the Board. |
| 2005 Report on the Audit of the Supervision and Regulation Function’s Implementation of FISMA | We recommend that the CIO provide guidance for developing an inventory of supervision and regulation-related applications and ensure that the guidance is implemented consistently across the System. | The ISO developed a FISMA Inventory Guide which describes how the Board accounts for all information assets and tracks the security compliance status of all systems, including those used or operated by Reserve Banks on the Board’s behalf or under delegated authority, as well as systems used or operated by contractors on the Board’s behalf. We have reconciled the Reserve Bank inventory changes over the past two year to ensure the guidance has been consistently implemented. |
The Inspections and Evaluations program area encompasses OIG inspections, program evaluations, enterprise risk management activities, process design and life-cycle evaluations, and legislatively-mandated material loss reviews of failed financial institutions that the Board supervises. Inspections are generally narrowly focused on a particular issue or topic, and provide time-critical analysis that cuts across functions and organizations. In contrast, evaluations are generally focused on a specific program or function, and make heavy use of statistical and quantitative analytical techniques. Evaluations can also encompass other non-audit, preventive activities such as System Development Life Cycle projects, and participation on task forces and workgroups.
Extended Telecommuting / Pandemic Flu Pilot
During the period, the OIG conducted a four-week extended telecommuting/ pandemic flu pilot with the objective of assessing OIG’s and the Board’s capacity to operate (1) in a full-scale telecommuting environment; and (2) during a pandemic flu scenario simulating various “points of failure,” such as unexpected absences and lapses in information technology (IT) and communications resources. The exercise started on Monday, January 29, 2007, and, for three weeks, we operated in an extended telecommuting environment where staff conducted most of the OIG’s project work from home. During week four, we operated under a pandemic flu scenario in which our offices were closed and all work had to be completed from home. The test was completed on Friday, February 23, 2007. We provided MGT’s officers and supervisors with a comprehensive overview of our pilot test results during a briefing conducted in March 2007, and are completing a final written report.
Follow-up Work
Evaluation of Service Credit Computations
During this reporting period, we completed a follow-up of our August 2005 Evaluation of Service Credit Computations. The evaluation report contained three recommendations designed to strengthen or enhance controls over the service credit computation process. The first recommendation, which had three components, called for reducing or eliminating the number of data transcriptions, requiring automated verifications from the System’s outsourced vendor for all data transmissions, and performing periodic reconciliations between Board and the vendor’s systems. During the follow-up, we found that the MGT initiated an upgrade to the Board’s human resources management system that was to include the development of a custom module designed to eliminate some of the manual data transcriptions performed by MGT staff. The Board’s human resources management system upgrade is underway and scheduled to be completed in May 2007; however, due to other priorities, the customization of the service credit computation process has been postponed. This recommendation will remain open until the customization has been completed.
In our second recommendation, we recommended that MGT enhance existing controls over the service credit computation process by redesigning the prior creditable service form to provide additional space and clear instructions for documenting all applicable types of prior service, and establishing a tickler file to ensure timely follow up of pending employee files. Our follow-up work revealed that the form has been modified to provide additional space and instructions. In addition, MGT has created a tickler system that notifies employees if information requested for verification of prior government or military service is not received within ninety days. We believe that sufficient actions have been taken to warrant closing this recommendation.
Our third recommendation was to provide periodic employee reminders regarding deposits/redeposits and renouncements (to include dollar amounts) to help employees with retirement-related decisions. MGT processed a program change order with the outsourced vendor to create periodic employee reminders regarding unpaid deposits and/or redeposits; however, this change has not been finalized. During the follow-up, we were told that employees with prior military service will receive a generic letter indicating that they owe a deposit for time served in the military, with a contact number for questions. This letter, however, will not provide the dollar amount of the deposit because of the complexity of the calculation. The recommendation will remain open until the program change is finalized and implemented.
Investigations Return to table of contentsThe OIG’s Investigations program conducts criminal and administrative investigations relating to the Board’s programs and operations. To effectively carry out its mission, OIG special agents must possess a thorough knowledge of current federal criminal statutes and the rules of criminal procedure, as well as other rules, regulations, and court decisions governing the conduct of criminal, civil, and administrative investigations. OIG special agents have full law enforcement authority as a result of a blanket deputation agreement with the Department of Justice (U.S. Marshals Service). As Special Deputy U.S. Marshals, OIG agents are authorized to carry firearms, and to obtain and execute search and arrest warrants, as necessary.
As the challenges to the federal law enforcement community have increased so, too, have the challenges to the financial regulators to implement new requirements for banks to detect illegal activities, such as money laundering and terrorist financing. As a result, the nature and complexity of our investigations have also increased the demands on to our special agents. During this reporting period, our criminal investigative activity involved leading or participating in multi-agency task forces where bank fraud, terrorist financing, and money laundering were often the potential crimes being investigated.
In addition, OIG special agents continue to address allegations of wrongdoing related to the Board’s programs and operations, as well as violations of the Board’s standards of conduct.
Summary Statistics on Investigations for the Period October 1, 2006, through March 31, 2007
| Investigative Actions | Number |
|---|---|
| Investigative Caseload | |
| Investigations Opened during Reporting Period | 2 |
| Investigations Open from Previous Period | 10 |
| Investigations Closed during Reporting Period | 0 |
| Total Investigations Active at End of Reporting Period | 12 |
| Investigative Results for this Period | |
| Referred to Prosecutor | 1 |
| Joint Investigations | 8 |
| Referred for Audit | 0 |
| Referred for Administrative Action | 0 |
| Oral and/or Written Reprimand | 0 |
| Terminations of Employment | 0 |
| Arrests | 1 |
| Suspensions | 0 |
| Debarments | 0 |
| Indictments | 0 |
| Convictions | 0 |
| Monetary Recoveries | $0 |
| Civil Actions (Fines and Restitution) | $0 |
| Criminal Fines: Fines & Restitution | $0 |
Hotline Operations
OIG special agents continue to review complaints received from the toll-free Hotline number, correspondence, email and facsimile communications, requests from System employees, and members of the public. The information received is analyzed to determine if further inquiry is warranted and provides the basis for potential investigations. Most hotline contacts were calls from consumers with complaints or questions about practices of private financial institutions. Those inquiries involved matters such as funds availability, account fees and charges, and accuracy and availability of account records. We also continued to receive numerous questions concerning how to process Treasury securities and savings bonds. Other hotline contacts were from individuals seeking advice about programs and operations of the Board, Federal Reserve Banks, other OIGs, and other financial regulatory agencies. These inquiries were directed to the appropriate Board offices, Reserve Banks, or federal or state agencies.
In addition, we continually receive fictitious instrument fraud complaints. Fictitious instrument fraud schemes are those in which promoters promise very high profits based on fictitious instruments that they claim are issued, endorsed, or authorized by the System or a well-known financial institution.
Our summary statistics of the hotline results are provided in the following table:
Summary Statistics on Hotline Results for the Period of October 1, 2006, through March 31, 2007
| Hotline Complaints | Number |
|---|---|
| Complaints pending from the previous reporting period | 23 |
| Complaints received during this reporting period | 149 |
| Total complaints for the Reporting Period | 172 |
| Complaints resolved during this period | 165 |
| Complaints pending | 7 |
Legal Services Return to table of contents
During this reporting period, the Legal Services Program provided comprehensive legal services to support the OIG’s “business side” (its audits, investigations, inspections, evaluations, and other professional and administrative functions). These services included legal advice, formal written opinions, counseling, and representation, all based upon extensive research and critical analysis of relevant laws, regulations, and policies. This work often provides the legal basis for conclusions, findings, and recommendations in various OIG reports. The Legal Services staff also keeps the IG and OIG staff aware of recent developments in the law that may have an impact on the activities of the OIG and the Board. The following illustrates a sample of the Legal Services staff’s work conducted during this reporting period:
- In-depth research and analysis regarding the Board’s application of FLSA;
- Preparation and Federal Register publication of an Amended OIG Privacy Act System of Records;
- Legal review and advice concerning the implementation of, and Board’s compliance with, FISMA;
- Tracking and analysis of proposed amendments to section 404 of the Sarbanes-Oxley Act of 2002;
- Legal advice and advocacy regarding various legal requirements associated with the OIG’s access to records;
- Research, analysis, and advice concerning legal issues related to the OIG’s pandemic flu telecommuting pilot program,
- Interpretation of contract clauses with respect to an OIG contract for IT services.
Participation in the larger IG community plays an important role in the Legal staff’s activities. We remained active in the Council of Counsels to the Inspector General. For example, building upon our efforts from last summer, we have begun work to spearhead, again, a government-wide program for this year’s upcoming summer law interns in the various Inspector General offices. We also work with the IG community’s Legislation Committee on a variety of matters affecting the community. Finally, we participated this year, as we have previously, in the Government & Public Interest Law Internship Program of the George Washington University Law School.
In addition, pursuant to the IG Act, as amended, the Legal Services staff conducts independent reviews of new and proposed legislation and regulations to analyze and ascertain their potential effect on the economy and efficiency of the Board’s programs and operations. We reviewed twenty-seven legislative and regulatory items during this reporting period. The following table contains selected highlights of our work in this area.
Highlights of the OIG’s Review of Laws and Regulations, October 1, 2006, through March 31, 2007
| Legislation Reviewed | Purpose/Highlights |
|---|---|
| Board/Banking-related Legislation | |
| “Seasoned Customer CTR Exemption Act of 2007” (H.R. 323) | Modifies certain requirements for reporting cash transactions. |
| “Compete Act of 2007” (H.R. 1508 & S. 869) | Reforms certain provisions of section 404 of the Sarbanes–Oxley Act of 2002 (Public Law 107-204) to make compliance more efficient and maintain global competitiveness for U.S. capital markets |
| “District of Columbia and United States Territories Circulating Quarter Dollar Program Act” (H.R. 392) | Provides for redesign and issuance of quarter coins to honor the District of Columbia and U.S. territories. |
| “Identification Integrity Act of 2007” (H.R. 448) | Prohibits a Federal Agency from accepting any form of individual identification issued by a foreign government, except a passport. |
| “Executive Branch Family Leave Act” (S. 80)` | Provides paid leave for federal employees giving birth, adopting a child, or accompanying a child to a medical or school appointment. |
| Information & Data Security/Privacy-related Legislation | |
| “Freedom of Information Act Amendments of 2007” (H.R. 1309); “Open Government Act of 2007” (S. 849); “Open Government Act of 2007” (H.R. 1326) | Amends the Freedom of Information Act by allowing quicker and easier access to government information, and establishing certain agency requirements to increase agency accountability in responding to requests for information. |
| Inspector General/Law Enforcement-related Legislation | |
| “Improving Government Accountability Act” (H.R. 928) | Amends the Inspector General Act of 1978 to enhance the operations of the various Inspectors General. |
| “Accountability in Government Contracting Act of 2007” (S. 680) | Title II of the bill amends the Inspector General Act of 1978 by introducing targeted reforms for the Inspector General community. |
| “A bill to amend the Ethics in Government Act of 1978 to establish criminal penalties for knowingly and willfully falsifying or failing to file or report certain information required to be reported under the Act.” (S. 104) | Adds a criminal penalty to the civil penalties already established in title 5 of the United States Code for instances where a high level government employee knowingly and willfully fails to file or report certain required financial disclosure information. |
| “Judicial Transparency and Ethics Enhancement Act of 2007” (S. 461 & H.R. 785) | Establishes an Inspector General for the Judicial Branch of government. |
| “Federal Agency Data Mining Reporting Act of 2007” (S. 236) | Requires agencies that engage in data-mining activities to report such activities to Congress and the public. |
| “PHONE Act of 2007” (H.R. 740) | Amends title 18 of the United States Code to add an offense for caller ID spoofing. |
| “Emmett Till Unsolved Civil Rights Crime Act” (H.R. 923 & S. 535) | Amends the Crime Control Act of 1990 to allow Inspectors General to authorize staff to assist the National Center for Missing and Exploited Children. |
| “Programs for Real Energy Security Act” (H.R. 1300) | Requires the Inspector General of any department or agency to conduct a comprehensive investigation into alternative fuel use by his or her agency. |
| “Department of Peace and Nonviolence Act” (H.R. 808) | Establishes an Office of Inspector General within what would become the Department of Peace and Nonviolence. |
While the OIG’s primary mission is to enhance Board programs and operations, we also coordinate externally and work internally to achieve our goals and objectives. Externally, we are active members of broader IG and professional communities and promote coordination on shared concerns. Internally, we continue to leverage IT to enhance and streamline business processes and to ensure the security of our information resources. Highlights of our activities follow:
Executive Council on Integrity and Efficiency (ECIE) Participation
The Board’s IG serves as the Vice Chair of the ECIE, which was created by Executive Order in 1992 to facilitate coordination among IGs of designated Federal entities. As Vice Chair, the Board’s IG provides leadership, vision, and direction to the ECIE, and represents the ECIE on the President’s Council on Integrity and Efficiency (PCIE). He promotes professionalism and coordination among the Councils’ membership, provides a forum to discuss government-wide issues and shared concerns, and facilitates work on a wide range of Council projects and initiatives. Collectively, the members of the ECIE continue to work with the members of the PCIE on a number of issues to help improve Government programs and operations.
Advisory Council on Government Auditing Standards
To help ensure that Government Auditing Standards (the "Yellow Book") continue to meet the needs of the audit community and the public it serves, the Comptroller General of the United States appointed the Advisory Council on Government Auditing Standards to review the standards and recommend necessary changes. The Council includes experts in financial and performance auditing drawn from all levels of government, private enterprise, public accounting, and academia. The Board’s IG participates as a member of the Advisory Council and provides perspective on a variety of issues and proposals related to the standards.
IT Infrastructure Enhancements
During this reporting period, the OIG continued its focus on upgrading and enhancing our IT infrastructure to more efficiently and effectively support the audit, evaluation, legal, and investigative work discussed in the earlier sections of our report. We have updated and strengthened our IT-related policies and procedures to better ensure OIG compliance with FISMA. In addition, we have consolidated this guidance into our newly-designed IT infrastructure database, providing us with an easy-to-use central repository for IT-related standards, profiles, inventories, and documentation.
Appendix 1 Return to table of contentsAudit Reports Issued with Questioned Costs for the Period October 1, 2006, through March 31, 2007
| Dollar Value | |||
|---|---|---|---|
| Reports | Number | Questioned Costs | Unsupported |
| For which no management decision had been made by the commencement of the reporting period | 0 | $0 | $0 |
| That were issued during the reporting period | 1 | $487,000 | $0 |
| For which a management decision was made during the reporting period | 1 | $487,000 | $0 |
| (i) dollar value of disallowed costs | 0 | $0 | $0 |
| (i) dollar value of costs not disallowed | 1 | $487,000 | $0 |
| For which no management decision had been made by the end of the reporting period | 0 | $0 | $0 |
| For which no management decision was made within six months of issuance | 0 | $0 | $0 |
Appendix 2 Return to table of contents
Audit Reports Issued with Recommendations that Funds be Put to Better Use for the Period October 1, 2006, through March 31, 2007
| Reports | Number | Dollar Value |
|---|---|---|
| For which no management decision had been made by the commencement of the reporting period | 0 | $0 |
| That were issued during the reporting period | 0 | $0 |
| For which a management decision was made during the reporting period | 0 | $0 |
| (i) dollar value of recommendations that were agreed to by management | 0 | $0 |
| (i) dollar value of recommendations that were not agreed to by management | 0 | $0 |
| For which no management decision had been made by the end of the reporting period | 0 | $0 |
| For which no management decision was made within six months of issuance | 0 | $0 |
Appendix 3 Return to table of contents
OIG Reports with Outstanding Recommendations
| Recommendations | Status of Recommendations1 | ||||||
| Projects Currently Being Tracked | Issue Date | No. | Mgmt. Agrees | Mgmt. Disagrees | Follow-up Completion Date | Closed | Open |
| Audit of the Federal Reserve’s Background Investigation Process | 10/01 | 3 | 3 | 0 | 04/04 | 0 | 3 |
| Audit of Retirement Plan Administration | 07/03 | 4 | 3 | 1 | 06/05 | 3 | 1 |
| Audit of the Board’s Outsourcing Operations | 04/04 | 3 | 3 | 0 | 01/07 | 3 | 0 |
| Effectiveness of Administrative Controls Over an Outsourced Contract | 06/04 | 2 | 2 | 0 | 01/07 | 2 | 0 |
| Audit of the Board’s Information Security Program | 09/04 | 5 | 5 | 0 | 03/07 | 4 | 1 |
| Review of the Board’s Workers’ Compensation Program | 03/05 | 4 | 4 | 0 | - | - | - |
| Review of the Board’s Implementation of Software Security Reviews | 05/05 | 1 | 0 | 1 | - | - | - |
| Audit of the Board’s Fixed Asset Management Process | 05/05 | 2 | 2 | 0 | 03/06 | 1 | 1 |
| Evaluation of Service Credit Computations | 08/05 | 3 | 3 | 0 | 03/07 | 1 | 2 |
| Audit of the Supervision and Regulation Function’s Efforts to Implement Requirements of the Federal Information Security Management Act | 09/05 | 4 | 3 | 1 | 03/07 | 3 | 1 |
| Audit of the Board’s Information Security Program | 10/05 | 2 | 2 | 0 | 09/06 | 0 | 2 |
| Inspection of the Board’s Security Services Unit | 03/06 | 3 | 3 | 0 | - | - | - |
| Audit of the Board’s Implementation of Electronic Authentication Requirements | 03/06 | 1 | 1 | 0 | 09/06 | 0 | 1 |
| Audit of the Board’s Information Security Program | 09/06 | 2 | 2 | 0 | - | - | - |
| Audit of the Board’s Payroll Process | 12/06 | 7 | 7 | 0 | - | - | - |
| Audit of the Board’s Compliance with Overtime Requirements of the Fair Labor Standards Act | 03/07 | 2 | 2 | 0 | - | - | - |
Appendix 4 Return to table of contents
Cross-References to the Inspector General Act
Indexed below are the reporting requirements prescribed by the Inspector
General Act of 1978, as amended, for the reporting period:
| Section | Source | Page(s) |
|---|---|---|
| 4(a)(2) | Review of legislation and regulations | 15-16 |
| 5(a)(1) | Significant problems, abuses, and deficiencies | None |
| 5(a)(2) | Recommendations with respect to significant problems | None |
| 5(a)(3) | Significant recommendations described in previous Semiannual Reports on which corrective action has not been completed | None |
| 5(a)(4) | Matters referred to prosecutorial authorities | 13 |
| 5(a)(5)/6(b)(2) | Summary of instances where information was refused | None |
| 5(a)(6) | List of audit reports | 4-10 |
| 5(a)(7) | Summary of significant reports | None |
| 5(a)(8) | Statistical Table—Questioned Costs | 21 |
| 5(a)(9) | Statistical Table—Recommendations that Funds Be Put to Better Use | 22 |
| 5(a)(10) | Summary of audit reports issued before the commencement of the reporting period for which no management decision has been made | 23 |
| 5(a)(11) | Significant revised management decisions made during the reporting period | None |
| 5(a)(12) | Significant management decisions with which the Inspector General is in disagreement | None |
Inspector General Hotline
1-202-452-6400
1-800-827-3340
Report: Fraud, Waste or Mismanagement
Information is confidential
Caller can remain anonymous
You may also write the:
Office of Inspector General
HOTLINE
Mail Stop 300
Board of Governors of the Federal Reserve System
Washington, DC 20551
Footnote
1 A recommendation is closed if (1) the corrective action has been taken; (2) the recommendation is no longer applicable, or (3) the appropriate oversight committee or administrator has determined, after reviewing the position of the OIG and division management, that no further action by the Board is warranted. A recommendation is open if (1) division management agrees with the recommendation and is in the process of taking corrective action or (2) division management disagrees with the recommendation and we have referred it to the appropriate oversight committee or administrator for a final decision. Return to text